Introduction into Metasploit

Last Saturday Evening I joined a small Fondue Party of friends. Most of us know each other from the scratchbook Blog and traditionally we do that event once a year. I really like Fondue and everyone who wants has the possibility to give a speech after the Fondue. The topics are usually technically, because most of us working somewhere in the IT Business 😉

The topics this year were about:

  • Privacy (Big concerns like google gathering lots of personal informations about us)
  • UPNP (Insecure feauture that is implemented in many devices)
  • TOR Network (Experiences about setting up a own TOR Node)
  • Metasploit (A quick introduction into the Framework)

My part was a little speech about Metasploit and in this post I want to show you the practical examples that I’ve showed.

Metasploit

Demo 1 – Own a Windows XP SP0

For demonstration purposes I did setup the oldest version of WinXP to get a 100% guaranty that we can Exploit that system. The vulnerability that has to be Exploited is the MS08-067. The payload that I use in this case is the meterpreter Shell.

Auswahl_040Step 1 – Starting metasploit console and search for the ms08_067 ExploitAuswahl_041Step 2 – Load the Exploit

Auswahl_042Step 3 – Set Rhost (Target)

Auswahl_043Step 4 – Set Lhost (Attacker IP for Reverse Shell)

Auswahl_044Step 5 – Set Payload (meterpreter Shell)

yuno

Case sensitive!

Auswahl_045

Auswahl_046

Step 6 – Show targets

Auswahl_047Step 7 – Optional Set target ID (Default 0)

Auswahl_048

 Step 8 – Show summary

Auswahl_049Step 9 – Exploit target and take control

Auswahl_050Step 10 – Use meterpreter Shell and have Fun

Auswahl_051Auswahl_053Auswahl_052

Demo 2 – Exploit Vulnserver

Vulnserver is a TCP based server program that is designed to be exploited. With help of a Tutorial that I’ve discovered in the IX Magazine I could write a python based Exploit to inject payload code into the running Vulnserver process. Writing Exploits is a very hard topic. In this demonstration I just want to show you the encrypted payloadcode that was generated by metasploit  and the output of the Revereshell after exploiting the target.

Auswahl_054When I start the Vulnserver on the target WinXP machine, the server is waiting for client connection on port 9999. We can check that quickly if we do a connection with netcat on port 9999 to the target.

Auswahl_055The attacker did already a deep analysis with the help of a debugger where he can inject code to the vulnerable Server. With the help of Metasploit the attacker was able to  create the encrypted payload Code for the final Exploit.

Auswahl_056He put the encrypted payload code into the final Exploit and run the exploit against the target system.

Auswahl_057Demo 3 – Exploit vsFtpd Service and got root

Auswahl_058Metasploitable is a virutal machine that is designed to be exploited. Metasploitable is full of Security holes, but in this example I just want to show you how to exploit the VsFtpd Service on that system to own the root account.

Step 1 – Simple nmap scan against target

Auswahl_059Step 2 – Find out the version of the FTP Service

Auswahl_060Step 3 – Search for a valid Exploit

Auswahl_061Step 4 – Use Exploit and set lhost and rhost

Auswahl_062Step 5 – Set payload

Auswahl_063Step 6 – Exploit target and got root

Auswahl_064

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.