Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Metasploit Flash Tutorial

  1. #1
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897

    Metasploit Flash Tutorial

    Download the tutorial from:
    http://www.irongeek.com/i.php?page=videos/metasploit1

    This video covers the use of Metasploit, launched from the Auditor Boot CD, to compromise an unpatched Windows XP box by using the RPC DCOM (MS03-026) vulnerability. It then sends back a VNC session to the attacker. This is just one example of the many things Metasploit can do.

    Metasploit defines its Framework as “an advanced open-source platform for developing, testing, and using exploit code.” Very true, but it’s also a script kitties wet dream. It’s as close as it comes to having a point, click and exploit interface with four easy steps:
    1.Choose a platform/application. 2.Choose an exploit. 3.Choose a shell code. 4.Exploit.
    I’ve seen another video on this topic, but this one uses the web interface which makes testing the exploits a breeze and I narrate the entire video.

    Metasploit is a very cool package, and a great way to convince your boss that you may need a better patching policy.

    http://www.metasploit.com/index.html

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Metasploit s a pretty cool little framework. I've messed with it quite a bit in vmware sessions.

    Another one that I find seems to be updated more frequently is the security forest exploitation framework which is a similar concept to metasploit.

    There is good fun to be had with both the frameworks... though, I recommend playing around in vmware or virtual pc sessions so your real boxes are not vulnerable to these "attacks".

    http://www.securityforest.com/wiki/i...tion_Framework

    Metasploit is a very cool package, and a great way to convince your boss that you may need a better patching policy.
    You may want to get permission from you boss first. Before you find yourself in HR's office discussing violations of other policies which lead to your dismissal.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Hey Hey,

    Very Nice again... I haven't watched it yet.. but I will.

    Just wanted to mention that the right click link points to the nmap2 video... not the metasploit one.

    Peace,
    HT

  4. #4
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Thanks. Someone emailed me (maybe you?) and let me know. The right click link should work now.

  5. #5
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Originally posted here by phishphreek80
    You may want to get permission from you boss first. Before you find yourself in HR's office discussing violations of other policies which lead to your dismissal. [/B]
    I make mention of that in the video.

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Originally posted here by Irongeek
    I make mention of that in the video.
    Ah, I would have known that if I watched the video... Ah well, never hurts to have too many disclaimers! lol
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  7. #7
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252
    Awesome - great work! We have been testing out Metasploit and find it quite intuitive. Your tutorial will help those, who have permission - written permission, to point out that patching and security is an on-going endeavour.

    We showed that to a manager who did not believe in patching systems as it would take away from production - he actually told us - almost yelling to prove him wrong. We used metasploit and showed him how patching, while one step in the maintenance and security of a server, would help prevent attacks and compromise.

    Again great work - I am making sure I include your site to our other auditors for your great tuts! Thanks much for doing that!

    genXer.
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  8. #8
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    AntiOnline ---- Irongeeks personal advertising site!

    Nice Tutorial again Irongeek! Keep 'em coming!

  9. #9
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    What can I say, I’m big into self promotion.

    Seriously, I would like to host copies of the videos here, but most of them are bigger than the upload size limit.

  10. #10
    Blast From the Past
    Join Date
    Jan 2003
    Posts
    729
    followed the instructions exactly... it opened the shell on the other comp... not mine... *testing on my computers dont worry*... i was probably doing something wrong though :-P il go over it again
    work it harder, make it better, do it faster, makes us stronger

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •