SlideShare una empresa de Scribd logo

01_Metasploit - The Elixir of Network Security

H
Harish Chaudhary
1 de 32
Descargar para leer sin conexión
Metasploit – The Elixir of Network Security Harish Chowdhary |Software Quality Engineer, Aricent Technologies| Shubham Mittal |Penetration Testing Engineer, Iviz Security|
And Your Situation Would Be…
Main Goal Learn why and how to test computer networks against the most common but really serious security attacks using METASPLOITMETASPLOIT
What are we going to talk about Penetration Testing Why Bother? Testing Network with - METASPLOITTesting Network with - METASPLOIT Proof of Concept (Demonstration) (Mitigation Strategies) Conclusion
Penetration Testing A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker, or Cracker. Wikipedia Environmental Attacks Input Attacks Logic and Data Attacks
Why Bother? Active pen-testing teaches you things that security planning will not Are your users and system administrators actually following their own policies? host that claims one thing in security plan but it totally different in reality Raises security awarenessRaises security awareness Helps identify weakness that may be leveraged by insider threat or accidental exposure. Provides Senior Management a realistic view of their security posture Great tool to advocate for more funding to mitigate flaws discovered If I can break into it, so could someone else!
How dangerous are Cyber attacks October 12, 2011 Sony has suffered a data breach involving the usernames and passwords of about 93,000 customers. Attackers were able to reuse to logon to people's PlayStation Network , or Sony Online Entertainment , or Sony Entertainment Network accounts. 6 June 2012 over six million passwords were stolen in a hack of the professional networking site linkedin.com. 10 June 2012 Anonymous attacked and brought down the website run by Computer Emergency Response Team India (CERT-In), the country's premier agency dealing with cyber security contingencies
How dangerous are Cyber attacks July 12, 2012 A Yahoo security breach exposed 450,000 usernames and passwords from a site on the huge web portal indicates that the company failed to take even basic precautions to protect the data. 2012: Latest SQL Injection Campaign Infects 1 Million Web Pages with the lilupophilupop.comPages with the lilupophilupop.com During the period December 2011 to February 2012, a total number of 112 government websites were hacked,” Minister of State for Communications and IT Sachin Pilot told the Lok Sabha. September 10, 2012 — Network World —Anonymous has claimed responsibility for knocking domain provider GoDaddy offline. Source : http://openspace.org.in
Hacked out of Business
Severity Of Cyber Attacks
Current State : Network Security
Severity Of Cyber Attacks
Severity Of Cyber Attacks
Penetration Testing • Application Security Review • Application Security Assessment Application SecurityApplication Security • Secure Network Architecture & System Integration • Network Security Managed Operations Network & System SecurityNetwork & System Security • Security Management Reviews & Risk Assessment • Security Policy & Process Development & ImplementationSecurity Governance & ComplianceSecurity Governance & Compliance • Security Policy & Process Development & Implementation • ISO27001 Consulting Security Governance & ComplianceSecurity Governance & Compliance • BCM & ITDR Consulting • BCM Compliance Services Business Continuity / Disaster Recovery Business Continuity / Disaster Recovery • Consulting & System Integration • Support & Maintenance Identity & Access ManagementIdentity & Access Management • Professional Services • Remote Security Operation Centre Managed Security ServicesManaged Security Services
Diagrammatic Representation
Process of PenTest
FocusingNetworkPenTest
Network Security Testing
What is Metasploit According to the Metasploit Team; “The Metasploit Framework is a platform for writing, testing, and using exploit code. The primary users of the Framework are professionals performing penetration testing, shellcode development, and vulnerability research. It is becoming the de facto standard for vulnerability assessment and PenTest. largest ruby project in existence Find vulnerability ->choose exploit -> check if exploit applies -> configure payload -> configure encoding to evade IDS and AV-> execute the exploit Includes an extensive shell code and opcode database with full source code.
