Professional Documents
Culture Documents
Pleto. .David - Puente.castro
Pleto. .David - Puente.castro
Pleto. .David - Puente.castro
Marcus J. Carey
David “bannedit” Rude
Will Vandevanter
1
Outline
2
Metasploit overview
3
Metasploit Framework Architecture
LIBRARIES INTERFACES
Console
TOOLS Rex
CLI
MSF Core
GUI &
Armitage
MODULES
4
Metasploit Framework Architecture
LIBRARIES INTERFACES
Console
TOOLS Rex
CLI
MSF Core
GUI &
Armitage
MODULES
5
What are Metasploit Modules?
6
Which would you pick for a training drill?
7
Introducing: vSploit Modules
8
vSploit: Purpose
9
vSploit: Interesting Traffic
10
vSploit: Network Traffic Device
• IDS
• IPS
• DLP
• Firewalls
• Network Intelligence Devices
11
Security Monitoring
• ESIM
• Netflow collectors
• Other Log correlation devices (ie. Splunk)
• Network-based vulnerability analysis devices
12
IDS/IPS
• Signature-based
• Looks for known suspicious traffic
• SQL injections
• Attack responses
• Alert on suspicious behavior
13
Data Loss Prevention (Network Based)
• Similar to IDS
• Concerned with data leakage
• Personally Identifiable Information (PII)
– Social security numbers
– Payment information
• Protected Health Information (PHI)
– Medical records
• PCI-related data
– Credit card numbers
14
Enterprise Security Information Management (ESIM)
15
vSploit: Interesting Traffic
Network
Traffic
Client Analysis
MSF
Device
foo.ru Logs
foo.cn
foo.kp
ESIM
Intrusion Kill Chains
Intrusion Kill Chains
19
Kill Chain – Course of Action Matrix
20
vSploit Testing Detection Capabilities
21
vSploit Testing Detection Capabilities
Unable to perform tests in red. Source: Hutchins, Cloppert, Amin – Lockheed Martin
22
vSploit Modules Screen Shots
vSploit: Web PII Module - Configuration
vSploit Web PII Module - In Action
vSploit: HTTP File Download Server
vSploit Web Beaconing - Configuration
vSploit: Web Beaconing – In Action
vSploit: DNS Beaconing – Wireshark Analysis
vSploit: Vulnerable Headers
30
vSploit: Vulnerable Headers PCAP
31
Writing Metasploit Modules
Where to Learn Ruby
• http://pine.fm/LearnToProgram/
• The Little Book of Ruby
• Humble Little Book of Ruby
• Metasploit Repository Documentation
http://r-7.co/iNmOBt
33
Auxiliary Module Basics
34
Auxiliary Module: Code can be simple
35
Using IRB in Metasploit
36
Exploit Written in Python
37
Same Exploit in Metasploit
38
Where to put it…
39
Quick demos
vSploit Documentation
Will Vandevanter
will@rapid7.com
@willis__ <- two underscores