Metasploit  Lowering the Hacker Bar to a Five Year Old

Metasploit Lowering the Hacker Bar to a Five Year Old PowerPoint PPT Presentation


  • 216 Views
  • Uploaded on
  • Presentation posted in: General

Download Presentation

Metasploit Lowering the Hacker Bar to a Five Year Old

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


1. ~Metasploit ~ Lowering the Hacker Bar to a Five Year Old Matthew E. Luallen [email protected]

2. www.sph3r3.com

3. www.sph3r3.com Review of Ethics Authorized Use Only <period> I will not use any utilities discussed in this session in an unauthorized or illegal manner <period> Be good people <exclamation point>

4. www.sph3r3.com Literally – a five year old soon. So easy a caveman can do it. So easy a caveboy can do it. So easy a cavegirl can do it. So easy – my daughter turns 3 next week. ? Yikes!

5. www.sph3r3.com Information Asset Protection Protecting Intellectual Property Does this look like a common product selection chart A science just like accounting, finance, mfg A very similar process Cost benefit resources timing Does this look like a common product selection chart A science just like accounting, finance, mfg A very similar process Cost benefit resources timing

6. www.sph3r3.com The Metasploit Project http://www.metasploit.com.org Windows, Unix / Linux Even ported to an IPOD http://www.eweek.com/article2/0,1895,1910371,00.asp

7. www.sph3r3.com

8. www.sph3r3.com Quick Metasploit Overview

9. www.sph3r3.com Start the web engine

10. www.sph3r3.com Allow the perl handler Not necessary for MSF 3.0

11. www.sph3r3.com Identify Exploit

12. www.sph3r3.com Select Target

13. www.sph3r3.com Select Payload to Execute

14. www.sph3r3.com Complete Target Identification and Setting Options

15. www.sph3r3.com ~ owned ~ OR ~ broken ~

16. www.sph3r3.com MSF 3.0 Auxiliary Modules

17. www.sph3r3.com Payload Options adduser bind bind_dllinject bind_meterpreter bind_stg bind_stg_upexec exec passivex passivex_meterpreter passivex_stg passivex_vncinject reverse reverse_dllinject reverse_meterpreter reverse_ord reverse_ord_vncinject reverse_stg reverse_stg_upexec reverse_vncinject

18. www.sph3r3.com Payloads Continued Bind versus Reverse Bind : Metasploit makes both inbound connections Reverse : Metasploit makes forward connection; Victim makes reverse connection Popular AddUser Execute VNC DLL Injection (Attack Cloaking PassiveX (http tunnel) Advanced Meterpreter (Encrypted / Pluggable)

19. www.sph3r3.com Penetration Testing Scenarios Adding rogue user accounts Modifying desktops Redirecting dns connections Remote desktop control Information reconnaissance Execution of nearly anything you want (based upon other defense in depth protective controls)

20. www.sph3r3.com Metasploit in Action Live Demonstration (Closed Network – Authorized) I authorize myself to hurt myself (even this can be unauthorized) As owner of my system and of all logical constructs And in sound mind and body

21. www.sph3r3.com In Session Example XTerm su postgres cd /usr/local/pgsql/bin/initdb metasploit3 –U root /usr/local/pgsql/bin/pg_ctl –D metasploit3 start In MSFConsole cd /pentest/exploits/framework3 svn update (because there's new code being added daily) msfconsole load db_postgres db_connect db_nmap 192.0.3.1 db_services db_autopwn –p –t -e

22. www.sph3r3.com Further Your Metasploit Knowledge Additional Material www.metasploit.com http://metasploit.blogspot.com/ http://www.absoluteinsight.net/1176 http://metasploit.com/bh/defcon.pdf http://cansecwest.com/core05/core05_metasploit.pdf http://blog.metasploit.com/2006/09/metasploit-30-automated-exploitation.html Metasploit Exploit Code www.exploitwatch.org

23. www.sph3r3.com Alternative Options Commercial Core Security Technology Impact http://www1.corest.com/ Immunity CANVAS http://www.immunitysec.com/ Open Source SecurityForest Exploitation Framework http://www.securityforest.com/wiki/index.php/Exploitation_Framework Leverages the Exploit Tree

24. www.sph3r3.com Security Assumptions to Live By Your conversations will be eavesdropped upon Physical assets (potentially containing logical information) will be lost or stolen Your challenge: Build security controls based upon these two assumptions

25. www.sph3r3.com Summary, Q/A & Contact Information My time is your time – open discussion

  • Login