SlideShare a Scribd company logo

Metasploitation part-1 (murtuja)

ClubHack
ClubHack

Slightly NSFW, be careful

Technology
1 of 75
Download to read offline
Metasploitation 4 Adults it’s not family affair… Murtuja Bharmal
Disclaimer Courtesy http://entertainment.desktopnexus.com_get_4642 1
About Me • Now Work Busy Man…. • Unemployed…. • Interest…. /dev/random…. • Co-founder of null…. :-D • X-IBMer’s ….. • Dal, Roti ka jugad, Security Consulting/Training
Agenda Courtesy http://asonchua.com
Agenda • Basics • Metasploit Auxiliary • Database Integration & Exploit Automation • Client Side Exploit & Extended Usage • Post Exploitation Fun • Metasploit Add-ons
Basics • What is vulnerability? • What is Exploit? • What is Payload? • What is encoder?
Vulnerability Courtesy http://harryjerry.com
Exploit Courtesy http://entertainment.in.msn.com
Payload • Use your imagination
Encoder • Still Thinking? Ask me offline
Basics • Vulnerability – Opportunity Window • Exploit – En-cashing Opportunity • Payload – En-cashment Window • Encoder – Masking
How it works? • Input malicious code Instead of Data • Malicious code = Exploit Code + Payload
Payload + Exploit Sanitized You should be at ClubHACK Courtesy http://guardian.co.uk Courtesy http://ivillage.com
Exploit Code 1 2 3 4 Courtesy 1. advice.eharmony.com 2. superstock.com 3. good-times.webshots.com 4. sheknows.com
Metasploit Framework • Open Source • Developed in Ruby • Easy to Use • 600+ Exploits • 200+ payloads • 25+ encoders • 300+ auxiliary
Metasploit Auxiliary Courtesy http://www.flickr.com
Metasploit Architecture Courtesy http://www.offensive-security.com
Directory Structure
Filesystem And Libraries • lib: the 'meat' of the framework code base • data: editable files used by Metasploit • tools: various useful command-line utilities • modules: the actual MSF modules • plugins: plugins that can be loaded at run-time • scripts: Meterpreter and other scripts • external: source code and third-party libraries Courtesy http://www.offensive-security.com/metasploit-unleashed
msfconsole
msfconsole • It is the only supported way to access most of the features within Metasploit. • Provides a console-based interface to the framework • Contains the most features and is the most stable MSF interface • Full readline support, tabbing, and command completion • Execution of external commands in msfconsole is possible: Courtesy http://www.offensive-security.com/metasploit-unleashed
Exploit Modules Confused how to explain technically? Courtesy http://www.sunpacmortgage.com
Metasploit – Exploit & Payloads • Exploit – Active – Passive • Payload Types – Inline ( Non Staged) – Staged – Meterpreter – PassiveX – NoNX – Ord – IPv6 – Reflective DLL injection
Exploit DEMO
Metasploit Auxiliary • Helper modules for pre-exploitation phase – Admin, DOS, Fuzzers, Gather, Scanner, Server, Spoof, SQLi, Sniffer, Test etc. • 300+ Auxiliary modules
We will cover • SCANNER • MSSQL • SNMP • FTP
Auxiliarry DEMO
Database Integration and Exploit Automation
Data Courtesy http://www.joy2day.com
Need of Database Sanitized You should be at ClubHACK
Need of Database • Network Penetration Testing • Easy management/storage of result • Report Generation
Database Integration& Exploit Automation • Database Support • Nmap • Nessus Bridge
Supported Database • Mysql - BackTrack 4 r2, MYSQL and Metasploit work together "out of the box“ • Postgres • Sqlite3 – file based database, might be pull-off in future
Nmap • db_nmap command to scan host/network • Result will be stored in database • Can view the result using db_hosts and db_services command
NMAP Demo
Nessus Bridge • Can perform vulnerability scan inside msfconsole • Supported using nessus bridge plugin • Use xmlrpc to connect with nessusd
