SecurityTube Metasploit Framework Expert (SMFE) Course Material

[Matt]

Description : This is the course material for the SMFE Certification

Author : SecurityTube_Bot

Source : Security Metasploit Framework Expert

Securitytube Metasploit Framework Expert Part 1 : Exploits Basics

In this video, we will look at the basics of vulnerability, how to use a raw one using the exploit source code and identify the problems with this approach. This will then lead to the need for a tool like Metasploit.

Securitytube Metasploit Framework Expert Part 2 : Why Metasploit ?

In Part 2, we will look at how to use Metasploit to exploit vulnerabilities in the Dcom and Netapi services. We will also learn how to de-couple exploits and payloads, and mix and match them.

Securitytube Metasploit Framework Expert Part 3 : Meterpreter Basics

In this video, we will look at the basics of Meterpreter - how it uses reflective DLL injection to stay in-memory, communicates over encrypted channels, uses TLV for communication which allows for multi-channel communication and a bunch of other things.

Securitytube Metasploit Framework Expert : Armitage

This video, part of the SecurityTube Metasploit Framework Expert series, introduces Armitage. You'll learn the basic use of Armitage and see a demonstration. This video also covers some of the advanced features: dynamic workspaces, team collaboration, and reporting.

Securitytube Metasploit Framework Expert Part 4 : Framework Organization

In this video, we will look at the organization of the Metasploit framework, the different directories, what they contain and finally a deeper look into the different kind of payloads - Singles, Stagers and Stages.

Securitytube Metasploit Framework Expert Part 5 : Post-Exploitation Kung-Fu

In this video, we will look at how to use Meterpreter in the post exploitation phase to dig deeper into the victim computer - configurations, users, idletime, are we in a virtual environment?, enumerating windows configurations etc.

Securitytube Metasploit Framework Expert Part 6 : Post Exploitation Privilege Escalation

In this video, we will look at privilege escalation in the post exploitation phase using Metasploit. It's a short sweet video on using the system meterpreter script along with other things.

Securitytube Metasploit Framework Expert Part 7 : KILLING AV AND DISABLING FIREWALL

In this video, we will look at how to disable the windows firewall and kill the AV after breaking in. The interesting thing to note is that the default script to kill AV in meterpreter which is "Killav" fails with almost all of the latest AVs because it uses a simple exe image name search and tries to kill the processes. However, as most of the AV manufacturers run a watchdog service which is typically unstoppable, this service restarts the AV processes again.

We will learn how to find the services which are running on the system, locate the AV services, change their configurations from the command line and then see how to kill them. Most of this video, has little to do with Metasploit and more to do with how to "do a custom kill" After, one cannot be as good as the tools he uses Tools are an aid, not a crutch.

Securitytube Metasploit Framework Expert Part 8 : Stdapi And Priv Extensions

In this video, we will understand more about Windows sessions, desktops - both interactive and non-interactive, and the essential role they play in getting things done during post exploitation. What we will see is that unless we are associated with the WinSta0 desktops - Default for current user sessions, Winlogon for Login screen and Disconnect for password protected screensavers, we will not be able to successfully do things like log keystrokes or play with UI interaction.

This is a must watch and may answer a lot of questions you may have esp. if you've had things like the key logger script fail on you in post exploitation!

Securitytube Metasploit Framework Expert Part 9 : Token Stealing And Incognito

In this video, we will look at what Windows tokens are and how a hacker can steal tokens to impersonate the identity of another user on either the local machine or network wide. We will explore the incognito extension to understand how to steal and use tokens on a compromised box in the post exploitation phase. This is a very important concept, so please pay attention

Securitytube Metasploit Framework Expert Part 10 : Espia And Sniffer Extensions In Post Exploitation

In this video, we will look at the Espia and Sniffer extensions and how to use them to grab remote screenshots and to run a sniffer on one or multiple interfaces on the victim computer. The Sniffer extension allows for the export of the captured packets in a pcap file, which can be transported back to the attacker's machine. This extension can come in really handy to understand the local network in the victim's environment, not to mention the possibility of being able to sniff any credentials which may be sent out or received by the victim in plain text.

Securitytube Metasploit Framework Expert Part 11 : Post Exploitation Backdoors

In this video, we will look at how to backdoor exploited systems using Metasploit. After all, you have taken all the pains to break in might as well retain access for a cool demo to the client later on We will look at the two popular ways to backdoor with Metasploit - Persistence and Metsvc. We will also look at where to find 3rd part backdoors and rootkits.

Securitytube Metasploit Framework Expert Part 12 : Pivoting After Post Exploitation

In this video, we will learn an interesting technique on how to break deeper into a network, using the first machine we compromise in the network. The idea is to "pivot" around the first host and then break further in. The idea is that Metasploit will do all the hard work for you and proxy all the connections via the meterpreter session on the first compromised host to the rest of the internal network of the victim machine. Pivoting is probably one of the most important concepts in penetration testing and most of the "real world hacking" relies on this.

