who am i
play

who am i ? H D Moore <hdm [at] metasploit.com> Metasploit - PowerPoint PPT Presentation

Apr 06, 2023 •192 likes •403 views

METASPLOIT FOSDEM 2007 who am i ? H D Moore <hdm [at] metasploit.com> Metasploit project Core developer and project lead BreakingPoint Systems Director of Security Research FOSDEM 2007 why listen ? A great tool you can use today

  1. METASPLOIT FOSDEM 2007

  2. who am i ? H D Moore <hdm [at] metasploit.com> Metasploit project Core developer and project lead BreakingPoint Systems Director of Security Research FOSDEM 2007

  3. why listen ? • A great tool you can use today • The BSD-licensed Rex library • Latest in exploit technology FOSDEM 2007

  4. metasploit framework • An exploit development platform • Security researchers • Penetration testers • Security vendors • Script kiddies FOSDEM 2007

  5. metasploit history • Version 1.0 (2003-2004) • Perl, 15 exploits, curses UI • Version 2.7 (2003-2006) • Perl, 150+ exploits, 3 Uis • Version 3.0 (2007+) FOSDEM 2007

  6. metasploit 3.0 • 100,000 lines of Ruby • 53,000 lines of C/C++ • 8000 lines of ASM • 350 unique modules • 2 years to develop FOSDEM 2007

  7. why ruby ? • Clean, easy, and fun • Awesome OO model • Green threading • Platform support FOSDEM 2007

  8. architecture INTERFACES LIBRARIES Console TOOLS Rex CLI MSF Core Web GUI PLUGINS MSF Base MODULES Payloads Exploits Encoders Nops Aux FOSDEM 2007

  9. the Rex library • Text manipulation • CPU instructions • Fancy sockets • File formats • Protocols • SMB, DCERPC, SUNRPC, HTTP FOSDEM 2007

  10. metasploit modules • Simple Ruby classes • Dynamically loaded • Rich meta-information • Expose type-specific methods FOSDEM 2007

  11. metasploit exploits • Modules inherit Msf::Exploit • Heavy use of Ruby mixins • TCP, UDP, SMB, HTTP • Active, Passive, Brute force • WiFi, Pcap, Bluetooth FOSDEM 2007

  12. exploit example connect print_status("Trying target #{target.name}...") buf = Rex::Text.rand_text_english(1816) seh = generate_seh_payload(target.ret) buf[1008, seh.length] = seh send_cmd( ['USER', buf] , false) handler disconnect FOSDEM 2007

  13. metasploit payloads • Modules inherit Msf::Payload • Singles, Stagers, Stages • Remote command shells • In-memory DLL injection • “CMD” payload types • “PHP” payload types FOSDEM 2007

  14. windows payloads • Standardized calling convention • Tiny paylods via ordinal resolution • DLL injection payloads • In-memory VNC server • PassiveX payload stager • The Meterpreter... FOSDEM 2007

  15. the meterpreter • Dynamically extensible payload • Custom network protocol • The basic “stdapi” extension • ps, kill, ls, rm, mkdir, rmdir • upload, download, execute • migrate, interact, load, scripting FOSDEM 2007

  16. metasploit auxiliaries • Modules inherit Msf::Auxiliary • Anything not an “exploit” • Discovery and fingerprinting • Network protocol “fuzzers” • Denial of service methods • Administrative access exploits FOSDEM 2007

  17. user interfaces • msfconsole • msfcli • msfweb • msfgui FOSDEM 2007

  18. events • Registered subscriber model • Trigger on common actions • Exploit launched • Session creation • Job creation • User command FOSDEM 2007

  19. plugins • Hook events, extend objects • Examples • Socket filtering and logging • Database support • Exploit automation • Telnet console FOSDEM 2007

  20. summary • An advanced exploit toolkit • Simple to use and extend • 3.0 stable release is SOON http://framework.metasploit.com/ FOSDEM 2007

  21. Demos ! FOSDEM 2007

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hierarchical Graph Representation Learning via Differentiable Pooling Rex Ying, Jiaxuan You,

Hierarchical Graph Representation Learning via Differentiable Pooling Rex Ying, Jiaxuan You,

Hierarchical Graph Representation Learning via Differentiable Pooling Rex Ying, Jiaxuan You, Christopher Morris, William L. Hamilton, Xiang Ren, Jure Leskovec Stanford University TU Dortmund University University of Southern California 1

98 views • 9 slides
Style (con+nued) LINGUIST 159 American Dialects 11/13/2014

Style (con+nued) LINGUIST 159 American Dialects 11/13/2014

Style (con+nued) LINGUIST 159 American Dialects 11/13/2014 Style in the third wave Style are performa(ve style brings about meaning, it doesnt

327 views • 18 slides
TORAH DEVOTIONALS Oh how I love your law ( torah ) ! It is my meditation all the day. (Ps.