Nessus Bridge Demo
In a Finger tip • db_autopwn – Automate exploitation process – Take target /service/vulnerability info from database – Spawns a meterpeter shell on success – Noisy
db_autopwn Demo
Client Side Exploit & Extended Usage
Client Side Exploit
Client Side Exploit & Extended Usage • Browser autopwn • Exploiting PDF • Payload Generation & Back-dooring EXE • Linux Backdoor
Browser autopwn • Automate browser based vulnerability exploitation • Perform browser finger printing • Auxiliary module server/browser_autopwnle
Browser autopwn Demo
Exploiting PDF • Most exploited software since last 2 years • Universally used software for document format • Favorite carrier for commercial malware toolkit
What all PDF do? • JavaScript runs under the context of App Object Model • File Attachment • XML, SOAP capabilities • Forms • Web Services • Database connections(ADBC)
What’s cracking up? • Vulnerable APIs – util.printf() (CVE-2008-2992) – getIcons() (CVE-2009-0927) – getAnnots() (CVE-20091492) – customDictionaryOpen() (CVE-2009-1493) – Doc.media.newPlayer (CVE-2009-4324) • File parsing vulnerabilities – JBIG2( Over a dozen CVE) – libTiff (CVE-2010-0188) • Social engineered arbit. command execution – PDF escape by Didier Stevens – Not a bug (feature) – Exploitation in the wild • Embedded Files – libTiff (CVE-2010-0188)
PDF exploitation Demo
Payload Generation and Backdooring EXE • Payload can be converted to various file format i.e. exe, dll, javascript etc. • Encode payload to evade antivirus • Can be embed with third party software/utility
msfpayload & msfencode
Linux Backdoor • Back-dooring payload with linux package • Embed payload with deb installation package
Linux Backdooring Demo
Metasploit Add-ons
Metasploit Add-ons Courtesy http://draftblogmm.blogspot.com
Fast-Track • Easy Automation • Utilize Metaspolit Framework on Backend • Modes – Interactive – Web interface
Fast-Track Demo
SET(Social Engineering Toolkit) • Weakest link in the information security chain is the natural human willingness to accept someone at their word. • SET focuses on attacking the human element • Develop in python • Very easy to use • Utilize Metaspolit Framework on Backend
SET(Social Engineering Toolkit) • Operational Mode – Interactive – Web Interface • Configuration file - config/set_config
SET Demo
Post Exploitation Fun
Post Exploitation Fun
What next after getting a Shell? • One can run the command supported by command prompt/shell. • So what extra bit control needed to en-cash the opportunity?
Meterpreter • Meta Interpreter • Post exploitation payload(tool) • Uses in-memory DLL injection stagers • Can be extended over the run time • Encrypted communication
What can be done? • Command execution • File Upload/Download • Process migration • Log Deletion • Privilege escalation • Registry modification • Deleting logs and killing antivirus • Backdoors and Rootkits • Pivoting • …..etc.
Demo Meterpreter
Channels • Communication using TLV (Type-Length-Value) • Tagging of data with channel number • Multiple program can be run at victim machine using different channel
Pivoting 2 1 LAN INTERNET Local Lan Firewall/IPS 4 3 Web Database Server DMZ Server
Demo Pivoting
Courtesy • http://www.metasploit.com/ • http://www.backtrack-linux.org • http://www.offensive-security.com/metasploit- unleashed/ • http://www.secmaniac.com/ • http://securitytube.net/ • http://vimeo.com/ • http://www.irongeek.com/ • http://www.windowsecurity.com/whitepapers/Social- Engineering-The-Weakest-Link.html • http://www.google.co.in
Thank You Murtuja Bharmal void@null.co.in Courtesy http://blingboo.com

Recommended

Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Jeremy Brown
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual AppliancesJeremy Brown
 
A Bug Hunter's Perspective on Unix Drivers
A Bug Hunter's Perspective on Unix DriversA Bug Hunter's Perspective on Unix Drivers
A Bug Hunter's Perspective on Unix DriversJeremy Brown
 
EASE spectre meltdown_support
EASE spectre meltdown_supportEASE spectre meltdown_support
EASE spectre meltdown_supportJoe Slowik
 
Owning windows 8 with human interface devices
Owning windows 8 with human interface devicesOwning windows 8 with human interface devices
Owning windows 8 with human interface devicesNikhil Mittal
 
Introduction to Browser Fuzzing
Introduction to Browser FuzzingIntroduction to Browser Fuzzing
Introduction to Browser Fuzzingn|u - The Open Security Community
 
More fun using Kautilya
More fun using KautilyaMore fun using Kautilya
More fun using KautilyaNikhil Mittal
 
ZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchorZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchorMichele Orru
 

Recommended

Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Jeremy Brown
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual AppliancesJeremy Brown
 
A Bug Hunter's Perspective on Unix Drivers
A Bug Hunter's Perspective on Unix DriversA Bug Hunter's Perspective on Unix Drivers
A Bug Hunter's Perspective on Unix DriversJeremy Brown
 
EASE spectre meltdown_support
EASE spectre meltdown_supportEASE spectre meltdown_support
EASE spectre meltdown_supportJoe Slowik
 
Owning windows 8 with human interface devices
Owning windows 8 with human interface devicesOwning windows 8 with human interface devices
Owning windows 8 with human interface devicesNikhil Mittal
 
Introduction to Browser Fuzzing
Introduction to Browser FuzzingIntroduction to Browser Fuzzing
Introduction to Browser Fuzzingn|u - The Open Security Community
 
More fun using Kautilya
More fun using KautilyaMore fun using Kautilya
More fun using KautilyaNikhil Mittal
 
ZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchorZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchorMichele Orru
 
Kautilya: Teensy beyond shell
Kautilya: Teensy beyond shellKautilya: Teensy beyond shell
Kautilya: Teensy beyond shellNikhil Mittal
 
Distributed Fuzzing Framework Design
Distributed Fuzzing Framework DesignDistributed Fuzzing Framework Design
Distributed Fuzzing Framework Designbannedit
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 
ColdFusion for Penetration Testers
ColdFusion for Penetration TestersColdFusion for Penetration Testers
ColdFusion for Penetration TestersChris Gates
 
Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the KingdomDennis Maldonado
 
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEFMichele Orru
 
Ultimate pen test compromising a highly secure environment (nikhil)
Ultimate pen test compromising a highly secure environment (nikhil)Ultimate pen test compromising a highly secure environment (nikhil)
Ultimate pen test compromising a highly secure environment (nikhil)ClubHack
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for EveryoneNikhil Mittal
 
Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)Michele Orru
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guysNick Landers
 
BSides London 2017 - Hunt Or Be Hunted
BSides London 2017 - Hunt Or Be HuntedBSides London 2017 - Hunt Or Be Hunted
BSides London 2017 - Hunt Or Be HuntedAlex Davies
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNEDChris Gates
 
Hacking the future with USB HID
Hacking the future with USB HIDHacking the future with USB HID
Hacking the future with USB HIDNikhil Mittal
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
1000 to 0
1000 to 01000 to 0
1000 to 0Sunny Neo
 
Continuous intrusion: Why CI tools are an attacker’s best friends
Continuous intrusion: Why CI tools are an attacker’s best friendsContinuous intrusion: Why CI tools are an attacker’s best friends
Continuous intrusion: Why CI tools are an attacker’s best friendsNikhil Mittal
 
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?Aditya K Sood
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat Security Conference
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear DenESET
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiClubHack
 

More Related Content

What's hot

Kautilya: Teensy beyond shell
Kautilya: Teensy beyond shellKautilya: Teensy beyond shell
Kautilya: Teensy beyond shellNikhil Mittal
 
