IPS testing with metasploit

josephium · ‎09-13-2007

Hi,

can anyone give a sample or a detailed example on how to test IPS with metasploit, no exploit is really working or triggering anything.

thanks

mhellman · ‎09-13-2007

I would focus on creating an environment where metasploit actually works (i.e. you can exploit an unpatched box). Then you can focus on IDS.

josephium · ‎09-16-2007

yes, but can anyone give a sample or a detailed example on how IPS stops a working exploit with metasploit or any other software

jdenis · ‎09-18-2007

easiest is to reverse engineer the signature details and craft packets based on the Sig RegEx for example.

For example, if a SIG is inspecting packets for "DNS" in traffic over 53/tcp, crafting a packet with this info will trigger the IPS...

mhellman · ‎09-18-2007

I have used metasploit to trigger alarms in promiscuous mode, but not inline. It's pretty much the same though. Get metasploit working. go through the list of available metasploit exploits and choose one that is:

1) exploitable on the test machine

2) detected by Cisco IPS

Test the exploit without IPS. One you have verified that it is working(during my test, I was creating a local user on a Windows box), test the exploit with IPS.

Miroslav Berkov · ‎10-28-2014

Hi buddy,

what type of Cisco Systems Cisco Intrusion Prevention System (IPS) do you want to exploit?

Miroslav Berkov · ‎05-29-2015

So, about what IDS you are talking about? Cisco MARS or just Ettercap NG filters?