[null]metapwn - pwn at a puff by prajwal panchmahalkar
Post on 16-Jan-2015
1.204 Views
Preview:
DESCRIPTION
TRANSCRIPT
Now Pwn at a pufff….Now Pwn at a pufff….
• Metasploit Framework• metaPwn• FastTrackFastTrack• Armitage – The new and easy
convention.• SET
• Metasploit - The single most powerful tool available today for the Penetration testers.
• Used for Developing and executing exploit code against any target machine.
• An open source ruby framework, moved from perl.
• Lib: the ‘meat’ of the framework code base.
• Data: editable files used by Metasploit
• Tools: useful commandline utilities
• Modules: the Framework modules.
• Payloads• Scripts• External
• The most popular and best way to use Metasploit Framework.
• Efficient and wide access to all the options.
• Execution of external commands is possible
• It is very importand that you analyze your target
• The scan results (generally by nmap) are very useful.
• Know the services running on the Target machine from the scan results.
• Determine the vulnerabilities.
• Search • Tab Completion.• Check• load• Connect• Irb• route• run/exploit and more …. Follow the
demos >>
1. Know the target2. Scan for the suspected
vulnerabilities3. Find the pertaining payloads.4. Launch payloads to exploit
(Attack)5. Post Exploitation.
• Scan and Create a database• Import them to metasploit
• And “autopwn.autopwn.““
• Fast-Track is one more automated penetration suite.
• Fast-Track has 3 modes of operation – Interactive mode– GUI mode – Console mode (obsolete)
• Fast-Track comes with a good interface and support
• Tutorials available• Automates the exploitation• Dependent on Metasploit , so have it
updated.
• Social Engineering Tool kit• Comes with 10 major functions.– Spear-phishing Attack Vectors– Website attack vectors– Infection media generator– Create a payload and listener– Mass mailer attack– Teensy USB HID attack vector– SMS spoofing attack vector
• All the above listed attacks make the major attacks on the contemporary sytems.
• Lets have a detailed glimpse at all these services from SET….
• A very well Mapped GUI for penetration testing
• Provides a very good GUI and a map of the target machines
• Armitage also uses Metasploit framework to test on the target
• “Little is to be said and rest is the action”
Source :http://telegraph.co.uk
Source :http://telegraph.co.uk
top related