Professional Documents
Culture Documents
FrameWork
Metasploit – Attack Vectors
• Many from which to choose:
– Operating systems
• Windows, Linux, Mac, Unix, Cisco, etc.
– Services
• Web, database, e-mail, FTP, etc.
• Extensible and configurable
Metasploit - Payloads
• Can be used to generate shellcode
– Framework comes with many useful payloads
• Spawn shell
• Run command
• Add privileged user
– Configurable
– Extensible
Metasploit Demo 1
• Example: the vulnerability that the
MSBlaster worm exploited
– http://www.securityfocus.com/bid/8205
• Let’s use Metasploit to:
– Choose the attack vector
– Choose the payload
– Run the exploit
– Interact with the compromised host
Metasploit Demo 2
• Example: a web browser vulnerability
• Let’s use Metasploit to:
– Choose the attack vector
– Choose the payload
– Run the exploit
– Interact with the compromised host
• Elevate privileges
• Setup persistence
• Capture passwords
Summary