[Plug-security] Step X Step Solutions for December's hackfest (Armitage/MetaSploit/Meterpreter)
Lisa Kachold
lisakachold at obnosis.com
Sat Dec 8 19:17:44 MST 2012
We have concentrated on network and client side attacks over the last
couple of months, using tools like metasploit/armitage (with all of the
plugins) including nmap and meterpreter). However we mutter and wander
when get to the actual exploitation with Metasploit/Armitage. We therefore
provide some good examples below:
Armitage Manual: Pay Special Atention to Section 5 Exploitation and
Meterpreter General Payload. Section 7.6 shows how to do passwd brute
forcing (for ssh/ftp for instance):
http://www.fastandeasyhacking.com/manual#4
Armitage tutorial for beginners (if you watch nothing else, this will help
you learn):
http://www.youtube.com/watch?v=hbtkKEiYGrw
The following is an example of a full attack using Armitage/Metasploit (all
of this was possible with the ftp attack on XP today):
Munge 2011 on Hak5: http://www.youtube.com/watch?v=Z0x_O75tRAU
skip forward to 8:30
skip forward to 11:50 for actual session interaction
25:00 pass the hash attack (get adjacent domain servers)
Here's another screen X screen use of Armitage:
http://www.youtube.com/watch?v=AG_MeOsnQwM
Remember Hosts Graphic turns red when successful!
Use the meterpreter menu to get a session in Windows
Munge 2012 using new options in Armitage and Metasploit 4:
http://www.youtube.com/watch?v=kC3wpe3t_qg
Setting up and using Armitage/Metasploit on Windows:
http://www.youtube.com/watch?v=EmDQnavYFgI
*A reverse shell WAS available on 2 of our systems, if we set a payload for
it:*
Stealing Windows Passwords with Metasploit (Smartlocker) [winlogin.exe]
hook (sly - all in memory) requires administrator to invoke (auto bgrun in
background):
http://www.youtube.com/watch?v=vC6wmmgp20M
skip forward to 10:50 / 12:30
(railgun grab to windows api)
Questions? Discussion?
See you on the 2nd Saturday of the Month at DeVry University 11-2PM.
--
(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-security/attachments/20121208/ac987203/attachment.html>
More information about the Plug-security
mailing list