1 / 25

Pentesting using Metasploit

mickey
Download Presentation

Pentesting using Metasploit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The emerging market of stolen personal information and company secrets pose an ever growing strain on the IT industry. Securing ones servers and applications is the daunting task of the pen-testers. They must be one step ahead of the attackers so that any vulnerabilities can be safely patched before exposing YOUR data to the bad guys. Pentesting using Metasploit ȘtefanCătălinHanu 12.04.2014

  2. There is an A for everything • Theoretical side of things • Definitions • Vocab • ISTQB • Good practices • Things to remember • Lessons to learn • Practical (realistic ) side of things • Activities and their benefits • Examples

  3. Agenda • Pentesting • Pentesting vs Vulnerability Assessment • Is it necessary? • To the battle stations! • Metasploit framework • Versions and basics • What does it do? • Meterpreter • Metasploit – practical display • Presenting the Web UI • Command line anyone? • VM Security – hands on testing • Basic VM setting • Basic scenario • Conclusions • Questions?

  4. Pentesting • In 2013 there were 4607 CVEs and 13073 vulnerabilities • Successfully exploited vulnerabilities can affect you or your company • What can we do?

  5. Pentesting • Penetration testing (pen-testing or pentesting) is the process of legally attacking a computer system with the purpose of finding vulnerabilities and exploiting them • The process includes probing for vulnerabilities as well as providing proof of concept (PoC) attacks • A successful testing attempt could expose confidential data and should provide recommendations for addressing and fixing the issues • Types: Internal, External and Hybrid

  6. Pentesting • Pentesting vs Vulnerability Assessment • Vulnerability Assessment places the emphasis on identifying areas that are vulnerable without compromising the system • Pentesting focuses on finding vulnerabilities and exploit all the layers: it simulates a hacker attack

  7. Pentesting • Pentesting vs Vulnerability Assessment

  8. Pentesting • Is it necessary? • Identifies vulnerabilities that automated systems cannot find • Assesses how the systems react in a real case scenario • Gives clues to what information might leak • Tests a company response time and ability to detect intruders • Gives meaningful information about the vulnerabilities and how to fix them

  9. Pentesting • To the battle stations! • Common tools and frameworks: • Metasploit Framework (Nexpose); • Burp Suite; • Hydra; • John the Ripper; • Maltego; • Nmap/Zenmap; • The Zed Attack Proxy (ZAP) ; • Sqlmap; • Wireshark; • Mitmproxy; • W3af; • Specialized OS distributions (Linux): • Kali Linux; • Backtrack – discontinued; • Pentoo;

  10. Metasploit Framework • An exploitation framework written in Ruby, currently at version 4.9.1 • It’s modular • Contains exploits, payloads, encoders and auxiliaries • The framework is Open Source

  11. Metasploit Framework • Versions and basics • Metasploit Framework Edition • The free version • Metasploit Community Edition • A free, web-based user interface for Metasploit • Metasploit Express • An open-core commercial edition for security teams who need to verify vulnerabilities • Metasploit Pro • An open-core commercial Metasploit edition for penetration testers • Armitage • Is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits.

  12. Metasploit Framework • What does it do? • It is basically a tool for the development of exploits and the testing of these exploits on live targets • Can be used for penetration testing, risk assessment, vulnerability research, and other security developmental practices such as IDS and the intrusion prevention system ( IPS ).

  13. Metasploit Framework • Meterpreter • Is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime • Stealthy • Powerful • Extensible • Features can be added at runtime: new features are added to Meterpreter by loading extensions.

  14. Metasploit • Presenting the Web UI • To access the Metasploit Web UI, open a browser and go to https://localhost:3790 if Metasploit Pro runs on your local machine • If Metasploit Pro runs on a remote machine, replace localhost with the address of the remote machine.

  15. Metasploit • Presenting the Web UI Practical example - presenting the Web UI

  16. Metasploit • Command line anyone? • msfconsole is probably the most popular interface to the MSF • It provides an "all-in-one" centralized console

  17. Metasploit • Command line anyone? Practical example – presenting the console

  18. VM Security • Basic VM setting • Metasploitable2 VM • Intentionally vulnerable version of Ubuntu Linux • Loaded with exploitable services, backdoors, web services, etc • Kali Linux 1.0.6 • Based on Ubuntu • Replaces the old Backtrack • Packed with Pentesting tools • Live CD compatible

  19. VM Security • Basic scenario • We have our web application running on a Linux server (in our case, Metasploitable) and need to test for vulnerabilities • Using the Web UI, we scan the network and find our target and start a web scan • Check the results and patch things up

  20. VM Security • Basic scenario

  21. VM Security • Basic scenario

  22. Conclusions • While the IT industry is evolving, every new feature, and even every new bug fix can potentially create new vulnerabilities • Testing software, systems or networks is time consuming and requires a specialized team • Large companies will have a full audit every six months and continuous pentesting teams on site • Ultimately, pentesting is a must, and Metasploit is the best in the field

  23. Resources • Pentesting vs Vulnerability Assessment • https://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf • Metasploit: The Penetration Tester's Guide (ISBN-13: 978-1593272883) • The Hacker Playbook: Practical Guide To Penetration Testing (ISBN-13: 978-1494932633) • https://community.rapid7.com (Metasploit Framework) • https://community.rapid7.com/docs/DOC-1875 (Metasploitable2) • http://www.offensive-security.com/metasploit-unleashed/Main_Page • http://secunia.com/?action=fetch&filename=Secunia_Vulnerability_Review_2014.pdf • http://www.tenable.com/products/nessus (Nessus Vulnerability Scanner) • http://www.portswigger.net/burp/ (Burp Suite) • https://www.thc.org/thc-hydra/ (Hydra) • http://www.openwall.com/john/ (John the Ripper) • https://www.paterva.com/web6/products/maltego.php (Maltego) • http://nmap.org/ (Nmap/Zenmap) • https://code.google.com/p/zaproxy/ (ZAP) • http://sqlmap.org/ (sqlmap) • http://www.wireshark.org/ (Wireshark)

  24. Resources • Pentesting vs Vulnerability Assessment • http://mitmproxy.org/ (mitmproxy) • http://w3af.org/ (w3af) • http://www.kali.org/ (Kali Linux) • http://dev.metasploit.com/documents/meterpreter.pdf

More Related