What is Metasploit To understand the use of Metasploit we have to understand the some basic terminologies. Vulnerability “The word vulnerability, refers to a weakness in a system allowing an attacker to violate the confidentiality, integrity,allowing an attacker to violate the confidentiality, integrity, availability, access control, consistency or audit mechanisms of the system or the data and applications it hosts”. Exploits An exploit is a security attack on a vulnerability Can exploits give access to a secured system? Ans: NO
What is Metasploit Exploits have more potential They are commonly used to install system malware or gain system access or recruit client machines into an existing ‘botnet’ This is accomplished with the help of a Payload The payload is a sequence of code that is executedThe payload is a sequence of code that is executed when the vulnerability is triggered Payloads are very useful because they provide an interactive shell that can be used to completely control the system remotely To make things clear, an Exploit is really broken up into two parts, EXPLOIT = Vulnerability + Payload
Hot Spots In a network, filtering and complex rules are generally applied on the basis of these basic factors TCP or UDP Source IP addressSource IP address Source Port Number Destination IP address Destination Port Number Now we have and Metasploit at our disposal and now we also have the HOT SPOTS to target the NETWORK. I
SAMPLE PENETRATION TEST *Note: Demonstration of the Penetration Test is only for the Research Purposes DON'T BE IRRESPONSIBLE...SERIOUSLYDON'T BE IRRESPONSIBLE...SERIOUSLY USE OF THESE TOOLS ON MACHINES NOT LEGALLY OWNED BY YOU COULD END UP PUTTING A NASTY MARK ON YOUR CRIMINAL RECORD This is not a live demo or real scenario of a Network Pentest. Network is emulated which is really close to the “Real One”
The Attack To conduct a Software Exploitation Attack using Metasploit Framework against a Victim machine in order to gain system access To make things interesting, the Victim’s machine will also have AV in order to see how it reacts to thealso have AV in order to see how it reacts to the attack. We use MS08-067 exploit – Critical - CVE-2008-4250 MS08-067 is Vulnerability in Server Service Could Allow Remote Code Execution (958644) On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code
Outline of Network TopologyTo emulate the real time network we created network of three virtual machines on WIN 7 Host Machine. VICTIM -WinXP Machine with SP2 and SP3 Flavor Ip.addr = 192.168.242.132Ip.addr = 192.168.242.132 VICTIM -WinXP Machine with SP3 and AV Ip.addr = 192.168.242.133 Attacker –Back|Track 5 r3 with Metasploit Ip.addr = 192.168.242.134
Tools: Used in the PenTest Automatic tools are required to detect and exploit the vulnerabilities quickly to save crucial amount of time. You can use the following Tools: Nmap 6.01 Hyperion for Exploit /Payload EncryptionHyperion for Exploit /Payload Encryption Havij can be used to detect SQL injection on the website hosted target using network SQL Inject Me (FireFox AddOn) Acunetix Web Vulnerability Scanner
DEMO
Evaluate Impact on the Network and Reporting It reveals the information about all the existing vulnerabilities in the network. How deep a hacker can go inside the Network. How much data can be lost or altered. Report them accurately
Recommended Countermeasures Discipline Code review QA Test PlansQA Test Plans Test with an intruder’s mindset Periodic Penetration Testing
Recommended Countermeasures(Contd.) Best Practices Use principle of least-privilege Use names should be harder to guess Use aliases to provide more layers of separation between the data and the intruderand the intruder Keep up-to-date on patches Escaping all User Supplied Input Use third-party code and applications evaluation services for greater scrutiny
Conclusion
Thank You