Distributed Fuzzing Framework Design
Distributed Fuzzing Framework DesignDistributed Fuzzing Framework Design
Distributed Fuzzing Framework Designbannedit
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 
ColdFusion for Penetration Testers
ColdFusion for Penetration TestersColdFusion for Penetration Testers
ColdFusion for Penetration TestersChris Gates
 
Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the KingdomDennis Maldonado
 
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEFMichele Orru
 
Ultimate pen test compromising a highly secure environment (nikhil)
Ultimate pen test compromising a highly secure environment (nikhil)Ultimate pen test compromising a highly secure environment (nikhil)
Ultimate pen test compromising a highly secure environment (nikhil)ClubHack
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for EveryoneNikhil Mittal
 
Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)Michele Orru
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guysNick Landers
 
BSides London 2017 - Hunt Or Be Hunted
BSides London 2017 - Hunt Or Be HuntedBSides London 2017 - Hunt Or Be Hunted
BSides London 2017 - Hunt Or Be HuntedAlex Davies
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNEDChris Gates
 
Hacking the future with USB HID
Hacking the future with USB HIDHacking the future with USB HID
Hacking the future with USB HIDNikhil Mittal
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
Continuous intrusion: Why CI tools are an attacker’s best friends
Continuous intrusion: Why CI tools are an attacker’s best friendsContinuous intrusion: Why CI tools are an attacker’s best friends
Continuous intrusion: Why CI tools are an attacker’s best friendsNikhil Mittal
 
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?Aditya K Sood
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat Security Conference
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear DenESET
 

What's hot (20)

Kautilya: Teensy beyond shell
Kautilya: Teensy beyond shellKautilya: Teensy beyond shell
Kautilya: Teensy beyond shell
 
Distributed Fuzzing Framework Design
Distributed Fuzzing Framework DesignDistributed Fuzzing Framework Design
Distributed Fuzzing Framework Design
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
 
ColdFusion for Penetration Testers
ColdFusion for Penetration TestersColdFusion for Penetration Testers
ColdFusion for Penetration Testers
 
Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the Kingdom
 
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
 
Ultimate pen test compromising a highly secure environment (nikhil)
Ultimate pen test compromising a highly secure environment (nikhil)Ultimate pen test compromising a highly secure environment (nikhil)
Ultimate pen test compromising a highly secure environment (nikhil)
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
 
Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guys
 
BSides London 2017 - Hunt Or Be Hunted
BSides London 2017 - Hunt Or Be HuntedBSides London 2017 - Hunt Or Be Hunted
BSides London 2017 - Hunt Or Be Hunted
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNED
 
Hacking the future with USB HID
Hacking the future with USB HIDHacking the future with USB HID
Hacking the future with USB HID
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
1000 to 0
1000 to 01000 to 0
1000 to 0
 
Continuous intrusion: Why CI tools are an attacker’s best friends
Continuous intrusion: Why CI tools are an attacker’s best friendsContinuous intrusion: Why CI tools are an attacker’s best friends
Continuous intrusion: Why CI tools are an attacker’s best friends
 
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop
 
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear Den
 

Viewers also liked

ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiClubHack
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber InsuranceClubHack
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleClubHack
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreClubHack
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatClubHack
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...ClubHack
 
India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014ClubHack
 

Viewers also liked (9)

ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 

Similar to Metasploitation part-1 (murtuja)

Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...EC-Council
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009dnomura
 
Open Source Cyber Weaponry
Open Source Cyber WeaponryOpen Source Cyber Weaponry
Open Source Cyber WeaponryJoshua L. Davis
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class Chris Gates
 
BSides Manchester 2014 ZAP Advanced Features
BSides Manchester 2014 ZAP Advanced FeaturesBSides Manchester 2014 ZAP Advanced Features
BSides Manchester 2014 ZAP Advanced FeaturesSimon Bennetts
 
Security research over Windows #defcon china
Security research over Windows #defcon chinaSecurity research over Windows #defcon china
Security research over Windows #defcon chinaPeter Hlavaty
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploitTiago Henriques
 
