Beruflich Dokumente
Kultur Dokumente
TA
E N
S l
E sp
PR an
N
e t
O
O
ul
M it
h
Ra
o
Contents
Basics
it
ew o
Pentest
pl
or
Exploits
am s
Fr eta
Payloads
Framewor M
k
k
MSFVeno
m
MSFCons
oleMSFEn
code
Penetrat
ion
The act of successfully
Testing
breaching security on a
control access.
ti Tr
ick Authentication Attacks
t
yB Password guessing using common
us strings or using default passwords
e in
es
Ex: Wireless Routers have
default passwords Majority
G g e
s don’t change this!!!
Ex: Windows Administrator
Account are often blank
n cc
Password Brute Force Attack
These method has become
extremely fast with the of
Rainbow Tables!
A s
Social Engineering Attacks
To influence someone into divulging
confidential information using
s
techniques.
Ex: Phishing Attacks
SQL Injection Attacks
To inject unexpected malformed
SQL into a query in order to
manipulate the database in
unintended ways.
Ex: Inject an administrator
account for yourself
Software Exploitation
gain access to
Software Most
unauthorized systems,
Dangero
Exploitatio us
leverage user account
privileges, crash
n systems or provide
installation of malicious
software (such as
confidentiality, integrity,
triggered
different tasks :
system
download_exec :-
and execute
upload_exec :- Upload a
Metasploit
Framework
“The Metasploit Framework is a platform for writing,
vulnerability research.”
Metaspl A collaboration between the
professionals identify
manage expert-driven
security assessments.
engineering
In Short, Metasploit is a
Pa s
the network at runtime. It communicates
over the stager socket and provides a
comprehensive client-side Ruby API. It
d features command history, tab completion,
channels, and more.
192.168.43.21 192.168.43.10
Victim Attacker
In case the
demo fails
n knowledge to budding
researchers
used unethically
Rapid7.com/metasploit
THANK YOU
FOR YOUR
ATTENTION