1 / 18

Metasploit Framework

Metasploit Framework. Final Project Arpan Ghosh & Anand Joshi Group 17. Motivation. Professional approach to penetration testing Automation Reconnaissance, exploitation and evasion under one roof. All in one Solution Multi-platform Diverse range of target applications Open Source

hallam
Download Presentation

Metasploit Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MetasploitFramework Final Project Arpan Ghosh & Anand Joshi Group 17

  2. Motivation • Professional approach to penetration testing • Automation • Reconnaissance, exploitation and evasion under one roof. • All in one Solution • Multi-platform • Diverse range of target applications • Open Source • Custom payloads

  3. Open source development platform for creating security tools and exploits. • Perform penetration tests, regression tests and verify patch installations. • Consists of tools, libraries, modules, and user interfaces. These are configured and combined to launch an exploit. • Written in Ruby. What is Metasploit?

  4. Exploit Automation • Anti-Forensics • Opcode Database • Meterpreter Payload • IDS and IPS Evasion • Over 300 built-in exploits, 200 payloads and 99 auxiliary modules. Metasploit Features

  5. Recon modules to interface with Nessus and Nmap • Automatically • Identify hosts • Open ports • Identify services accessible • Identify versions and potential vulnerabilities • Match exploits in database to vulnerabilities and launch • Event notifications and programmable triggers Exploit Automation

  6. Defeat forensic analysis of compromised systems • Tools • Timestomp – Modify all 4 NTFS timestamps • Slacker – Hide files in NTFS slack space • Sam Juicer – Dump hashes from SAM without hitting disk. • Transmorgrify – Defeat EnCase’s file-signaturing capabilities Anti-Forensics

  7. Opcode Database • 14 Million opcodes in an online database • Accessible through web interface or command line

  8. Post-exploitation issues • Payload shows up in list of running processes • Eg. Launching a command prompt on the victim • Chroot environment • Payload and malicious actions are specified before exploit succeeds. No flexibility beyond that. Meterpreter Payload

  9. Meterpreter Payload • Provides interactive API for coding post-exploitation attacks • Injects a shell into memory of running process • Not detected by IDS • Not in running process list • Ability to upload DLLs, manipulate memory, changing network configuration etc.

  10. The following protocol stacks integrate evasion • HTTP • DCERPC • SMTP • SunRPC • Evasion methods • TCP::max_send_size, • TCP::send_delay • HTTP::compression IDS & IPS Evasion

  11. Interactive GUI to search for exploits and launch them. Metasploit Environment

  12. Web Interface Metasploit Environment

  13. Command Line Shell Metasploit Environment

  14. Interactive GUI for configuring exploits Metasploit Environment

  15. Enough theory…… Now for some pwnage

  16. DEMO 1 Stack overflow in Winamp 5.2 • By sending an overly long artist tag, a remote attacker may be able to execute arbitrary code on the system.

  17. DEMO 3 Automating Pen - Testing using Nmap • Exexute Nmap on target through the framework and store results in database • Automatically match the open posrts and vulnberable services to exploits and launch them. • Also imports Nessus output files to do the same.

  18. Questions ?

More Related