Introduction to Metasploit Stefano Cristalli November 29, 2018 - - PowerPoint PPT Presentation

▶

Oct 13, 2023 544 likes •692 views

Introduction to Metasploit Stefano Cristalli November 29, 2018 Laboratorio di Sicurezza e Reti Universit` a degli Studi di Milano Table of contents 1. Basic commands in the Metasploit console 2. DEMO: exploiting Heartbleed 3. Exercises

SLIDE 1

Introduction to Metasploit

Stefano Cristalli November 29, 2018

Laboratorio di Sicurezza e Reti — Universit` a degli Studi di Milano

SLIDE 2

1. Basic commands in the Metasploit console
2. DEMO: exploiting Heartbleed
3. Exercises
4. DEMO: creating a simple trojan
5. Exercises

SLIDE 3

Basic commands in the Metasploit console

SLIDE 4

Discovery

Command db nmap. Like standard nmap, but interfaced with Metasploit’s db db nmap -v -sV 192.168.19.128

v verbose output
sV tries to determine service/version info

SLIDE 5

Exploit search

Commands search and use. msf > search gitlab msf > use exploit/multi/http/gitlab shell exec Once we know which service to attack, it is time to search for exploits.

SLIDE 6

Exploit configuration

Before executing the exploit, we must configure options. Examples: set RHOST 192.168.19.128 set RPORT 8080 Commands info and show options will give us information on the exploit and on its options. It’s also a good idea sometimes to see what the exploit does by looking at its code, with command edit.

SLIDE 7

Exploit test and execution

We can perform a check of the vulnerability. Not always present, and remember to always check the implementation! msf > check If we want to actually run the exploit, the command is run: msf > run

SLIDE 8

DEMO: exploiting Heartbleed

SLIDE 9

Exercises

SLIDE 10

Exercises

1. Scan vulnbox for services. Which ones can you identify?
2. Try to exploit the running services. Can you find a working exploit?
3. The Apache server we have already analyzed runs a CGI script at

/cgi-bin/hello.sh It’s just an hello world, so the code is not vulnerable. Maybe the underlying program is a bit... old?

SLIDE 11

DEMO: creating a simple trojan

SLIDE 12

Exercises

SLIDE 13

Exercises

1. Analyze /home/user/vuln/vuln.c on vulnbox. What does the

program do?

2. Exploit the program. Spawn a shell by generating a payload with

msfvenom.

3. A local shell isn’t enough. Produce and test shellcodes for bind and

Introduction to Metasploit

Stefano Cristalli November 29, 2018

Table of contents

Basic commands in the Metasploit console

Discovery

Command db nmap. Like standard nmap, but interfaced with Metasploit’s db db nmap -v -sV 192.168.19.128

Exploit search

Commands search and use. msf > search gitlab msf > use exploit/multi/http/gitlab shell exec Once we know which service to attack, it is time to search for exploits.

Exploit configuration

Exploit test and execution

We can perform a check of the vulnerability. Not always present, and remember to always check the implementation! msf > check If we want to actually run the exploit, the command is run: msf > run

DEMO: exploiting Heartbleed

Exercises

Exercises

/cgi-bin/hello.sh It’s just an hello world, so the code is not vulnerable. Maybe the underlying program is a bit... old?

DEMO: creating a simple trojan

Exercises

Exercises

program do?

msfvenom.

reverse remote shells.