OWASP 2014 AppSec EU ZAP Advanced Features
OWASP 2014 AppSec EU ZAP Advanced FeaturesOWASP 2014 AppSec EU ZAP Advanced Features
OWASP 2014 AppSec EU ZAP Advanced FeaturesSimon Bennetts
 
unit 2 confinement techniques.pdf
unit 2 confinement techniques.pdfunit 2 confinement techniques.pdf
unit 2 confinement techniques.pdfRohitGautam261127
 
DefCamp 2013 - MSF Into The Worm Hole
DefCamp 2013 - MSF Into The Worm HoleDefCamp 2013 - MSF Into The Worm Hole
DefCamp 2013 - MSF Into The Worm HoleDefCamp
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...B.A.
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysisChong-Kuan Chen
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitAnurag Srivastava
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerShellmates
 
Realtime traffic analyser
Realtime traffic analyserRealtime traffic analyser
Realtime traffic analyserAlex Moskvin
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...Hackito Ergo Sum
 

Similar to Metasploitation part-1 (murtuja) (20)

Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009
 
Open Source Cyber Weaponry
Open Source Cyber WeaponryOpen Source Cyber Weaponry
Open Source Cyber Weaponry
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
 
BSides Manchester 2014 ZAP Advanced Features
BSides Manchester 2014 ZAP Advanced FeaturesBSides Manchester 2014 ZAP Advanced Features
BSides Manchester 2014 ZAP Advanced Features
 
Security research over Windows #defcon china
Security research over Windows #defcon chinaSecurity research over Windows #defcon china
Security research over Windows #defcon china
 
Metasploit
MetasploitMetasploit
Metasploit
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploit
 
OWASP 2014 AppSec EU ZAP Advanced Features
OWASP 2014 AppSec EU ZAP Advanced FeaturesOWASP 2014 AppSec EU ZAP Advanced Features
OWASP 2014 AppSec EU ZAP Advanced Features
 
unit 2 confinement techniques.pdf
unit 2 confinement techniques.pdfunit 2 confinement techniques.pdf
unit 2 confinement techniques.pdf
 
DefCamp 2013 - MSF Into The Worm Hole
DefCamp 2013 - MSF Into The Worm HoleDefCamp 2013 - MSF Into The Worm Hole
DefCamp 2013 - MSF Into The Worm Hole
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysis
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama Elhamer
 
Realtime traffic analyser
Realtime traffic analyserRealtime traffic analyser
Realtime traffic analyser
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
 

More from ClubHack

Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaClubHack
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012ClubHack
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack
 
One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)ClubHack
 
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)ClubHack
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)ClubHack
 
Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)ClubHack
 
How Android Based Phone Helped Me Win American Idol (Elad Shapira)
How Android Based Phone Helped Me Win American Idol (Elad Shapira)How Android Based Phone Helped Me Win American Idol (Elad Shapira)
How Android Based Phone Helped Me Win American Idol (Elad Shapira)ClubHack
 
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)ClubHack
 
Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)
Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)
Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)ClubHack
 
Android forensics (Manish Chasta)
Android forensics (Manish Chasta)Android forensics (Manish Chasta)
Android forensics (Manish Chasta)ClubHack
 
Android Tamer (Anant Shrivastava)
Android Tamer (Anant Shrivastava)Android Tamer (Anant Shrivastava)
Android Tamer (Anant Shrivastava)ClubHack
 

More from ClubHack (20)

Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 
One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)
 
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
 
Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)
 
How Android Based Phone Helped Me Win American Idol (Elad Shapira)
How Android Based Phone Helped Me Win American Idol (Elad Shapira)How Android Based Phone Helped Me Win American Idol (Elad Shapira)
How Android Based Phone Helped Me Win American Idol (Elad Shapira)
 
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
 
Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)
Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)
Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)
 
Android forensics (Manish Chasta)
Android forensics (Manish Chasta)Android forensics (Manish Chasta)
Android forensics (Manish Chasta)
 
