3 Overview Personal Introduction Penetration Testing Process Course Overview
4 Introduction – R. Mudge Previous Experiences Other Experiences Penetration TesterRegional CCDC Red Team x 5USAF Security ResearcherArmitage for MetasploitOther ExperiencesWordPress Grammar CheckerProgramming Language
5 What? Test security by doing what bad guys might do Penetration TestingWhat? Test security by doing what bad guys might do
6 Why? Motivate desire to make changes to improve security Penetration TestingWhy? Motivate desire to make changes to improve security
25 Console Cheat Sheetuse module - start configuring module show options - show configurable options set varname value - set option exploit - launch exploit module run - launch non-exploit sessions –i n - interact with a session help command - get help for a command
26 msfconsoleOpen endedWorks in many placesOne task / host at a time
27 What is Armitage?A GUI for MetasploitGoal: Avoid this…
35 Remote Attack NMap Scan Analyze Scan Data Choose an Exploit Select a PayloadLaunch Exploit!
36 Which exploit do I use? Answer: These. NameWherems08_067_netapiWindows XP/2003 erams09_050_smb2_negot..Windows Vista SP1/SP2ms03_026_dcomWindows 2000
37 Why did my exploit fail? Firewall Non-vulnerable software Service is hungThe universe is taunting youNon-reliable exploitBad dayMis-configured exploitCould not establish session
38 Exploit-free Attack Choose a payload Generate executable Set up a multi/handler
39 Payloads Name Note windows/meterpreter/reverse_tcp Connects to one portwindows/meterpreter/reverse_tcp_allportsTries every ports in sequencewindows/meterpreter/reverse_httpsSpeaks HTTPS (!!!!)java/meterpreter/reverse_tcpAny platform with Javalinux/x86//shell_reverse_tcposx/x86/shell_reverse_tcp
40 Client-side Attack Fingerprint sample of victims Choose an Exploit Launch ExpoitSpam victims (or wait for them)!
41 Which exploit do I use? Answer: These. NameWherejava_signed_appletSocial engineering; any where Java applets runms11_003_ie_css_importInternet Explorer 7/8 (requires .NET)ie_createobjectInternet Explorer 6
42 Which module listens for a connection from a payload? Learning CheckWhich module listens for a connection from a payload?Which exploit works against Windows XP SP2, port 445?
43 Armitage and Metasploit Penetration Testing Lab Post-Exploitation
44 Overview Command Shell Privilege Escalation Spying on the User File ManagementProcess ManagementPost Modules and Loot