JMU GenCyber Boot Camp Summer, 2015. “Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories.

Slides:



Advertisements
Similar presentations
Slide Heading Seminar Series: Managing IT Risk In 2010 Understanding End User Attack Vectors Brian Judd, CISSP SynerComm January 20, 2009.
Advertisements

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
Armitage and Metasploit Penetration Testing Lab
Presenter: Robbie Corley Organization: KCTCS
©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane
WebGoat & WebScarab “What is computer security for $1000 Alex?”
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Metasploit Payloads and Antivirus Mark Baggett December 2008 GIAC GSEC GCIH.
Offensive Security Part 1 Basics of Penetration Testing
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
Introduction to Unix GLY 560: GIS for Earth Scientists Class Home Page:
Metasploit – Embedded PDF Exploit Presented by: Jesse Lucas.
The Apache Web Server  Started in April 1996 as an open source multiplatform web server (Windows, FreeBSD, UNIX, and Linux compatible).  Now the world’s.
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
Current Topics in Programming Languages Lecture 15_1 George Koutsogiannakis SUMMER
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Browser Exploitation Framework (BeEF) Lab
Amazon EC2 Quick Start adapted from EC2_GetStarted.html.
Red Hat Installation. Installing Red Hat Linux is the process of copying operating system files from a CD, DVD, or USB flash drive to hard disk(s) on.
How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world.
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
CONFIGURING WINDOWS SERVER MIS 424 Professor Sandvig.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Developing Interfaces and Interactivity for DSpace with Manakin Part 2: Technical and Conceptual Overview of Dspace and Manakin Eric Luhrs Digital Initiatives.
MIS Week 2 Site:
An Introduction to UNIX Security A Presentation by Trey Evans
Setting Up a Local WordPress Development Environment By Gregory Young Alternative Hosting
Honeypot and Intrusion Detection System
CS 444 Introduction to Operating Systems
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
Presentation: SOAP/WS in a distributed object framework, Application Servers & AXIS SOAP.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
A Tale of Two Bugs. This Fall has been bad Let’s look at two CVE AKA “Shellshock” CVE AKA “Drupalgeddon”
Introduction A security scanner is a software which will audit remotely a given network and determine whether bad guys may break into it,or misuse it.
General rules 1. Rule: 2. Rule: 3. Rule: 10. Rule: Ask questions ……………………. 11. Rule: I do not know your skill. If I tell you things you know, please stop.
17 Establishing Dial-up Connection to the Internet Using Windows 9x 1.Install and configure the modem 2.Configure Dial-Up Adapter 3.Configure Dial-Up Networking.
Remote Access Usages. Remote Desktop Remote desktop technology makes it possible to view another computer's desktop on your computer. This means you can.
Unix Servers Used in This Class  Two Unix servers set up in CS department will be used for some programming projects  Machine name: eustis.eecs.ucf.edu.
Introducing the Smartphone Pentesting Framework Georgia Weidman Bulb Security LLC Approved for Public Release, Distribution Unlimited.
File Transfer Protocol (FTP) CIS 130. File Transfer Protocol (FTP) Copy files from one internet host (server) to your account on another host –Need domain.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
17 Copyright © 2006, Oracle. All rights reserved. Information Publisher.
VMware Recovery Software RECOVER DATA FROM CORRUPT VMDK FILE.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Penetration Testing Exploiting 2: Compromising Target by Metasploit tool CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
Hacking Windows.
Nessus Vulnerability Scan
CSC227: Operating Systems
Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
PART 1 – FILE UPLOAD BACKDOORS: METASPLOIT
MySQL Exploit with Metasploit
WEB APPLICATION TESTING
Employee clicks on fake
Chapter 2: Operating-System Structures
Network Exploitation Tool
Metasploit a one-stop hack shop
Module 22 (Metasploit Introduction)
CIT 480: Securing Computer Systems
Metasploit Project For this exploit I will be using the following strategy Create backdoor exe file Upload file to website Have victim computer download.
Mobile Pen Testing w/ drozer
Backtrack Metasploit and SET
Web Application Penetration Testing ‘17
Metasploit Analysis Report Overview
Cyber Operation and Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack Cliff Zou University of Central Florida.
6. Compiling MIBs Objectives The Compiling Process Traverse MIB Tree
Metasploit assignment – Arkadiy Kantor – Mis-5212
Tools and Explanations for Mac Beginners
Web Application Development Using PHP
Presentation transcript:

JMU GenCyber Boot Camp Summer, 2015

“Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories (good and bad) for vulnerability information, exploits, shellcode: – –milw0rm.com –

Canned Exploit Code Demo 1 Example: a (local) kernel exploit – Let’s: –Download the exploit code referenced on securityfocus –Compile it on the victim’s machine (.204) –Run it (as guest) on the victim’s machine

Canned Exploit Code Demo 2 Example: a (remote) exploit – Let’s: –Compile exploit on the victim’s machine (.204) –Attack another machine (.202)

The Metasploit Framework An exploit development, testing, and deployment tool URL: –Free (community edition) Decouples the two parts of an exploit: –Attack vector –Payload

Metasploit – Attack Vectors Many from which to choose: –Operating systems Windows, Linux, Mac, Unix, Cisco, etc. –Services Web, database, , FTP, etc. Extensible and configurable

Metasploit - Payloads Can be used to generate shellcode –Framework comes with many useful payloads Spawn shell Run command Add privileged user –Configurable –Extensible

Metasploit Demo 1 Example: the vulnerability that the MSBlaster worm exploited – Let’s use Metasploit to: –Choose the attack vector –Choose the payload –Run the exploit –Interact with the compromised host

Metasploit Demo 2 Example: a web browser vulnerability Let’s use Metasploit to: –Choose the attack vector –Choose the payload –Run the exploit –Interact with the compromised host Elevate privileges Setup persistence Capture passwords

Summary For many known vulnerabilities attackers do not have to write their own exploit code –“Canned” exploits –The Metasploit Framework Choose and configure an attack vector Choose and configure a payload Interact with host

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.