Recomendados

RSA Anatomy of an Attack
RSA Anatomy of an AttackRSA Anatomy of an Attack
RSA Anatomy of an Attack
integritysolutions
 
Analysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackAnalysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin Attack
Gavin Davey
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)
Yuval Sinay, CISSP, C|CISO
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Lancope, Inc.
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
Global Micro Solutions
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Peter Wood
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and Patching
Emmanuel Udeagha B.
 
NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New WorldNTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New World
North Texas Chapter of the ISSA
 

Recomendados

RSA Anatomy of an Attack
RSA Anatomy of an AttackRSA Anatomy of an Attack
RSA Anatomy of an Attack
integritysolutions
 
Analysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackAnalysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin Attack
Gavin Davey
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)
Yuval Sinay, CISSP, C|CISO
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Lancope, Inc.
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
Global Micro Solutions
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Peter Wood
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and Patching
Emmanuel Udeagha B.
 
NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New WorldNTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New World
North Texas Chapter of the ISSA
 
Light, Dark and... a Sunburst... dissection of a very sophisticated attack.
Light, Dark and... a Sunburst... dissection of a very sophisticated attack.Light, Dark and... a Sunburst... dissection of a very sophisticated attack.
Light, Dark and... a Sunburst... dissection of a very sophisticated attack.
Stefano Maccaglia
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Aaron ND Sawmadal
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
Mohit Belwal
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
mmubashirkhan
 
Chasing the Adder. A tale from the APT world...
Chasing the Adder. A tale from the APT world...Chasing the Adder. A tale from the APT world...
Chasing the Adder. A tale from the APT world...
Stefano Maccaglia
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
Loay Elbasyouni
 
Penetration and hacking training brief
Penetration and hacking training briefPenetration and hacking training brief
Penetration and hacking training brief
Bill Nelson
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
Network Intelligence India
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
Luigi Delgrosso
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.
SOCIALware Benelux
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
Savvius, Inc
 
System and web security
System and web securitySystem and web security
System and web security
chirag patil
 
NSA and PT
NSA and PTNSA and PT
NSA and PT
Rahmat Suhatman
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
Wail Hassan
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
ecmee
 
Module 20 (buffer overflows)
Module 20 (buffer overflows)Module 20 (buffer overflows)
Module 20 (buffer overflows)
Wail Hassan
 
Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)
Wail Hassan
 
IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical Hacking
IRJET Journal
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
gaurav koriya
 
Presentacion de tributario, potestad tributaria
Presentacion de tributario, potestad tributariaPresentacion de tributario, potestad tributaria
Presentacion de tributario, potestad tributaria
INESMHA
 
Exposicion
ExposicionExposicion
Exposicion
INESMHA
 
Digital Cinema
Digital CinemaDigital Cinema
Digital Cinema
Tuomas Hauvala
 

Más contenido relacionado

La actualidad más candente

Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Aaron ND Sawmadal
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
mmubashirkhan
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
Loay Elbasyouni
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
Savvius, Inc
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
ecmee
 

La actualidad más candente (19)

Light, Dark and... a Sunburst... dissection of a very sophisticated attack.
Light, Dark and... a Sunburst... dissection of a very sophisticated attack.Light, Dark and... a Sunburst... dissection of a very sophisticated attack.
Light, Dark and... a Sunburst... dissection of a very sophisticated attack.
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
 
Chasing the Adder. A tale from the APT world...
Chasing the Adder. A tale from the APT world...Chasing the Adder. A tale from the APT world...
Chasing the Adder. A tale from the APT world...
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
 
Penetration and hacking training brief
Penetration and hacking training briefPenetration and hacking training brief
Penetration and hacking training brief
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
 
System and web security
System and web securitySystem and web security
System and web security
 
NSA and PT
NSA and PTNSA and PT
NSA and PT
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
Module 20 (buffer overflows)
Module 20 (buffer overflows)Module 20 (buffer overflows)
Module 20 (buffer overflows)
 
Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)
 
IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical Hacking
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
 

Destacado

Presentacion de tributario, potestad tributaria
Presentacion de tributario, potestad tributariaPresentacion de tributario, potestad tributaria
Presentacion de tributario, potestad tributaria
INESMHA
 
Company Overview (condensed version)
Company Overview (condensed version)Company Overview (condensed version)
Company Overview (condensed version)
Roxanne Pierrus
 
Presentacion de tributario, potestad tributaria
Presentacion de tributario, potestad tributariaPresentacion de tributario, potestad tributaria
Presentacion de tributario, potestad tributaria
INESMHA
 
Exceeding Guest Expectations Training
Exceeding Guest Expectations TrainingExceeding Guest Expectations Training
Exceeding Guest Expectations Training
Kevin Warrene
 

Destacado (11)

Presentacion de tributario, potestad tributaria
Presentacion de tributario, potestad tributariaPresentacion de tributario, potestad tributaria
Presentacion de tributario, potestad tributaria
 
Exposicion
ExposicionExposicion
Exposicion
 
Digital Cinema
Digital CinemaDigital Cinema
Digital Cinema
 
Company Overview (condensed version)
Company Overview (condensed version)Company Overview (condensed version)
Company Overview (condensed version)
 
Acrogensoft :Web Service provider
Acrogensoft :Web Service providerAcrogensoft :Web Service provider
Acrogensoft :Web Service provider
 
Presentacion de tributario, potestad tributaria
Presentacion de tributario, potestad tributariaPresentacion de tributario, potestad tributaria
Presentacion de tributario, potestad tributaria
 
Aaron School is a private K-12 special education school
Aaron School is a private K-12 special education schoolAaron School is a private K-12 special education school
Aaron School is a private K-12 special education school
 
Besaran dan Satuan Dalam Fisika
Besaran dan Satuan Dalam FisikaBesaran dan Satuan Dalam Fisika
Besaran dan Satuan Dalam Fisika
 
Pesawat Sederhana
Pesawat SederhanaPesawat Sederhana
Pesawat Sederhana
 
Exceeding Guest Expectations Training
Exceeding Guest Expectations TrainingExceeding Guest Expectations Training
Exceeding Guest Expectations Training
 
Alimentación balanceada
Alimentación balanceadaAlimentación balanceada
Alimentación balanceada
 

Similar a 01_Metasploit - The Elixir of Network Security

Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
Amit Kumbhar
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martin
drewz lin
 
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
IJERA Editor
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
devilback
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
ShivamSharma909
 

Similar a 01_Metasploit - The Elixir of Network Security (20)

Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martin
 
HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware Analysis
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
 
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
 
Learn Hacking With Gflixacademy
Learn Hacking With GflixacademyLearn Hacking With Gflixacademy
Learn Hacking With Gflixacademy
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)
 
IRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing Suite
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
 
Metasploit
MetasploitMetasploit
Metasploit
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
 

01_Metasploit - The Elixir of Network Security

  • 1. Metasploit – The Elixir of Network Security Harish Chowdhary |Software Quality Engineer, Aricent Technologies| Shubham Mittal |Penetration Testing Engineer, Iviz Security|
  • 2. And Your Situation Would Be…
  • 3. Main Goal Learn why and how to test computer networks against the most common but really serious security attacks using METASPLOITMETASPLOIT
  • 4. What are we going to talk about Penetration Testing Why Bother? Testing Network with - METASPLOITTesting Network with - METASPLOIT Proof of Concept (Demonstration) (Mitigation Strategies) Conclusion
  • 5. Penetration Testing A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker, or Cracker. Wikipedia Environmental Attacks Input Attacks Logic and Data Attacks
  • 6. Why Bother? Active pen-testing teaches you things that security planning will not Are your users and system administrators actually following their own policies? host that claims one thing in security plan but it totally different in reality Raises security awarenessRaises security awareness Helps identify weakness that may be leveraged by insider threat or accidental exposure. Provides Senior Management a realistic view of their security posture Great tool to advocate for more funding to mitigate flaws discovered If I can break into it, so could someone else!
  • 7. How dangerous are Cyber attacks October 12, 2011 Sony has suffered a data breach involving the usernames and passwords of about 93,000 customers. Attackers were able to reuse to logon to people's PlayStation Network , or Sony Online Entertainment , or Sony Entertainment Network accounts. 6 June 2012 over six million passwords were stolen in a hack of the professional networking site linkedin.com. 10 June 2012 Anonymous attacked and brought down the website run by Computer Emergency Response Team India (CERT-In), the country's premier agency dealing with cyber security contingencies
  • 8. How dangerous are Cyber attacks July 12, 2012 A Yahoo security breach exposed 450,000 usernames and passwords from a site on the huge web portal indicates that the company failed to take even basic precautions to protect the data. 2012: Latest SQL Injection Campaign Infects 1 Million Web Pages with the lilupophilupop.comPages with the lilupophilupop.com During the period December 2011 to February 2012, a total number of 112 government websites were hacked,” Minister of State for Communications and IT Sachin Pilot told the Lok Sabha. September 10, 2012 — Network World —Anonymous has claimed responsibility for knocking domain provider GoDaddy offline. Source : http://openspace.org.in
  • 9. Hacked out of Business
  • 10. Severity Of Cyber Attacks
  • 11. Current State : Network Security
  • 12. Severity Of Cyber Attacks
  • 13. Severity Of Cyber Attacks
  • 14. Penetration Testing • Application Security Review • Application Security Assessment Application SecurityApplication Security • Secure Network Architecture & System Integration • Network Security Managed Operations Network & System SecurityNetwork & System Security • Security Management Reviews & Risk Assessment • Security Policy & Process Development & ImplementationSecurity Governance & ComplianceSecurity Governance & Compliance • Security Policy & Process Development & Implementation • ISO27001 Consulting Security Governance & ComplianceSecurity Governance & Compliance • BCM & ITDR Consulting • BCM Compliance Services Business Continuity / Disaster Recovery Business Continuity / Disaster Recovery • Consulting & System Integration • Support & Maintenance Identity & Access ManagementIdentity & Access Management • Professional Services • Remote Security Operation Centre Managed Security ServicesManaged Security Services
