Professional Documents
Culture Documents
Consists of
Web server Console Signatures
2
Overview continued
Runs on any operating system Source code for Linux/Unix/MacOS X Portable to Windows via CYGWIN Allows anyone to exploit & usually root certain machines with only an IP address and a basic background of the system Requires no knowledge of the software bug, or exploit machine code
Overview cont
Consists of
Web server Console Signatures
5
WARNINGS
Metasploit is very powerful, and very dangerous This is a briefing of a demo I did on my own systems & network, not a live demo I used VMWare to isolate the operating system from other systems and the internet Use of this an any unauthorized way will get you fired/arrested/deported/smited by God, etc...
9
Installation
Installed on both Windows and Linux with same results/ease of use Uses a web server as interface Signature updates downloaded automatically Started the web server & logged in
10
Web Interface
11
Web Interface
12
Web Interface
13
Web Interface
14
Demo
System 1 Linux Used Redhat 8 Released Sept 2002, still in wide use Running services samba (file sharing), and SSH
15
16
17
Demo
Select linux from exploit filters
18
19
Demo
Filesharing (port 139) is running on a linux machine Assume samba is running Choose samba trans2open from list of exploits
20
21
22
23
24
25
Demo
Payloads
Add User Bind shell Exec execute one command And many more
Chose linux_ia32_bind
26
27
28
29
30
Demo
I had little success with check option. Most of the time, metasploit would say it was not vulnerable, however, it was Run Exploit
31
32
33
34
35
36
37
38
39
40
41
Demo
42
Demo
43
44
45
Demo
Shell access opens up the doors to any other service Steal passwords Add/delete users Alter/disrupt services Download files Change files Change logs Full access to any other privilege services on other machines
46
Demo
No entries of exploit left in the logs
47
System 2 Windows 2000 Adv Server Released February 2000, still supported by Microsoft and in wide use Running DEFAULT services
File sharing Web server MANY other services (see nmap scan)
48
49
Summary
Metasploit is very easy to use, and very powerful Web interface allows the scans to be run from any system, on any operating system Evidence may or may not be left behind on the system IDS/IPS will sense these exploits Only contains old & well known exploits
51
Questions
52