aindreas/uni
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[CT437]: Assignment 1 finish presentation

Browse Source
This commit is contained in:
Aindréas Ó hAodha
2025-02-24 23:57:47 +00:00
parent 816d7c8f06
commit d5ba15bc80
5 changed files with 116 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
year4/semester2/CT437/assignments/assignment1/presentation/images/distccexploit.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 105 KiB

BIN
year4/semester2/CT437/assignments/assignment1/presentation/images/distccpayloads.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 272 KiB

BIN
year4/semester2/CT437/assignments/assignment1/presentation/images/distccsearch.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 82 KiB

BIN
year4/semester2/CT437/assignments/assignment1/presentation/presentation.pdf
View File

Binary file not shown.

127
year4/semester2/CT437/assignments/assignment1/presentation/presentation.tex
View File

@ -1,18 +1,19 @@
%! TeX program = lualatex %! TeX program = lualatex
\documentclass[]{beamer} \documentclass[]{beamer}
\usetheme{SimpleDarkBlue}
\setbeamercolor{title}{fg=black} % \setbeamercolor{title}{fg=black}
\setbeamercolor{frametitle}{fg=black} % \setbeamercolor{frametitle}{fg=black}
\setbeamercolor{caption}{fg=black} % \setbeamercolor{caption}{fg=black}
\setbeamercolor{caption name}{fg=black} % \setbeamercolor{caption name}{fg=black}
\setbeamertemplate{navigation symbols}{} % \setbeamertemplate{navigation symbols}{}
\setbeamertemplate{itemize item}{\color{black}$\bullet$} % \setbeamertemplate{itemize item}{\color{black}$\bullet$}
% packages % packages
\usepackage{fontspec} \usepackage{fontspec}
\setmainfont{EB Garamond} % \setmainfont{EB Garamond}
\usefonttheme{serif} % \usefonttheme{serif}
\setmonofont[Scale=MatchLowercase]{Deja Vu Sans Mono} \setmonofont[Scale=MatchLowercase]{Deja Vu Sans Mono}
\usepackage{microtype} % Slightly tweak font spacing for aesthetics \usepackage{microtype} % Slightly tweak font spacing for aesthetics
@ -37,9 +38,77 @@
\institute{Student ID: 21321503} \institute{Student ID: 21321503}
\begin{document} \begin{document}
\frame{\titlepage} \frame{\titlepage}
\begin{frame}{Introduction}
\textbf{Metasploit} is an open-source penetration testing framework that is widely used for:
\begin{itemize}
\item Developing and testing exploits;
\item Conducting security assessments;
\item Gaining unauthorized access to systems (for ethical hacking purposes).
\end{itemize}
It was developed by H. D. Moore in 2003 and is now maintained by Rapid7.
\end{frame}
\begin{frame}{How Metasploit Works}
The workflow of Metasploit generally involves the following steps:
\begin{enumerate}
\item Scanning the target for vulnerabilities, using a tool like \texttt{nmap} to see what services the target is running.
\item Selecting an appropriate Metasploit exploit.
\item Selecting \& configuring the payload to be delivered.
\item Executing the exploit to gain access to the target system.
\item Performing post-exploitation activities, such as sabotage or data extraction.
\end{enumerate}
\end{frame}
\begin{frame}{Key Features}
Metasploit provides several key features that make it powerful:
\begin{itemize}
\item A large repository of exploit modules;
\item A wide variety of payloads for different scenarios;
\item Auxiliary modules for scanning and enumeration;
\item Post-exploitation modules for maintaining access.
\end{itemize}
\end{frame}
\begin{frame}{Tools \& Interfaces}
Metasploit includes several tools \& interfaces:
\begin{itemize}
\item \textbf{\texttt{msfconsole}}: the main command-line interface for interacting with Metasploit;
\item \textbf{\texttt{msfvenom}}: used for creating custom payloads;
\item \textbf{Armitage}: a graphical front-end for Metasploit.
\end{itemize}
\end{frame}
\begin{frame}{Modules}
Metasploit is built using modular components, including:
\begin{itemize}
\item \textbf{Exploits:} code that targets specific vulnerabilities;
\item \textbf{Payloads:} scripts delivered to the target after exploitation;
\item \textbf{Auxiliary:} tools for scanning, fuzzing, and enumeration;
\item \textbf{Encoders:} used to obfuscate payloads to bypass security measures;
\item \textbf{Post:} modules for maintaining access and collecting information.
\end{itemize}
\end{frame}
\begin{frame}{Plugins \& Libraries}
Metasploits functionality can be extended by the use of:
\begin{itemize}
\item \textbf{Plugins:} enhance capabilities (e.g., database integration, automation);
\item \textbf{Libraries:} reusable code libraries that facilitate exploit and payload development.
\end{itemize}
\end{frame}
\begin{frame}{Summary}
\begin{itemize}
\item Metasploit is a powerful tool for penetration testing and vulnerability exploitation.
\item It is modular, flexible, and continually updated.
\item The framework is widely used by security professionals for ethical hacking.
\end{itemize}
\end{frame}
\begin{frame}{Finding Exploits} \begin{frame}{Finding Exploits}
The first thing I did to see what kind of vulnerabilities might exist in the Metasploitable2 virtual machine was to run a \mintinline{shell}{nmap} on the virtual machine's IP address to see what ports are in use and what services are on those ports: The first thing I did to see what kind of vulnerabilities might exist in the Metasploitable2 virtual machine was to run a \mintinline{shell}{nmap} on the virtual machine's IP address to see what ports are in use and what services are on those ports:
@ -89,7 +158,7 @@
\begin{figure}[H] \begin{figure}[H]
\centering \centering
\includegraphics[width=\textwidth]{./images/sambapayloads.png} \includegraphics[width=0.8\textwidth]{./images/sambapayloads.png}
\caption{Available payloads} \caption{Available payloads}
\end{figure} \end{figure}
@ -115,7 +184,43 @@ I then set the \texttt{RHOST} and ran the exploit.
\end{frame} \end{frame}
\begin{frame}{Exploit 3: \texttt{distcc}} \begin{frame}{Exploit 3: \texttt{distcc}}
The final exploit that I tested was one that exploited a command injection vulnerability in the program \texttt{distcc}, a program which allows the distributed compilation of C/C++ programs.
\begin{figure}[H]
\centering
\includegraphics[width=\textwidth]{./images/distccsearch.png}
\caption{Output of \texttt{search distcc}}
\end{figure}
\end{frame}
\begin{frame}{Exploit 3: \texttt{distcc}}
There are 14 payloads to choose from with this exploit, both that bind shells and that create reverse shells.
I chose the \texttt{cmd/unix/bind\_perl} payload, as it binds a shell allowing arbitrary execution of commands.
\begin{figure}[H]
\centering
\includegraphics[width=\textwidth]{./images/distccpayloads.png}
\caption{Output of \texttt{show payloads}}
\end{figure}
\end{frame}
\begin{frame}{Exploit 3: \texttt{distcc}}
Once I had selected my payload, I set the \texttt{RHOST} variable and ran the exploit:
\begin{figure}[H]
\centering
\includegraphics[width=\textwidth]{./images/distccexploit.png}
\caption{Running the exploit with the \texttt{bind\_perl} exploit}
\end{figure}
\end{frame}
\begin{frame}{Exploit 3: \texttt{distcc}}
\begin{itemize}
\item As can be seen from the output on the previous slide, this vulnerability establishes a connection to shell running on the target machine from which arbitrary commands can be executed.
\item However, as can also be seen from the previous slide, the output of the \texttt{whoami} command is not \texttt{root}, but rather \texttt{daemon};
this user has fewer privileges than \texttt{root} and therefore is not as serious as the other two exploits.
\item Nonetheless, the vulnerability is still rather serious, and is possible on any version of \texttt{distcc} if input is not sanitised properly.
\end{itemize}
\end{frame} \end{frame}
\end{document} \end{document}