Securitytube Metasploit Framework Expert Part 13 : Port Forwarding As Part Of Post Exploitation

In this video, we will look at how to use a compromised host to port forward the attacker traffic to internal hosts in the victim's network. This trick comes in extremely handy when the attacker needs to access internal applications and services on the victim's network which are not accessible via the public IP addresses. We will see how in this case, the attacker is able to access an internal web based file sharing service used by the employees of a company.

Securitytube Metasploit Framework Expert Part 14 : Client Side Exploits

In this video, we will look at how to use a compromised host to port forward the attacker traffic to internal hosts in the victim's network. This trick comes in extremely handy when the attacker needs to access internal applications and services on the victim's network which are not accessible via the public IP addresses. We will see how in this case, the attacker is able to access an internal web based file sharing service used by the employees of a company.

Securitytube Metasploit Framework Expert Part 15 : Backdoors And Rootkits In Post Exploitation

In this video, we will look at how to backdoor executables with Metasploit. The idea is to use Msfpayload and Msfencode (or Msfvenom which is a combination of both the tools) to take an existing executable and add a payload which Metasploit supports. In the most typical case, we will take a common executable like notepad.exe and then integrate our payload with it. We have 2 choices - use the executable template but only make the payload run or make both the original executable and the payload run. We will discuss both of these cases in this video.

We will also take a quick glance at AV Evasion using a polymorphic encoder which ships with Metasploit along with how to use upx.exe to pack it. Please note that AV evasion is a topic in itself and in this course, we will restrict ourself to what we can accomplish with Metasploit.

Securitytube Metasploit Framework Expert Part 16 : Exploit Research With Metasploit

In this video, we will go through the basics of Exploit Research and take up an example from the Exploit Research Megaprimer ( ) to illustrate how to use msfvenom, pattern_create and pattern_offset to analyze vulnerabilities and create working exploit code for them. This is a must watch if you plan to use Metasploit for Exploit Research.

Securitytube Metasploit Framework Expert Part 17 : Railgun Basics

In this video, we will look at an interesting extension called Railgun which allows the attacker to run arbitrary code from DLLs on the victim system. We will have multiple videos on Railgun - in this video we will look at some of the basic functionality of railgun and see how we can use this. Pay close attention to this, as this is a powerful weapon in your hacking arsenal

Securitytube Metasploit Framework Expert Part 18 : Railgun Adding Functions

In this video, we will look at how to dynamically add functions to DLLs either at runtime or define them statically in the definition files in Metasploit. This is really important for anyone who wants to extend the functionality of Railgun and use it for advanced pentesting.

Securitytube Metasploit Framework Expert Part 19 : Railgun Adding New Dlls

This is the final video on Railgun in which we learn how to add new custom DLL support either on the fly or create a new DLL definition file for it. This technique allows us to leverage existing DLLs on the remote system and also upload and run code from out custom DLLs. This gives us a lot of power!

Securitytube Metasploit Framework Expert Part 19a : Railgun Adding New Dlls On Windows 7

In Part 19, we had demonstrated how to add a new DLL "mpr.dll" at either runtime or in advance to Railgun. In this video, we will quickly do the exact same demo on the Windows 7 Professional platform. This is just to demonstrate that even though a majority of the demonstrations were on Windows XP, the principles remain the same.

Securitytube Metasploit Framework Expert Part 20 : Resource Scripts

In this video, we will learn on how to automate tasks in Metasploit using resource scripts - either at startup time or runtime. Resource scripts can really take the pain away of manually having to type in the same set of commands everytime

Securitytube Metasploit Framework Expert Part 21 : Database Support

In this video, we will look at how to tap into the database support offered by Metasploit to store persistent results of the penetration tests we conduct. We will look at the concepts of workspaces, hosts, services, vuln tables etc. in course of this video.

Securitytube Metasploit Framework Expert Part 22 : Using Plugins

In this video, we will look at how to use plugins in Metasploit to leverage 3rd party tools.

Securitytube Metasploit Framework Expert Part 23 : Meterpreter Api Basics

In this video, we will explore how to unearth the Meterpreter API from the framework code base and start using it. We will see how to run the calls from the irb mode while in a post exploitation meterpreter session. This video will lay the foundation for creating meterpreter scripts.

Securitytube Metasploit Framework Expert Part 24 : Meterpreter Scripting Migrate Clone

In this video, we will look at how to create a Meterpreter script to migrate from one process to the other, using our new found knowledge of the Meterpreter API.

Securitytube Metasploit Framework Expert Part 25 : Meterpreter Scripting Process Name Search

In this video, we will explore how to find the right APIs to dig deep into processes running on the victim system and search for a particular process by name.