2. Contents :
• Introduction :
I. Basics .
II. Running an attack The old fashioned way .
III. Overview of the metasploit project and framework
IV. Run the same attack using metasploit .
• Metasploit overview and Basic framework usage .
I. Metasploit Architechture .
II. Consols .
• MeterPreter basics and overView
3. Exploitation !
• Vulnerability : a weakness which allow an attacker to braek
into a system security.
• Exploit : code which allow attacker to take advantage of a
vulnerable system
• Payload : A code that Run On the System After Exploitation
6. Run an Exploit The Old Fashion Way
.The Vulnerability : RPCDCOM
The Buffer Overflow In Rcp Interface ;
.The Exploit And The PayLoad are Availble ;
7. The Problem !
• A Lot Of Exploits !
• Hard To Cutomize The Payload .
• Testing exploit Research is Painfull !.
• Metasploit is a Short Cut
8. What Is Metasploit ?
• Metasploit has come to be synonymous with the Metasploit
Framework.
• The Metasploit Project Whose goal is to provide information that
will be useful in
I. Pentration Testing.
II. IDS Signature.
I. exploit research.
• Developped By H.D Moor 2003 then acquired by Rapid7
• Primarily written in perl,
• Then Rewritten in Ruby ‘Largest proGramme Even Wrotte In Ruby’ !!
• The framework is an open-source platform for developing, testing
and using exploit code.
• The current “stable” version is version 4
• Similar to the commercial projects Canvas (Immunity) and Impact
(Core)
9. Benefits
• Over 600 tested exploits and 200 payloads !
• Plug and play of payloads with exploits
-matching the Payload whith The Exloit
-Try different Payload with The Same Exploit Code .
• Lot Of Tools and Features For better And Faster pentests
10. Using Metasploit
• Show – list modules available (exploits, payloads, etc)
• Use – Use a specific exploit module
• Set – set specific variables (Case sensitive)
• RHOST – Remote Host (who we’re attacking)
• PAYLOAD – The payload to carry
• LHOST – Local Host (for the phone home attacks, reverse shell)
• Exploit – run the exploit.
• RpcDcom Using Metasploit.
13. MeterPreter
• What We Are Looking For is a Payload which :
• - Avoid Creation of a new Process .
• - Should Run in The Exploited process’ Context.
• - Should Not Created a new File On disk .
• - Import More Functionality (extending ) and not Be Limited
Whith The Created Remote Shell Commande .
• - That Exactly What MeterPreter Do !
14. Meterpreter Basics
• Post exploitation Tool
• Woks by using in memory DLL injection
• Does Not Create any files on disk
• Uses encrypted communication between Client and Attacker
• Stable ,Flexible and Extensible !
• Can be extended at runtime by shipping dlls To the Victime
15. How It Works
• When The Exploit Succeed
• Exploit and Run The First PayLoad
• PayLoad Connectes Back To Msf
• 2nd Stage Dll Injection Payload Sent
• Msf Sends Merterpreter Server Dll
• Client And Server Communication
17. Client Server Communication
In Meterpreter
• The Communication Is Encrypted .
• In The Form of TlVs (Type Length Value).
• So Multiple Channels Of communication can use the same
client –server connection .
• Allow For multiple programs running on the victim to
communicate at the same Time .
• Demo.