cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

2408
Views
9
Helpful
6
Replies
Highlighted
Beginner

IPS testing with metasploit

Hi,

can anyone give a sample or a detailed example on how to test IPS with metasploit, no exploit is really working or triggering anything.

thanks

6 REPLIES 6
Highlighted
Rising star

I would focus on creating an environment where metasploit actually works (i.e. you can exploit an unpatched box). Then you can focus on IDS.

Highlighted

yes, but can anyone give a sample or a detailed example on how IPS stops a working exploit with metasploit or any other software

Highlighted

easiest is to reverse engineer the signature details and craft packets based on the Sig RegEx for example.

For example, if a SIG is inspecting packets for "DNS" in traffic over 53/tcp, crafting a packet with this info will trigger the IPS...

Highlighted

I have used metasploit to trigger alarms in promiscuous mode, but not inline. It's pretty much the same though. Get metasploit working. go through the list of available metasploit exploits and choose one that is:

1) exploitable on the test machine

2) detected by Cisco IPS

Test the exploit without IPS. One you have verified that it is working(during my test, I was creating a local user on a Windows box), test the exploit with IPS.

Highlighted

 

Hi buddy,

 

what type of Cisco Systems Cisco Intrusion Prevention System (IPS) do you want to exploit?

 

Highlighted

So, about what IDS you are talking about? Cisco MARS or just Ettercap NG filters?   

Content for Community-Ad