Scribd
Upload
45 views20 pages

Et As PL Oi T: EN TA TI

Penetration testing is the act of successfully breaching security on a remote computer system to gain control or access. Common authentication attacks include password guessing using default or common passwords, as well as password brute force attacks. Software exploitation uses vulnerabilities and payloads to violate security and potentially install malicious software. The Metasploit framework is a platform for writing, testing, and using exploit code and helps with tasks like vulnerability research, verification, and security assessments. It contains exploits and payloads that can be used to execute commands remotely on vulnerable systems.

Uploaded by

arhul
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
45 views20 pages

Et As PL Oi T: EN TA TI

Penetration testing is the act of successfully breaching security on a remote computer system to gain control or access. Common authentication attacks include password guessing using default or common passwords, as well as password brute force attacks. Software exploitation uses vulnerabilities and payloads to violate security and potentially install malicious software. The Metasploit framework is a platform for writing, testing, and using exploit code and helps with tasks like vulnerability research, verification, and security assessments. It contains exploits and payloads that can be used to execute commands remotely on vulnerable systems.

Uploaded by

arhul
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 20

TI a han

t
TA M hara

E N B
S l if a d
E sp s
A hm
PR an A
N
e t
O
O

ul
M it

l
Ra

ya
o

n
Ka
Contents

Basics

it
ew o
Pentest

pl
or
Exploits

am s
Fr eta
Payloads
Framewor M

k
k
MSFVeno
m
MSFCons
oleMSFEn
code
Penetrat
ion
The act of successfully
Testing
breaching security on a

remote computer system in

order to gain some form of

control access.
ti Tr
ick  Authentication Attacks

t
yB  Password guessing using common
us strings or using default passwords

e in
es
 Ex: Wireless Routers have
default passwords  Majority

G g e
s don’t change this!!!
 Ex: Windows Administrator
Account are often blank

n cc
 Password Brute Force Attack
 These method has become
extremely fast with the of
Rainbow Tables!

A s
 Social Engineering Attacks
 To influence someone into divulging
confidential information using

s
techniques.
 Ex: Phishing Attacks
 SQL Injection Attacks
 To inject unexpected malformed
SQL into a query in order to
manipulate the database in
unintended ways.
 Ex: Inject an administrator
account for yourself
Software Exploitation

Attacks can be used to

gain access to

Software Most
unauthorized systems,
Dangero
Exploitatio us
leverage user account

privileges, crash

n systems or provide

installation of malicious

software (such as

Exploit = Vulnerability + Payload


Spyware, Virus’s,

Trojans, Adware, etc.)


t
b ili
ra

The word vulnerability, in


e
ln
y

computer security, refers to a


Vu

weakness in a system allowing

an attacker to violate the

confidentiality, integrity,

availability, access control, audit

mechanisms of the system or

the data and applications it hosts


 The payload is a sequence

of code that is executed

when the vulnerability is

triggered

Payloads  Different payload types exist

and they accomplish

different tasks :

 exec :- Execute a command

or program on the remote

system

 download_exec :-

Download a file from a URL

and execute

 upload_exec :- Upload a
Metasploit
Framework
“The Metasploit Framework is a platform for writing,

testing, and using exploit code. The primary users of

the Framework are professionals performing

penetration testing, shellcode development, and

vulnerability research.”
Metaspl  A collaboration between the

open source community and

oit Rapid7, Metasploit software

helps security and IT

professionals identify

security issues, verify

vulnerability mitigations, and

manage expert-driven

security assessments.

 Smart exploitation, password

auditing ,web application

scanning, and social

engineering

 In Short, Metasploit is a

hacking framework written in

ruby. It is designed to help

make writing and executing


o d Encoders are used to convert one shellcode to

nc another, and to remove unsanitary characters. They


can also convert from one encoding to another.

E rs Ex. English to regional language

Some of the Encoders available in MSF


Best Payload is Meterpreter:

oa  Meterpreter is an advanced, dynamically

y l extensible payload that uses in-memory


DLL injection stagers and is extended over

Pa s
the network at runtime. It communicates
over the stager socket and provides a
comprehensive client-side Ruby API. It
d features command history, tab completion,
channels, and more.

Some of the Payloads available in MSF


i t
lo
x p Metasploit contains quality assured Exploits, and the
database is updated regularly for educational and
testing purposes.
E We will be using gitstack remote code
execution exploit
s exploit/windows/http/gitstack_rce

Some of the Exploits available in MSF


Live Demo
r
fo
e
i m e n
T om io
s ct
a
Architectur
e

192.168.43.21 192.168.43.10

Victim Attacker
In case the
demo fails

Win 10 with Vulnerable Application: GitStack


In case the
demo fails

Attacker PC: Parrot OS with MSF


In case the
demo fails

Exploiting GitStack with MSF


In case the
demo fails

Secret Data Unveiled


Conclusio  Metasploit is a great tool.

 Can give in depth

n knowledge to budding

researchers

 But could prove dangerous if

used unethically

 Rapid7.com/metasploit
THANK YOU
FOR YOUR
ATTENTION

You might also like