-
October 13th, 2005, 01:55 AM
#1
Metasploit Flash Tutorial
Download the tutorial from:
http://www.irongeek.com/i.php?page=videos/metasploit1
This video covers the use of Metasploit, launched from the Auditor Boot CD, to compromise an unpatched Windows XP box by using the RPC DCOM (MS03-026) vulnerability. It then sends back a VNC session to the attacker. This is just one example of the many things Metasploit can do.
Metasploit defines its Framework as “an advanced open-source platform for developing, testing, and using exploit code.” Very true, but it’s also a script kitties wet dream. It’s as close as it comes to having a point, click and exploit interface with four easy steps:
1.Choose a platform/application. 2.Choose an exploit. 3.Choose a shell code. 4.Exploit.
I’ve seen another video on this topic, but this one uses the web interface which makes testing the exploits a breeze and I narrate the entire video.
Metasploit is a very cool package, and a great way to convince your boss that you may need a better patching policy.
http://www.metasploit.com/index.html
-
October 13th, 2005, 04:31 AM
#2
Metasploit s a pretty cool little framework. I've messed with it quite a bit in vmware sessions.
Another one that I find seems to be updated more frequently is the security forest exploitation framework which is a similar concept to metasploit.
There is good fun to be had with both the frameworks... though, I recommend playing around in vmware or virtual pc sessions so your real boxes are not vulnerable to these "attacks".
http://www.securityforest.com/wiki/i...tion_Framework
Metasploit is a very cool package, and a great way to convince your boss that you may need a better patching policy.
You may want to get permission from you boss first. Before you find yourself in HR's office discussing violations of other policies which lead to your dismissal.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
October 13th, 2005, 04:40 AM
#3
Hey Hey,
Very Nice again... I haven't watched it yet.. but I will.
Just wanted to mention that the right click link points to the nmap2 video... not the metasploit one.
Peace,
HT
-
October 13th, 2005, 06:00 AM
#4
Thanks. Someone emailed me (maybe you?) and let me know. The right click link should work now.
-
October 13th, 2005, 06:01 AM
#5
Originally posted here by phishphreek80
You may want to get permission from you boss first. Before you find yourself in HR's office discussing violations of other policies which lead to your dismissal. [/B]
I make mention of that in the video.
-
October 13th, 2005, 04:01 PM
#6
Originally posted here by Irongeek
I make mention of that in the video.
Ah, I would have known that if I watched the video... Ah well, never hurts to have too many disclaimers! lol
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
October 13th, 2005, 05:19 PM
#7
Awesome - great work! We have been testing out Metasploit and find it quite intuitive. Your tutorial will help those, who have permission - written permission, to point out that patching and security is an on-going endeavour.
We showed that to a manager who did not believe in patching systems as it would take away from production - he actually told us - almost yelling to prove him wrong. We used metasploit and showed him how patching, while one step in the maintenance and security of a server, would help prevent attacks and compromise.
Again great work - I am making sure I include your site to our other auditors for your great tuts! Thanks much for doing that!
genXer.
\"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.
-
October 13th, 2005, 07:40 PM
#8
AntiOnline ---- Irongeeks personal advertising site!
Nice Tutorial again Irongeek! Keep 'em coming!
-
October 13th, 2005, 08:22 PM
#9
What can I say, I’m big into self promotion.
Seriously, I would like to host copies of the videos here, but most of them are bigger than the upload size limit.
-
October 14th, 2005, 02:46 AM
#10
followed the instructions exactly... it opened the shell on the other comp... not mine... *testing on my computers dont worry*... i was probably doing something wrong though :-P il go over it again
work it harder, make it better, do it faster, makes us stronger
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|