Exploitation with Metasploit Pro

A free video tutorial from Packt Publishing
Tech Knowledge in Motion
Rating: 3.9 out of 5Instructor rating
1,262 courses
401,067 students
Exploitation with Metasploit Pro

Lecture description

Automated exploitation platform / use Metasploit Pro to perform discovery, vulnerability mapping, and exploitation

Learn more from the full course

Kali Linux - Backtrack Evolved

Assuring Security by Penetration Testing

02:43:30 of on-demand video • Updated September 2014

Many advanced techniques are addressed within this series, but it is still designed to simultaneously accommodate less experienced viewers. The series provides detailed explanations intended to clearly address the underlying processes involved with all tasks performed.
English [Auto]
Mesler pro offers a very simple point and click approach to the entire penetration testing process to get started will click new project and then will enter a project name and then an IP range for our target network and then click Create project then the first thing that we want to do is perform a discovery on our network. So under discovery click scan verifying the target IP addresses and then several different advanced options that we can configure in our case. We'll just go with the default options and then click launch scan. And what this will do is in the background it'll perform several different techniques to attempt to identify all live systems on the network and also identify services and operating systems running on those hooks. Once that's finished we'll click our project name at the top to return to our dashboard and see a graphical display. Some of the information that was discovered during that scan. The next thing that we want to do is attempt to identify vulnerabilities our target networks rapid seven actually has next moves their vulnerabilities they're fully integrated into us so we can access it just by clicking this button. However because we are performs these scenes with Nessus we use the import function so switch over to our Nessus GANAR and then look at our results. And then click export results then choose our export format of Nessus then click export and save file then return to split pro and click the import button under discovery. Then click Browse and choose your Nessus export file. Then click Import data once completed return once again to your dashboard and now are ready to begin exploitation. So under the penetration box you have options for either brute force and different services on the network or you can choose exploit will click the exploit button. And here we can perform exploitation against multiple targets at one time. However the simplicity of this demonstration or restrict it to just one target we can also define the minimal reliability rating. Now reliability rating is basically going to specify to what extent the exploit is safe to run on a production system and indicate whether it's likely to fail it or crash the target system or applications running on it. Once we've set that we can click exploit to start and pro who will then attempt to run any exploits that it has for the target system. Here we see that exploitation of our target was successful and we now have two sessions opened. We can access those sessions by clicking sessions at the top of the screen. And here we now have both the interpreter and the standard shell on our target system. If we click that session we can see several different available actions for us. We'll start by collecting system data to collect our system data will select our active sessions and then click the button at the bottom and this will begin to gather all kinds of information from the target system to include password files sensitive files and cryptography keys and all kinds of other information. If we clicked back on our session we can see that that information has now been popular in the store data and files. We can also click access file system and we can navigate through the entire file system of the target. We can also click on any directory to browse through those directories and subdirectories. We return to our session once again. We can also launch a command shell against the target system. We can then interact with the target system we'll use change directory and changes to the root directory and then LS to verify that we do have interaction with the target system. So as you can see many split Pro is a very powerful automated tool that can be used to streamline your entire penetration testing process.