Metasploit Environment

burnwholeInternet και Εφαρμογές Web

5 Φεβ 2013 (πριν από 4 χρόνια και 5 μήνες)

119 εμφανίσεις

Final Project

Arpan Ghosh & Anand Joshi

Group 17




Professional approach to penetration testing


Automation


Reconnaissance, exploitation and evasion under one
roof.



All in one Solution


Multi
-
platform


Diverse range of target applications



Open Source


Custom payloads




Motivation


Open source development platform for creating security
tools and exploits.



Perform penetration tests, regression
tests and verify patch installations.



Consists of tools, libraries, modules, and user interfaces.
These are configured and combined to launch an exploit.



Written in Ruby.



Exploit Automation



Anti
-
Forensics



Opcode Database



Meterpreter Payload



IDS and IPS Evasion



Over 300 built
-
in exploits, 200 payloads and 99 auxiliary
modules.



Recon modules to interface with Nessus and Nmap


Automatically


Identify hosts


Open ports


Identify services accessible


Identify versions and potential vulnerabilities


Match exploits in database to vulnerabilities and
launch


Event notifications and programmable triggers




Defeat forensic analysis of compromised systems


Tools


Timestomp



Modify all 4 NTFS timestamps


Slacker



Hide files in NTFS slack space


Sam Juicer



Dump hashes from SAM without hitting disk.


Transmorgrify



Defeat EnCase’s file
-
signaturing
capabilities



14 Million opcodes in
an online database



Accessible through
web interface or
command line


Post
-
exploitation issues


Payload shows up in list of running processes


Eg. Launching a command prompt on the victim


Chroot environment


Payload and malicious actions are specified before
exploit succeeds. No flexibility beyond that.


Provides interactive API for coding post
-
exploitation
attacks


Injects a shell into memory of running process


Not detected by IDS


Not in running process list



Ability to upload DLLs, manipulate memory, changing
network configuration etc.


The following protocol stacks integrate evasion


HTTP


DCERPC


SMTP


SunRPC


Evasion methods


TCP::max_send_size,


TCP::send_delay


HTTP::compression


Interactive GUI to search for exploits and launch them.


Web Interface


Command Line Shell


Interactive GUI for configuring exploits




By sending an overly long artist tag, a remote attacker
may be able to execute arbitrary code on the system.




Exexute Nmap on target through the framework and
store results in database



Automatically match the open posrts and vulnberable
services to exploits and launch them.



Also imports Nessus output files to do the same.