Metasploit assignment

Slides:



Advertisements
Similar presentations
Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Advertisements

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Offensive Security Part 1 Basics of Penetration Testing
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/031 A Real World Attack: wu-ftp Cao er kai ( 曹爾凱 )
Browser Exploitation Framework (BeEF) Lab
Penetration Testing.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.
4/13/2010.  CSS Meeting  Stephen Crane on Programming Contests  1pm  Building 8 room /11/10.
EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.
CIS 450 – Network Security Chapter 3 – Information Gathering.
COEN 350 Security Threats. Network Based Exploits Phases of an Attack  Reconnaissance  Scanning  Gaining Access  Expanding Access  Covering Tracks.
Kali Linx Attacks Jim Nasto. Window 8 Computer On my Windows 8 64 bit OS machine. I started using a Virtual Machine using Hyper V Manager and shared the.
MIS Week 1 Site:
Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.
Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick.
Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating Computer Intrusions.
1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.
Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.
Hands-On Ethical Hacking and Network Defense
MIS Week 1 Site:
Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.
Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.
Alison Buben Jay Pataky COSC 316.  Main purpose: Penetration Testing ◦ Evaluating the security of a computer by simulating an attack ◦ Showing where.
You can easily passed the GPEN Penetration tester exam by the help of exams4sure.com exams4sure.com Get Complete File From
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Penetration Testing Exploiting 2: Compromising Target by Metasploit tool CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
Traffic Analysis– Wireshark Simple Example
Penetration Testing Scanning
Project CTF Yeganeh Safaei Arizona State University
GENI, Pen Testing, & other stories
Nessus Vulnerability Scan
Nessus Vulnerability Scan
Penetration Testing: Concepts,Attacks and Defence Stratagies
Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
ETHICAL HACKING WHAT EXACTLY IS ETHICAL HACKING ? By : Bijay Acharya
PART 1 – FILE UPLOAD BACKDOORS: METASPLOIT
MySQL Exploit with Metasploit
A Comprehensive Security Assessment of the Westminster College Unix Lab Jacob Shodd.
CITA 352 Chapter 5 Port Scanning.
Nessus Vulnerability Scan
Advanced Penetration Testing
Penetration Testing Karen Miller.
Exploiting Metasploitable 2 with Metasploit in Kali-Linux 2016
Metasploit a one-stop hack shop
Module 22 (Metasploit Introduction)
Common Operating System Exploits
CIT 480: Securing Computer Systems
Metasploit Project For this exploit I will be using the following strategy Create backdoor exe file Upload file to website Have victim computer download.
Homework & Class review
Exploiting Metasploitable
Everything You Need To Know About Penetration Testing.
Intro to Ethical Hacking
Intro to Ethical Hacking
Analysis Report Kali Linux Metasploit
Homework & Class review
Metasploit Assignment
Web Application Penetration Testing ‘17
Metasploit Analysis Report Overview
Intro to Kali Linux & Tools
Analyzing OS Sample Windows 7 image provided by different class
A Patch A Day Keeps The Malware Away
Traffic Analysis– Wireshark Simple Example
Cyber Operation and Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack Cliff Zou University of Central Florida.
Metasploit assignment – Arkadiy Kantor – Mis-5212
Penetration Testing & Network Defense
Presentation transcript:

Metasploit assignment Tools used Metasploit on Kali Metasploitable – intentional vulnerable Ubuntu package NMAP – used to get IP address Nessus – scanned for vulnerabilities Result Found many vulnerabilities Successfully exploited one that interested me Ahmed Alkaysi

Reconnaissance NMAP Nessus Used NMAP within Metasploit to look for target machine Scanned with ‘-O’ arg to get OS info on a range of LAN IP addresses Successfully got the IP address of VM running Metasploitable, along with its running services Nessus Decided to use Nessus for vulnerability scans Launched Nessus outside of Metasploit Scanned target machine using basic scanner Exported results into ‘.nessus’ file Ahmed Alkaysi

Exploitation Loading ‘.nessus’ file Exploiting the vulnerabilities Many Vulnerabilities! Loading ‘.nessus’ file Used ‘db_import’ in Metasploit to load the file exported from Nessus Typed ‘vulns’ to look at a list of vulnerabilities from the file Exploiting the vulnerabilities Found one sounding interesting: ‘Smiley Face Backdoor’ Used associated OSVDB ID: ‘73573’ in ‘search’ command to look for any modules specifically for that ID Found an exploit module in Metasploit Running the Exploit Started attack by entering ‘use’ + *returned module from search*, set ‘RHOST’ to target’s IP Run ‘exploit’ Was able to gain root access to target’s shell Success!! Ahmed Alkaysi

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.