TORAH DEVOTIONALS Oh how I love your law ( torah ) ! It is my meditation all the day. (Ps.

TORAH DEVOTIONALS Oh how I love your law ( torah ) ! It is my meditation all the day. (Ps. 119:97) The law ( torah )of your mouth is better to me than thousands of gold and silver pieces. (Ps. 119:92) The law ( torah ) of your mouth

454 views • 34 slides
Speech Processing 15-492/18-492 Speech Recognition Template matching Speech Recognition by

Speech Processing 15-492/18-492 Speech Recognition Template matching Speech Recognition by

Speech Processing 15-492/18-492 Speech Recognition Template matching Speech Recognition by Templates A little history A little history Matching Templates Matching Templates DTW (Dynamic Time Warping) DTW (Dynamic

378 views • 24 slides
Dr. Claes A. Belfrage School of Management University of Liverpool E-mail: c.belfrage@liv.ac.uk

Dr. Claes A. Belfrage School of Management University of Liverpool E-mail: c.belfrage@liv.ac.uk

Challenges for strengthening Mercosul financial integration lessons from the European experience Dr. Claes A. Belfrage School of Management University of Liverpool E-mail: c.belfrage@liv.ac.uk Este documento no representa necessariamente

685 views • 35 slides
Module 16 E mployee Mentor ing 1 Module Sixteen: Employee Mentoring 1 Objectives

Module 16 E mployee Mentor ing 1 Module Sixteen: Employee Mentoring 1 Objectives

In the last two modules, we looked at developing employees and having a positive influence. Module 16 takes this one step further. Mentoring. In order to have a steady stream of capable and knowledgeable leaders, an importance must be placed

399 views • 13 slides
PREX / CREX Status Jan 25, 2018 Bob Michaels, on behalf of the PREX collaboration. Wiki

PREX / CREX Status Jan 25, 2018 Bob Michaels, on behalf of the PREX collaboration. Wiki

PREX / CREX Status Jan 25, 2018 Bob Michaels, on behalf of the PREX collaboration. Wiki https://prex.jlab.org/wiki/index.php/Main_Page docDB http://prex.jlab.org/cgi-bin/DocDB/public/DocumentDatabase ( private and public ) Web page

428 views • 18 slides
Tensor products of finitely cococomplete and abelian categories 1 Ignacio Lpez Franco

Tensor products of finitely cococomplete and abelian categories 1 Ignacio Lpez Franco

Delignes tensor product Questions we answer Existence of Delignes tensor Counterexample to the existence Tensor products of finitely cococomplete and abelian categories 1 Ignacio Lpez Franco University of Cambridge Gonville and Caius

554 views • 33 slides
La Fabbrica del Futuro &amp; le opportunit di Horizon 2020 Reggio Emilia 25 Novembre 2013

La Fabbrica del Futuro &amp; le opportunit di Horizon 2020 Reggio Emilia 25 Novembre 2013

La Fabbrica del Futuro &amp; le opportunit di Horizon 2020 Reggio Emilia 25 Novembre 2013 Massimo Mattucci EFFRA Co-Chairman Factories of the Future PPP Background Positive experience of FoF PPP since 2009: development of

374 views • 21 slides
RFC: A new divergence analysis for LLVM Simon Moll, Thorsten Klner and Sebastian Hack

RFC: A new divergence analysis for LLVM Simon Moll, Thorsten Klner and Sebastian Hack

RFC: A new divergence analysis for LLVM Simon Moll, Thorsten Klner and Sebastian Hack http://compilers.cs.uni-saarland.de Compiler Design Lab Saarland University Saarland Informatics Campus 1 Today: Divergence Analysis Recap: VPlan+RV

230 views • 19 slides
Extending Catalog zones another approach in automating maintenance Leo Vandewoestijne

Extending Catalog zones another approach in automating maintenance Leo Vandewoestijne

Extending Catalog zones another approach in automating maintenance Leo Vandewoestijne dns.company Rev 0.000 Spoilers/Warnings - Not much new; working in Bind already - This presentation was prepared while having lack of time

578 views • 12 slides
Advanced Distributed Systems Introduction &amp; RFC #677 Wyatt Lloyd Some

Advanced Distributed Systems Introduction &amp; RFC #677 Wyatt Lloyd Some

Advanced Distributed Systems Introduction &amp; RFC #677 Wyatt Lloyd Some slides adapted from Minlan Yu Welcome! Rules No laptops, no phones: pay attention! Sit towards the front: participate! Today

919 views • 54 slides
iLab2 Introduction to SIP Daniel Raumer raumer@net.in.tum.de Agenda SIP - What? SIP

iLab2 Introduction to SIP Daniel Raumer raumer@net.in.tum.de Agenda SIP - What? SIP