Android Tamer (Anant Shrivastava)
Android Tamer (Anant Shrivastava)Android Tamer (Anant Shrivastava)
Android Tamer (Anant Shrivastava)
 

Recently uploaded

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Metasploitation part-1 (murtuja)

  • 1. Metasploitation 4 Adults it’s not family affair… Murtuja Bharmal
  • 2. Disclaimer Courtesy http://entertainment.desktopnexus.com_get_4642 1
  • 3. About Me • Now Work Busy Man…. • Unemployed…. • Interest…. /dev/random…. • Co-founder of null…. :-D • X-IBMer’s ….. • Dal, Roti ka jugad, Security Consulting/Training
  • 4. Agenda Courtesy http://asonchua.com
  • 5. Agenda • Basics • Metasploit Auxiliary • Database Integration & Exploit Automation • Client Side Exploit & Extended Usage • Post Exploitation Fun • Metasploit Add-ons
  • 6. Basics • What is vulnerability? • What is Exploit? • What is Payload? • What is encoder?
  • 7. Vulnerability Courtesy http://harryjerry.com
  • 8. Exploit Courtesy http://entertainment.in.msn.com
  • 9. Payload • Use your imagination
  • 10. Encoder • Still Thinking? Ask me offline
  • 11. Basics • Vulnerability – Opportunity Window • Exploit – En-cashing Opportunity • Payload – En-cashment Window • Encoder – Masking
  • 12. How it works? • Input malicious code Instead of Data • Malicious code = Exploit Code + Payload
  • 13. Payload + Exploit Sanitized You should be at ClubHACK Courtesy http://guardian.co.uk Courtesy http://ivillage.com
  • 14. Exploit Code 1 2 3 4 Courtesy 1. advice.eharmony.com 2. superstock.com 3. good-times.webshots.com 4. sheknows.com
  • 15. Metasploit Framework • Open Source • Developed in Ruby • Easy to Use • 600+ Exploits • 200+ payloads • 25+ encoders • 300+ auxiliary
  • 16. Metasploit Auxiliary Courtesy http://www.flickr.com
  • 17. Metasploit Architecture Courtesy http://www.offensive-security.com
  • 19. Filesystem And Libraries • lib: the 'meat' of the framework code base • data: editable files used by Metasploit • tools: various useful command-line utilities • modules: the actual MSF modules • plugins: plugins that can be loaded at run-time • scripts: Meterpreter and other scripts • external: source code and third-party libraries Courtesy http://www.offensive-security.com/metasploit-unleashed
  • 21. msfconsole • It is the only supported way to access most of the features within Metasploit. • Provides a console-based interface to the framework • Contains the most features and is the most stable MSF interface • Full readline support, tabbing, and command completion • Execution of external commands in msfconsole is possible: Courtesy http://www.offensive-security.com/metasploit-unleashed
  • 22.
  • 23. Exploit Modules Confused how to explain technically? Courtesy http://www.sunpacmortgage.com
  • 24. Metasploit – Exploit & Payloads • Exploit – Active – Passive • Payload Types – Inline ( Non Staged) – Staged – Meterpreter – PassiveX – NoNX – Ord – IPv6 – Reflective DLL injection
  • 26. Metasploit Auxiliary • Helper modules for pre-exploitation phase – Admin, DOS, Fuzzers, Gather, Scanner, Server, Spoof, SQLi, Sniffer, Test etc. • 300+ Auxiliary modules
  • 27. We will cover • SCANNER • MSSQL • SNMP • FTP
  • 29. Database Integration and Exploit Automation
  • 30. Data Courtesy http://www.joy2day.com
  • 31. Need of Database Sanitized You should be at ClubHACK
  • 32. Need of Database • Network Penetration Testing • Easy management/storage of result • Report Generation
  • 33. Database Integration& Exploit Automation • Database Support • Nmap • Nessus Bridge
  • 34. Supported Database • Mysql - BackTrack 4 r2, MYSQL and Metasploit work together "out of the box“ • Postgres • Sqlite3 – file based database, might be pull-off in future
  • 35.
