Upload File

metasploit intermediate -...

  • Home
  • Documents
  • Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil
14
Intermediate Metasploit d4rkm4tter

Upload: others

Post on 08-Oct-2020

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil

Intermediate Metasploit

d4rkm4tter

Page 2: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil

BS in Computer Science from SUU

I hack stuff and sometimes get paid for it

I hang out with #dc801

Long history with *nix systems

Regularly compete in CTF competitions

(Defcon’s Qualifier starts May 16th @ 6:00 pm)

whoami

Page 3: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil

Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evilYes these tools can do real damage, don’t be dumbDon’t blame me because you are giving up your rights by listening to meAny names or things referenced in this presentation are fiction and not any real person or thing

Disclaimer

Page 4: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil

Most exploits works by crashing threads or processes.Bad things will happen so expect this behavior, or don’t exploit.

More Warnings

Page 5: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil

How to get help? msf> help [command]More help? msf> [command] -hAutocomplete is your friend! <TAB> everything!MSF Directory on Kali - /usr/share/metasploit-framework

Some MSF Basics

Page 6: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil

msf> db_statusKali doesn’t start MSF nor Postgresql on boot# service postgresql start && service metasploit startmsf> db_rebuild_cache

More Basics

Page 7: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil

Directory Structure: auxiliary/[type]/[application]/[name]encoder/[architecture]/[name]exploits/[OS]/[type]/[exploit_name]payload/[OS]/[architecture]/[meterpreter||shell_name]nop/[architecture]/[name]post/[OS]/[type]/[name]

More More Basics

Page 8: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil

Example usage: msf> use auxiliary/scanner/discovery/udp_probe msf> use encoder/x86/alpha_uppermsf> use exploit/windows/smb/ms08_067_netapimsf> set PAYLOAD windows/meterpreter/reverse_tcp

Less More Basics

Page 9: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil

msf> workspacemsf> search [keywords]msf> use [module]msf> set [variable/option] [value]msf> show [all/options/modules/exploits]msf> session -lmsf> session -i 1

Less Basics

Page 10: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil

ReconReconRecon

ReconRecon

Recon

Methodology

Recon Send Exploits Pivot Persistence

Internal Network

PWN’d

Page 11: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil

You are a hackerTarget: lulzsec Motive: They are suspected of taking a copy of your bosses’ “special video”Objective: Gain access to their internal servers and find evidence they accessed your servers and took the data.

Setting the Scene

Page 12: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil

msf>

TO THE CONSOLE!

Page 13: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil

OMG IT CRASHED!!

Page 14: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil

Questions?

Follow me: @d4rkm4tterBlog: palshack.orgIRC: #DC801Some Vidz: http://bit.ly/QhWNL2

Finally, its over!


Don’t Be Envious of Evil Men

Brochure nr neighborly love - do not repay evil with evil

Repede - pearsoncmg.comptgmedia.pearsoncmg.com/images/9780744010091/samplepages/1009-1...Silver Fangs Those fangs of steel are aimed at evil. Don’t underestimate the looks of these

Get Out of the Back Row! A Community Involvement Primer - #OpenWest

Behavior & Specification Driven Development in PHP - #OpenWest

See No Evil, Hear No Evil: Banks, Universities, and Risky ...paforsyt/endow_slides.pdf · See No Evil, Hear No Evil: Banks, Universities, and Risky Investments Peter Forsyth∗, Irene

Cargo Cult Security at OpenWest

He who has done evil, expects evil

Islamic Studies unit 1.7 By Abida Mohammed 10S. Evil and suffering and belief in Allah There are two main types of evil: Natural evil Moral evil

How Do We Account For Evil? The Alternatives. Review Evil exists, but God does not Which worldview? God exists, but evil does not Which worldview? Evil

See No Evil, Hear No Evil, Remedy No Evil: How the Ontario ... · See No Evil, Hear No Evil have read over 1,000 reasonably significant Tribunal decisions. Each of these sources has

Resident Evil 1 - Créer un blog gratuitement - …ekladata.com/tNr7c6hW9GlQuoMSip3kE8K5yoo.pdfResident Evil: Deadly Silence 56 Resident Evil: Umbrella Chronicles 56 Resident Evil:

Formulas for Geometry Mr. Ryan. Free powerpoint template: 2 Don’t Get Scared!!! Evil mathematicians have created formulas to save

Deliver us from Evil - Anthropology of evil

OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions

Hear No Evil, See No Evil, Speak No Evil

OpenWest Conference at UVU, Ruby on Rails and BDD

Evil and Suffering. Evil Evil: “physical pain, mental suffering and moral wickedness”(John Hick, Philosophy and Religion) Four types of evil : Natural

Don’T Be Evil

Big Data for the Rest of Us - OpenWest 2014 - Matt Asay

Hear No Evil, Speak No Evil, Slurp No Evil: How the Recent

The Evil Within and the Evil Without in 2010

Credits - DriveThruRPG.comwatermark.drivethrurpg.com/pdf_previews/112802-sample.pdf · Jeremy “Shieldwall!” Hedge, Tim “I Don’t Care if She’s Evil, She’s Hot!” ... Credits

Negotiating ‘Evil’: Google, Project Maven and the ... · The motto ‘don’t be evil’ was one of the most controversial, even mythical, aspects of Google.3 It has been variously

How to Disagree But Still Be Agreeable OpenWest 2015 Robert Stone BrainStorm Incubator

Openwest worklifebalanceforpassionatedevelopers-newtemplate-150508160103-lva1-app6892

Work-Life Balance For Passionate Geeks - #OpenWest

Growing Your User Group - OpenWest v2

Hacking Google AdWords (TM) “Don’t be evil?” By: StankDawg

What is causing the quarrels and fights among you? Don’t they come from the evil desires at war within you? You want what you don’t have, so you scheme

Realtime Search Infrastructure at Craigslist (OpenWest 2014)

Corporate Culturepeoplelinkstaffing.com/wp-content/uploads/sites/2/...standards. Google’s values might be best articulated by their famous phrase, “Don’t be evil.” But they

Preface and Chapter One Introduction Things people don’t like about conditioning principles! Manipulative! Evil! Irrelevant for understanding human behavior!

See No Evil, Say No Evil: Description Generation from ...markyatskar.com/publications/StarSem2014-SeeNoEvil.pdf · See No Evil, Say No Evil: ... tive sentences from densely annotated

Cooperation in Evil Embryo Adoption?. Cooperation in Evil