You are on page 1of 52

Penetration Testing UsingMetasploit Framework

Ashwani Kumar Navneet Chaudhary


1

Metasploit Framework Overview


Open source tool Used for
Penetration testing IDS Signature Development Exploit Research

Consists of
Web server Console Signatures
2

Overview continued
Runs on any operating system Source code for Linux/Unix/MacOS X Portable to Windows via CYGWIN Allows anyone to exploit & usually root certain machines with only an IP address and a basic background of the system Requires no knowledge of the software bug, or exploit machine code

Overview cont

Metasploit Framework Overview


Open source tool Used for
Penetration testing IDS Signature Development Exploit Research

Consists of
Web server Console Signatures
5

Penetration Testing Overview


Active evaluation of a system or network of systems Assume the role of a black hat hacker or bad guy Often uses the same tools as hackers

Penetration Overview Continued


Metasploit brings together many of the tools and techniques used by hackers

Metasploit does not do it all


While metasploit can be used to compromise many system architectures (Sun/Intel/Mac) as well as many Operating Systems (Windows, Solaris, Linux) it does not do everything User must still do recon and/or vulnerability scans
8

WARNINGS
Metasploit is very powerful, and very dangerous This is a briefing of a demo I did on my own systems & network, not a live demo I used VMWare to isolate the operating system from other systems and the internet Use of this an any unauthorized way will get you fired/arrested/deported/smited by God, etc...
9

Installation
Installed on both Windows and Linux with same results/ease of use Uses a web server as interface Signature updates downloaded automatically Started the web server & logged in

10

Web Interface

11

Web Interface

12

Web Interface

13

Web Interface

14

Demo
System 1 Linux Used Redhat 8 Released Sept 2002, still in wide use Running services samba (file sharing), and SSH

15

Linux system - Port scan

16

Linux system - Port scan


Nmap reveals several things Services SSH, rpcbind, filesharing Operating System Linux, kernel version 2.4.6 2.4.26, or 2.4.9, 2.6.5 2.6.11 Doesnt tell us the distribution, but we can guess

17

Demo
Select linux from exploit filters

18

19

Demo
Filesharing (port 139) is running on a linux machine Assume samba is running Choose samba trans2open from list of exploits

20

21

22

23

24

25

Demo
Payloads
Add User Bind shell Exec execute one command And many more

Chose linux_ia32_bind

26

27

28

29

30

Demo
I had little success with check option. Most of the time, metasploit would say it was not vulnerable, however, it was Run Exploit

31

32

33

34

35

36

37

38

39

40

41

Demo

42

Demo

43

44

45

Demo
Shell access opens up the doors to any other service Steal passwords Add/delete users Alter/disrupt services Download files Change files Change logs Full access to any other privilege services on other machines
46

Demo
No entries of exploit left in the logs

47

System 2 Windows 2000 Adv Server Released February 2000, still supported by Microsoft and in wide use Running DEFAULT services
File sharing Web server MANY other services (see nmap scan)
48

Windows system - Port scan

49

Windows system - Port scan


Nmap reveals several things Services Just about everything you can think of Operating System Windows 95/98/ME/2000/XP Doesnt tell us the version, but based on the number of services, we can guess Windows NT or 2000 Server
50

Summary
Metasploit is very easy to use, and very powerful Web interface allows the scans to be run from any system, on any operating system Evidence may or may not be left behind on the system IDS/IPS will sense these exploits Only contains old & well known exploits
51

Questions

52

You might also like