mis 5212.001 week 4 site:
TRANSCRIPT
![Page 1: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/1.jpg)
INTRO TO ETHICAL HACKING
MIS 5212.001Week 4
Site: http://community.mis.temple.edu/mis5212sec001s15/
![Page 2: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/2.jpg)
MIS 5212.001 2
Tonight's Plan
Introduction In the news Live Demonstration of Exploits Live Demonstration of SET Building Modules in Metasploit Creating Exploits Porting Exploits Scripting Simulating Penetration Testing Next Week
![Page 3: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/3.jpg)
MIS 5212.001 3
In The News
Submitted http://
www.csoonline.com/article/2877230/browser-security/the-end-for-1024bit-ssl-certificates-is-near-mozilla-kills-a-few-more.html
http://www.infosecurity-magazine.com/news/china-tech-companies-source-code/
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zero-day-exploit-used-in-malvertisements/
http://www.huffingtonpost.com/kyle-mccarthy/five-colleges-with-data-b_b_6474800.html
![Page 4: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/4.jpg)
MIS 5212.001 4
In The News
Submitted http://
www.darkreading.com/attacks-breaches/security-budgets-going-up-thanks-to-mega-breaches/d/d-id/1318714
http://www.nextgov.com/big-data/2015/02/apple-building-solar-powered-data-command-center/104400/?oref=ng-HPriver
http://www.darkreading.com/browsers-are-the-window-to-enterprise-infection/d/d-id/1318906
![Page 5: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/5.jpg)
MIS 5212.001 5
In The News
What I noted http://www.dailydot.com/politics/jeremy-hamm
ond-terrorist-watchlist-fbi/
http://www.theregister.co.uk/2015/02/02/google_amazon_taboola_microsoft_adplock_plus_unblock/
http://www.theregister.co.uk/2015/02/02/its_time_to_flush_flash_if_you_havent_already_enough_is_enough/
http://www.theregister.co.uk/2015/02/02/dns_hijack_d_link/
http://www.theregister.co.uk/2015/02/03/target_carders_on_parking_lot_driveby_blitz/
![Page 6: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/6.jpg)
MIS 5212.001 6
Live Demos
Feedback from students last week indicated a preference to go through last weeks exploits live in class
We will run through nmap of Metasploitable, the exploits from last week, and the Social Engineering Toolkit on my laptop
![Page 7: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/7.jpg)
MIS 5212.001 7
A Few Words on Programming
Metasploit is primarily written in Ruby The book “Metasploit” also uses a lot of
PowerShell in it’s examples We are not going to try and make you
either Ruby or PowerShell developers here tonight
Rather, we will look at some of the basic structure and steps you might go through to modify modules for you own purposes.
![Page 8: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/8.jpg)
MIS 5212.001 8
Module Structure
Recall from Week 2, the Tomcat Exploit
![Page 9: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/9.jpg)
MIS 5212.001 9
Demo Time
Explore Modules
![Page 10: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/10.jpg)
MIS 5212.001 10
First Look at a Ruby Module
Here is what the start of this module looks like:
![Page 11: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/11.jpg)
MIS 5212.001 11
Items to Note
The previous page has some interesting lines to consider
“require ‘msf/core’” Module will include all functionality from
Metasploit’s core libraries “class Metasploit3 , Msf::Exploit::Remote
Defines this as an “Exploit” module “include Msf::Exploit::Remote::HttpClient”
Pulls in the HttpClient module that includes functionality to handle http traffic
![Page 12: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/12.jpg)
MIS 5212.001 12
Basic Idea
Grab a module close to what you want to do
Tweak it to get the functionality you need This may involve sharpening your coding
skills first
![Page 13: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/13.jpg)
MIS 5212.001 13
Additional Skills
Depending on the Exploit, you may need to know: MSSQL Oracle PowerShell Bash Etc…
![Page 14: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/14.jpg)
MIS 5212.001 14
Side Note on Penetration Testers
Modifying the tools is one of the distinguishing skills in top flight Consultants
Lots of people can run nmap, Nessus, and Metasploit, but to distinguish yourself in the field, this needs to be your jumping off point.
Please Note: I’m not saying I am any good at this, there’s a reason I’m teaching the course instead of consulting ;-)
![Page 15: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/15.jpg)
MIS 5212.001 15
Scripting
For Metasploit, scripting is basically modules for meterpreter
Same concept as earlier, but specific to meterpreter sessions
This is also a point where the book contains older information Scripts are no longer being accepted for
Metasploit Script functionality is being ported to modules.
![Page 16: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/16.jpg)
MIS 5212.001 16
Final Thoughts on Metasploit
Metasploit is constantly evolving To stay on top you may want to follow on
twitter: HD Moore @hdmoore Metasploit Project @metasploit Andréz LAMOUROUX @DarkOperator
Check in on Rapid7 and DarkOperator https://community.rapid7.com/welcome http://www.darkoperator.com/
![Page 17: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/17.jpg)
MIS 5212.001 17
Example From This Week
https://community.rapid7.com/community/metasploit/blog/2015/01/30/weekly-metasploit-wrapup
![Page 18: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/18.jpg)
MIS 5212.001 18
Competitors
http://www.coresecurity.com/core-impact-pro
![Page 19: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/19.jpg)
MIS 5212.001 19
Competitors
http://immunitysec.com/products/canvas/
![Page 20: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/20.jpg)
MIS 5212.001 20
Something to keep in mind
We spent almost all of our time in the open source Metasploit Framework due to licensing
Metasploit Pro looks just as good and works just as well as the commercial products just mentioned
![Page 21: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/21.jpg)
MIS 5212.001 21
Next Week
1st Exam Covering Metasploit In the news Introduction to WebGoat
![Page 22: MIS 5212.001 Week 4 Site:](https://reader030.vdocument.in/reader030/viewer/2022032702/56649cbe5503460f94984311/html5/thumbnails/22.jpg)
MIS 5212.001 22
Questions
?