Development and operations a practical guide
Download 4.62 Mb. View original pdf
|
| Metasploit The Metasploit Framework [16] is a free, open-source exploitation framework created initially by HD Moore in 2003. This tool has become a core asset to security testers of all types due to its tremendous flexibility and capability. Metasploit includes several collections of exploits, payloads, auxiliary modules, and post-exploitation modules. Metasploit is a great exploitation framework. The exploit, enumeration, and post-exploitation capabilities can provide a team with a great deal of capabilities. While Metasploit is a great resource, caution must betaken when using Metasploit's Meterpreter payload. Meterpreter is not a bad payload choice for Command and Control, but like any tool, it must be understood and adequately tuned before use. This tool has been examined and analyzed in great depths. This has led to a highly capable toolset, but it can be profiled and identified by a competent security team. Pros and Cons of Meterpreter PROS ● Tremendous amount of capability and flexibility ● Large contributor base ● Large selection of post-exploitation modules ● Easy to use ● Stable CONS ● Synchronous communication. ● Well-Known IOCs. (Source code modification is required to minimize these.) Msfconsole can be tuned using resource files. Resource files are simply a set of msfconsole commands saved to a script. If scripts are saved to /.msf4/msfconsole.rc A few recommended base msfconsole settings to consider /.msf4/msfconsole.rc spool /root/.msf4/spool.log setg ConsoleLogging true setg verbose true setg LogLevel 5 setg SessionLogging true setg TimestampOutput true setg PromptTimeFormat %Y%m%d.%H%M%S%z setg PROMPT T SS J:%J setg ExitOnSession false setg DisableCourtesyShell true load sounds #optional These settings will setup console logging, increase the log verbosity, enable session logging, standardize the timestamp, add information to the console prompt, set exitonsession to keep listeners from dying, disable the courtesy shell, and load sounds. Sounds are optional but can be useful indicators when the console is not being monitored in real time. This is a small set of Metasploit msfconsole configuration settings. There are times where Metasploit source code will need to be modified to control the attack flow or manage IOCs. In terms of where the metasploit framework fits in Red Teaming, it is useful in providing a library of exploits, but is generally not appropriate for command and control. Web Shells A web shell is server-side code that acts as a shell remote administration tool, or control panel allowing a user to issue remote commands to be executed by a web server. Whoever controls the web shell has the ability to execute operating system commands on the target web server. The successful exploitation of a web application is needed to deploy a web shell. Web shells can be written in any web language, such as PHP, ASP, ASPX, Perl, Ruby, Python, JSP, Java, etc. Download 4.62 Mb. Share with your friends:
|