  • 19. What is Metasploit According to the Metasploit Team; “The Metasploit Framework is a platform for writing, testing, and using exploit code. The primary users of the Framework are professionals performing penetration testing, shellcode development, and vulnerability research. It is becoming the de facto standard for vulnerability assessment and PenTest. largest ruby project in existence Find vulnerability ->choose exploit -> check if exploit applies -> configure payload -> configure encoding to evade IDS and AV-> execute the exploit Includes an extensive shell code and opcode database with full source code.
  • 20. What is Metasploit To understand the use of Metasploit we have to understand the some basic terminologies. Vulnerability “The word vulnerability, refers to a weakness in a system allowing an attacker to violate the confidentiality, integrity,allowing an attacker to violate the confidentiality, integrity, availability, access control, consistency or audit mechanisms of the system or the data and applications it hosts”. Exploits An exploit is a security attack on a vulnerability Can exploits give access to a secured system? Ans: NO
  • 21. What is Metasploit Exploits have more potential They are commonly used to install system malware or gain system access or recruit client machines into an existing ‘botnet’ This is accomplished with the help of a Payload The payload is a sequence of code that is executedThe payload is a sequence of code that is executed when the vulnerability is triggered Payloads are very useful because they provide an interactive shell that can be used to completely control the system remotely To make things clear, an Exploit is really broken up into two parts, EXPLOIT = Vulnerability + Payload
  • 22. Hot Spots In a network, filtering and complex rules are generally applied on the basis of these basic factors TCP or UDP Source IP addressSource IP address Source Port Number Destination IP address Destination Port Number Now we have and Metasploit at our disposal and now we also have the HOT SPOTS to target the NETWORK. I
  • 23. SAMPLE PENETRATION TEST *Note: Demonstration of the Penetration Test is only for the Research Purposes DON'T BE IRRESPONSIBLE...SERIOUSLYDON'T BE IRRESPONSIBLE...SERIOUSLY USE OF THESE TOOLS ON MACHINES NOT LEGALLY OWNED BY YOU COULD END UP PUTTING A NASTY MARK ON YOUR CRIMINAL RECORD This is not a live demo or real scenario of a Network Pentest. Network is emulated which is really close to the “Real One”
  • 24. The Attack To conduct a Software Exploitation Attack using Metasploit Framework against a Victim machine in order to gain system access To make things interesting, the Victim’s machine will also have AV in order to see how it reacts to thealso have AV in order to see how it reacts to the attack. We use MS08-067 exploit – Critical - CVE-2008-4250 MS08-067 is Vulnerability in Server Service Could Allow Remote Code Execution (958644) On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code
  • 25. Outline of Network TopologyTo emulate the real time network we created network of three virtual machines on WIN 7 Host Machine. VICTIM -WinXP Machine with SP2 and SP3 Flavor Ip.addr = 192.168.242.132Ip.addr = 192.168.242.132 VICTIM -WinXP Machine with SP3 and AV Ip.addr = 192.168.242.133 Attacker –Back|Track 5 r3 with Metasploit Ip.addr = 192.168.242.134
  • 26. Tools: Used in the PenTest Automatic tools are required to detect and exploit the vulnerabilities quickly to save crucial amount of time. You can use the following Tools: Nmap 6.01 Hyperion for Exploit /Payload EncryptionHyperion for Exploit /Payload Encryption Havij can be used to detect SQL injection on the website hosted target using network SQL Inject Me (FireFox AddOn) Acunetix Web Vulnerability Scanner
  • 27. DEMO
  • 28. Evaluate Impact on the Network and Reporting It reveals the information about all the existing vulnerabilities in the network. How deep a hacker can go inside the Network. How much data can be lost or altered. Report them accurately
  • 29. Recommended Countermeasures Discipline Code review QA Test PlansQA Test Plans Test with an intruder’s mindset Periodic Penetration Testing
  • 30. Recommended Countermeasures(Contd.) Best Practices Use principle of least-privilege Use names should be harder to guess Use aliases to provide more layers of separation between the data and the intruderand the intruder Keep up-to-date on patches Escaping all User Supplied Input Use third-party code and applications evaluation services for greater scrutiny