A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047
Tool for development and testing of vulnerabilities Can be used for: --Penetration Testing --Exploit Research --Developing IDS Signatures Started By H.D. Moore in 2003 Acquired By Rapid7 Remains Open Source and free for use Written in Ruby
Over tested exploits Over 253 payloads and 27 encoders! Metasploit offers “plug n play” of payloads with exploit --This alone is a huge advantage Tones of other features for better and faster pentests Overview Continued……
Runs on any operating system --source code for Linux/Unix/Mac OS x --portable to windows via CYGWIN Allows anyone to exploit & usually “root” Certain machines with only an “IP address” and a basic background of the system Requires no knowledge of the software bug, or exploit machine code Overview Continued……..
Vulnerability – a weakness which allows an attacker to break into /compromise a system’s security Exploit – code which allows an attacker to take advantage of a vulnerable system Payload- actual code which runs on the system after exploitation Exploit= Vulnerability + Payload
1.Vulnerability 2.Exploit 3.Payload
Vulnerable computer Attacker 2.Exploit Runs first…. 3. Payload Runs Next if Exploit succeeds
ACCESSING METASPLOIT Msfgui Msfweb Msfcli Msfconsole
Interactive console for Metasploit Has tab completion External commands can be executed Best among available interfaces to get most out of Metasploit
Dozens of exploits available --Manage, update, customize—nightmare To customize payload, rewrite may be required of exploit program --Time consuming,high skill required Testing and exploit research is tedious without a framework
Individual payloads can only do single tasks -Add user -Bind shell to port Most exploits include a remote shell(command interpreter) creating payload Disadvantages -creation of new process may trigger alarm -Limited by commands the shell can run
A payload which: -Avoid creation of new process -Should run in exploited process’ context -Should not create a new file on disk -Create a “platform” which allows import more Functionality remotely (“extending”) -Allows for writing scripts which can leverage this platform
Important directories include: -Modules -Scripts -Plugins -Externals -Data -Tools
Active evaluation of system or network of systems Assume the role of a black hat hacker or “bad guy” Often uses the same tool as hackers
Metasploit brings together many of the tools and techniques used by hackers
Understanding windows Desktops Session 0 typically represents console -other represent remote desktop sessions Window station is an object containing a group desktop objects among other things WinSta0 is only interactive window station in every session -Allow interaction of user -Default interact with logged in user -Winlogon while user is logging on Each WinSta0 desktop has its own keyboard buffer -Sniffing logon passwords
Windows Security… Every user on windows system is identified by a unique Security Identifier (SID) SID is of the form: S-Revision Level – identified Authority Value – domain or local ID – Relative ID e.g. S
UNDERSTANDING TOKENS User Process Thread 1Thread 2Thread 3 Primary token Primary Token SID Groups Privileges Other Info Account Required privileges
Metasploit is very powerful, and very dangerous This is a briefing of a demo I did on my own systems & network, not a “live” demo I used VMWare to isolate the operating system from other systems and the internet Use of this an any unauthorized way will get you fired/arrested/deported