I wanted to post a quick blog about the advanced Metasploit training I attended over at Unallocated (local hacker spacec in MD) provided by @georgiaweidman. All in all it was a good night I had a chance to review some of the stuff I already knew along with learning a lot more.
Let’s start by going over the course material (well worth it if you work with Metasploit in any fashion): The night of training included:
- Basic Metasploit review of MS08_67 – the go to demo for Metasploit basics. This was presented as a review – you should have an understanding of how to do the basics after all this is an advanced class.
- From there Gergia taught how to migrate to a different process and used that in conjuction with KeyScan module to gather user credentials.
- Next on the plate was grabbing hashs and using them to further exploit the system – think “pass thew hash”. We also used icognito to get tokens and use those to get passwd hashes.
- We then used Msfpayload to craft payloads and distribute them to our victim system to run.
- For msfpayload to be effective it has to talk back to merterpeter – so we got experience with multi/handler
- Next on the plate was using client side exploits – attacking the browser rather than the OS. Once again we had to use the mulit/handler but this time she also showed us the autorunscript.
- While on the topic of client side exploits we took a dive into SET and various ways to levearage that tool to perform Social Engineering attacks – mainly attacking the victims browser.
- From there and after a short break we started getting into msencode functions and how to use that with msfpayload to attempt to get past AV.
- We then started anlayzing an attack and how to go from discovery to payload. Starting with Fuzzing the protocol, using pattern_create to get uniqueness, finding out where to jump to in memory then writing a payload and modifing our fuzzer to attack the system. This section was new to me and I found it very informative (as was most the class) and presented in a clear manner where it was easy to understand – not an easy task when talking bits and bytes but Georgia did a good job.
Now a quick note about unallocated – the crew is always welcoming and the recent changes to the new space made it feel more comfortable (although I think that was partiually due to limiting the amount of folks that could come to the training). I would recommend that if you haven’t stopped by you do so and introduce yourself to the crew (or anyone else that is there for that matte) and teach, learn, and party (their motto).
Keep an eye out there and here (I will post future training they do) for future classes they offer.