A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047

 Tool for development and testing of vulnerabilities  Can be used for: --Penetration Testing --Exploit Research --Developing IDS Signatures  Started By H.D. Moore in 2003  Acquired By Rapid7  Remains Open Source and free for use  Written in Ruby

 Over tested exploits  Over 253 payloads and 27 encoders!  Metasploit offers “plug n play” of payloads with exploit --This alone is a huge advantage  Tones of other features for better and faster pentests Overview Continued……

 Runs on any operating system --source code for Linux/Unix/Mac OS x --portable to windows via CYGWIN  Allows anyone to exploit & usually “root” Certain machines with only an “IP address” and a basic background of the system  Requires no knowledge of the software bug, or exploit machine code Overview Continued……..

 Vulnerability – a weakness which allows an attacker to break into /compromise a system’s security  Exploit – code which allows an attacker to take advantage of a vulnerable system  Payload- actual code which runs on the system after exploitation Exploit= Vulnerability + Payload

1.Vulnerability 2.Exploit 3.Payload

Vulnerable computer Attacker 2.Exploit Runs first…. 3. Payload Runs Next if Exploit succeeds

ACCESSING METASPLOIT Msfgui Msfweb Msfcli Msfconsole

Interactive console for Metasploit Has tab completion External commands can be executed Best among available interfaces to get most out of Metasploit

 Dozens of exploits available --Manage, update, customize—nightmare  To customize payload, rewrite may be required of exploit program --Time consuming,high skill required  Testing and exploit research is tedious without a framework

 Individual payloads can only do single tasks -Add user -Bind shell to port  Most exploits include a remote shell(command interpreter) creating payload  Disadvantages -creation of new process may trigger alarm -Limited by commands the shell can run

 A payload which: -Avoid creation of new process -Should run in exploited process’ context -Should not create a new file on disk -Create a “platform” which allows import more Functionality remotely (“extending”) -Allows for writing scripts which can leverage this platform

Important directories include: -Modules -Scripts -Plugins -Externals -Data -Tools

 Active evaluation of system or network of systems  Assume the role of a black hat hacker or “bad guy”  Often uses the same tool as hackers

 Metasploit brings together many of the tools and techniques used by hackers

Understanding windows Desktops Session 0 typically represents console -other represent remote desktop sessions Window station is an object containing a group desktop objects among other things WinSta0 is only interactive window station in every session -Allow interaction of user -Default interact with logged in user -Winlogon while user is logging on Each WinSta0 desktop has its own keyboard buffer -Sniffing logon passwords

Windows Security… Every user on windows system is identified by a unique Security Identifier (SID) SID is of the form: S-Revision Level – identified Authority Value – domain or local ID – Relative ID e.g. S

UNDERSTANDING TOKENS User Process Thread 1Thread 2Thread 3 Primary token Primary Token SID Groups Privileges Other Info Account Required privileges

 Metasploit is very powerful, and very dangerous  This is a briefing of a demo I did on my own systems & network, not a “live” demo  I used VMWare to isolate the operating system from other systems and the internet  Use of this an any unauthorized way will get you fired/arrested/deported