a complete tool for system penetration testing presented by:- mahesh kumar sharma b.tech iv year...
TRANSCRIPT
METASPLOIT FRAMEWORKA Complete Tool For System Penetration
Testing
Presented By:-Mahesh Kumar SharmaB.Tech IV Year Computer ScienceRoll No. :- CS09047
OVERVIEWMETASPLOIT FRAMEWORK Tool for development and testing of
vulnerabilities Can be used for: --Penetration Testing --Exploit Research --Developing IDS Signatures Started By H.D. Moore in 2003 Acquired By Rapid7 Remains Open Source and free for use Written in Ruby
Over 1000+ tested exploits Over 253 payloads and 27 encoders!
Metasploit offers “plug n play” of payloads with exploit --This alone is a huge advantage
Tones of other features for better and faster pentests
Overview Continued……
Runs on any operating system --source code for Linux/Unix/Mac OS x --portable to windows via CYGWIN
Allows anyone to exploit & usually “root”Certain machines with only an “IP address” and a basic background of the system
Requires no knowledge of the software bug, or exploit machine code
Overview Continued……..
UNDERSTANDING BASIC TERMS Vulnerability – a weakness which allows
an attacker to break into /compromise a system’s security
Exploit – code which allows an attacker to take advantage of a vulnerable system
Payload- actual code which runs on the system after exploitation
Exploit= Vulnerability + Payload
ON A MORE SERIOUS NOTE…..
Vulnerable computer
Attacker
1.Exploit+Payload2.Exploit Runs first….
3. Payload Runs Next if Exploit succeeds
4. Data download, malware, Rootkit etc.
MSFCONSOLE
• Interactive console for Metasploit• Has tab completion• External commands can be executed• Best among available interfaces to get most
out of Metasploit
CHALLENGES IN USING INDIVIDUAL EXPLOITS Dozens of exploits available--Manage, update, customize—nightmare To customize payload, rewrite may be
required of exploit program--Time consuming ,high skill required
Testing and exploit research is tedious without a framework
LIMITATIONS OF USING SPECIFIC PAYLOADS Individual payloads can only do single
tasks-Add user-Bind shell to port Most exploits include a remote
shell(command interpreter) creating payload
Disadvantages-creation of new process may trigger alarm-Limited by commands the shell can run
WHAT WE NEED IS….. A payload which:-Avoid creation of new process-Should run in exploited process’ context-Should not create a new file on disk-Create a “platform” which allows import moreFunctionality remotely (“extending”)-Allows for writing scripts which can leverage this platform
EXPLORING THE METASPLOIT DIRECTORY
• Important directories include: -Modules -Scripts -Plugins -Externals -Data -Tools
PENETRATION TESTING Active evaluation of system or network
of systems Assume the role of a black hat hacker or
“bad guy” Often uses the same tool as hackers
PENETRATION TESTING CONTINUE…. Metasploit brings together many of the
tools and techniques used by hackers
Understanding windows Desktops
• Session 0 typically represents console
-other represent remote desktop sessions
• Window station is an object containing a group desktop objects among other things
• WinSta0 is only interactive window station in every session
-Allow interaction of user-Default interact with logged in user-Winlogon while user is logging on
• Each WinSta0 desktop has its own keyboard buffer
-Sniffing logon passwords
Windows Security…
• Every user on windows system is identified by a unique Security Identifier (SID)
• SID is of the form:• S-Revision Level – identified Authority Value – domain or local ID – Relative ID
e.g. S-1-5-21-3623811015-3361044348-30300820-10 13
UNDERSTANDING TOKENS
User Proces
s
Thread 1
Thread 2
Thread 3
Primary token
Primary Token
Primary Token
Primary Token
• SID• Groups• Privileges• Other Info
Account
Required privileges
WARNINGS Metasploit is very powerful, and very
dangerous This is a briefing of a demo I did on my
own systems & network, not a “live” demo
I used VMWare to isolate the operating system from other systems and the internet
Use of this an any unauthorized way will get you fired/arrested/deported