  • 36. Nmap • db_nmap command to scan host/network • Result will be stored in database • Can view the result using db_hosts and db_services command
  • 38. Nessus Bridge • Can perform vulnerability scan inside msfconsole • Supported using nessus bridge plugin • Use xmlrpc to connect with nessusd
  • 39.
  • 40.
  • 42. In a Finger tip • db_autopwn – Automate exploitation process – Take target /service/vulnerability info from database – Spawns a meterpeter shell on success – Noisy
  • 43.
  • 45. Client Side Exploit & Extended Usage
  • 47. Client Side Exploit & Extended Usage • Browser autopwn • Exploiting PDF • Payload Generation & Back-dooring EXE • Linux Backdoor
  • 48. Browser autopwn • Automate browser based vulnerability exploitation • Perform browser finger printing • Auxiliary module server/browser_autopwnle
  • 50. Exploiting PDF • Most exploited software since last 2 years • Universally used software for document format • Favorite carrier for commercial malware toolkit
  • 51. What all PDF do? • JavaScript runs under the context of App Object Model • File Attachment • XML, SOAP capabilities • Forms • Web Services • Database connections(ADBC)
  • 52. What’s cracking up? • Vulnerable APIs – util.printf() (CVE-2008-2992) – getIcons() (CVE-2009-0927) – getAnnots() (CVE-20091492) – customDictionaryOpen() (CVE-2009-1493) – Doc.media.newPlayer (CVE-2009-4324) • File parsing vulnerabilities – JBIG2( Over a dozen CVE) – libTiff (CVE-2010-0188) • Social engineered arbit. command execution – PDF escape by Didier Stevens – Not a bug (feature) – Exploitation in the wild • Embedded Files – libTiff (CVE-2010-0188)
  • 54. Payload Generation and Backdooring EXE • Payload can be converted to various file format i.e. exe, dll, javascript etc. • Encode payload to evade antivirus • Can be embed with third party software/utility
  • 56. Linux Backdoor • Back-dooring payload with linux package • Embed payload with deb installation package
  • 59. Metasploit Add-ons Courtesy http://draftblogmm.blogspot.com
  • 60. Fast-Track • Easy Automation • Utilize Metaspolit Framework on Backend • Modes – Interactive – Web interface
  • 62. SET(Social Engineering Toolkit) • Weakest link in the information security chain is the natural human willingness to accept someone at their word. • SET focuses on attacking the human element • Develop in python • Very easy to use • Utilize Metaspolit Framework on Backend
  • 63. SET(Social Engineering Toolkit) • Operational Mode – Interactive – Web Interface • Configuration file - config/set_config
  • 67. What next after getting a Shell? • One can run the command supported by command prompt/shell. • So what extra bit control needed to en-cash the opportunity?
  • 68. Meterpreter • Meta Interpreter • Post exploitation payload(tool) • Uses in-memory DLL injection stagers • Can be extended over the run time • Encrypted communication
  • 69. What can be done? • Command execution • File Upload/Download • Process migration • Log Deletion • Privilege escalation • Registry modification • Deleting logs and killing antivirus • Backdoors and Rootkits • Pivoting • …..etc.
  • 71. Channels • Communication using TLV (Type-Length-Value) • Tagging of data with channel number • Multiple program can be run at victim machine using different channel
  • 72. Pivoting 2 1 LAN INTERNET Local Lan Firewall/IPS 4 3 Web Database Server DMZ Server
  • 74. Courtesy • http://www.metasploit.com/ • http://www.backtrack-linux.org • http://www.offensive-security.com/metasploit- unleashed/ • http://www.secmaniac.com/ • http://securitytube.net/ • http://vimeo.com/ • http://www.irongeek.com/ • http://www.windowsecurity.com/whitepapers/Social- Engineering-The-Weakest-Link.html • http://www.google.co.in
  • 75. Thank You Murtuja Bharmal void@null.co.in Courtesy http://blingboo.com