METASPLOIT FRAMEWORKA Complete Tool For System Penetration

Testing

Presented By:-Mahesh Kumar SharmaB.Tech IV Year Computer ScienceRoll No. :- CS09047

OVERVIEWMETASPLOIT FRAMEWORK Tool for development and testing of

vulnerabilities Can be used for: --Penetration Testing --Exploit Research --Developing IDS Signatures Started By H.D. Moore in 2003 Acquired By Rapid7 Remains Open Source and free for use Written in Ruby

Over 1000+ tested exploits Over 253 payloads and 27 encoders!

Metasploit offers “plug n play” of payloads with exploit --This alone is a huge advantage

Tones of other features for better and faster pentests

Overview Continued……

Runs on any operating system --source code for Linux/Unix/Mac OS x --portable to windows via CYGWIN

Allows anyone to exploit & usually “root”Certain machines with only an “IP address” and a basic background of the system

Requires no knowledge of the software bug, or exploit machine code

Overview Continued……..

UNDERSTANDING BASIC TERMS Vulnerability – a weakness which allows

an attacker to break into /compromise a system’s security

Exploit – code which allows an attacker to take advantage of a vulnerable system

Payload- actual code which runs on the system after exploitation

Exploit= Vulnerability + Payload

HOW DOES EXPLOITATION WORKS?

1. Vulnerability2. Exploit3. Payload

ON A MORE SERIOUS NOTE…..

Vulnerable computer

Attacker

1.Exploit+Payload2.Exploit Runs first….

3. Payload Runs Next if Exploit succeeds

4. Data download, malware, Rootkit etc.

ACCESSING METASPLOIT

Msfgui Msfweb

MsfcliMsfconsole

MSFCONSOLE

• Interactive console for Metasploit• Has tab completion• External commands can be executed• Best among available interfaces to get most

out of Metasploit

CHALLENGES IN USING INDIVIDUAL EXPLOITS Dozens of exploits available--Manage, update, customize—nightmare To customize payload, rewrite may be

required of exploit program--Time consuming ,high skill required

Testing and exploit research is tedious without a framework

LIMITATIONS OF USING SPECIFIC PAYLOADS Individual payloads can only do single

tasks-Add user-Bind shell to port Most exploits include a remote

shell(command interpreter) creating payload

Disadvantages-creation of new process may trigger alarm-Limited by commands the shell can run

WHAT WE NEED IS….. A payload which:-Avoid creation of new process-Should run in exploited process’ context-Should not create a new file on disk-Create a “platform” which allows import moreFunctionality remotely (“extending”)-Allows for writing scripts which can leverage this platform

EXPLORING THE METASPLOIT DIRECTORY

• Important directories include: -Modules -Scripts -Plugins -Externals -Data -Tools

PENETRATION TESTING Active evaluation of system or network

of systems Assume the role of a black hat hacker or

“bad guy” Often uses the same tool as hackers

PENETRATION TESTING CONTINUE…. Metasploit brings together many of the

tools and techniques used by hackers

Understanding windows Desktops

• Session 0 typically represents console

-other represent remote desktop sessions

• Window station is an object containing a group desktop objects among other things

• WinSta0 is only interactive window station in every session

-Allow interaction of user-Default interact with logged in user-Winlogon while user is logging on

• Each WinSta0 desktop has its own keyboard buffer

-Sniffing logon passwords

Windows Security…

• Every user on windows system is identified by a unique Security Identifier (SID)

• SID is of the form:• S-Revision Level – identified Authority Value – domain or local ID – Relative ID

e.g. S-1-5-21-3623811015-3361044348-30300820-10 13

UNDERSTANDING TOKENS

User Proces

s

Thread 1

Thread 2

Thread 3

Primary token

Primary Token

Primary Token

Primary Token

• SID• Groups• Privileges• Other Info

Account

Required privileges

WARNINGS Metasploit is very powerful, and very

dangerous This is a briefing of a demo I did on my

own systems & network, not a “live” demo

I used VMWare to isolate the operating system from other systems and the internet

Use of this an any unauthorized way will get you fired/arrested/deported