Lehrstuhl Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen iLab2 Introduction to SIP Daniel Raumer raumer@net.in.tum.de Agenda SIP - What? SIP - How? Repetition Security iLab2

263 views • 14 slides
Real-Time Communica/on in Web-browsers (RTCWeb) Michael

Real-Time Communica/on in Web-browsers (RTCWeb) Michael

Real-Time Communica/on in Web-browsers (RTCWeb) Michael Txen (tuexen@=-muenster.de) Outline RTCWeb overview Peer to peer protocol stack RTCWeb

490 views • 22 slides
Streebog and Kuznyechik Inconsistencies in the Claims of their Designers Lo Perrin IETF

Streebog and Kuznyechik Inconsistencies in the Claims of their Designers Lo Perrin IETF

leo.perrin@inria.fr @lpp_crypto Streebog and Kuznyechik Inconsistencies in the Claims of their Designers Lo Perrin IETF Workshop, Montral Standards and S-boxes On the S-box of RFC 6986 and 7801 The Core Issue: the S-Box Generation

779 views • 50 slides
Unraveling Meta-Learning: Understanding Feature Representations for Few-Shot Tasks Micah

Unraveling Meta-Learning: Understanding Feature Representations for Few-Shot Tasks Micah

Unraveling Meta-Learning: Understanding Feature Representations for Few-Shot Tasks Micah Goldblum, Steven Reich, Liam Fowl, Renkun Ni, Valeriia Cherepanova, Tom Goldstein University of Maryland, College Park, Maryland, USA

446 views • 6 slides
RFC 3706 A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers (Czerny

RFC 3706 A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers (Czerny

RFC 3706 A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers (Czerny Andeas) Summery 1. Introduction 2. Keepalives and Heartbeats 3. DPD Protocol 4. Resistance to Replay Attack and False Proof of Liveliness Situation

890 views • 20 slides
Pre-Expression of Interest Transportation Technology RFI Procurement Process Sign in sheet

Pre-Expression of Interest Transportation Technology RFI Procurement Process Sign in sheet

Pre-Expression of Interest Transportation Technology RFI Procurement Process Sign in sheet Q&amp;A process Deadline for questions 7/23/18 5 p.m. EOI submission is a required pre qualification process for product demos

385 views • 9 slides
NCATS Strategic Planning Dorit Zuk, Ph.D. Director, OPCS A NCATS Council/ CAN Review Board

NCATS Strategic Planning Dorit Zuk, Ph.D. Director, OPCS A NCATS Council/ CAN Review Board

NCATS Strategic Planning Dorit Zuk, Ph.D. Director, OPCS A NCATS Council/ CAN Review Board Meeting eptember 3 rd , 2015 S 2 3 Strategic Planning Process Timeline S mall group Dec 2014-Apr 2015 discussions with staff Focus groups Aug

624 views • 16 slides
Alternate Dispute Resolution / Allegation Guidance Memorandum January 19, 2010 Michael Headrick

Alternate Dispute Resolution / Allegation Guidance Memorandum January 19, 2010 Michael Headrick

Alternate Dispute Resolution / Allegation Guidance Memorandum January 19, 2010 Michael Headrick Chairman, BOD, NAECP Alternate Dispute Resolution Feedback from industry on ADR w as generally positive Need consistency in the NRCs

168 views • 5 slides
New York Ne ork &amp; Ne New Jersey UpdateJu July y 2018 Ne Netw twork rk Membe mber

New York Ne ork &amp; Ne New Jersey UpdateJu July y 2018 Ne Netw twork rk Membe mber

New York Ne ork &amp; Ne New Jersey UpdateJu July y 2018 Ne Netw twork rk Membe mber r Webi bina nar Hosted by: William OHearn, Communications/Outreach Manager, NJ and NY Elizabeth Barminski, Working Group Coordinator

703 views • 21 slides
Donn ees Manquantes : 2 exemples S eparation de RFI sur SMOS &amp; Video Inpainting Andr

Donn ees Manquantes : 2 exemples S eparation de RFI sur SMOS &amp; Video Inpainting Andr

Donn ees Manquantes : 2 exemples S eparation de RFI sur SMOS &amp; Video Inpainting Andr es Almansa GT SPU Traitement donn ees spatiales 27 septembre, 2014 Andr es Almansa Donn ees Manquantes SMOS images restoration

442 views • 23 slides
Purchasing Department REQUEST FOR INTEREST RFI # 1818 December 29, 2017 RFI Title: H. L. Mooney

Purchasing Department REQUEST FOR INTEREST RFI # 1818 December 29, 2017 RFI Title: H. L. Mooney

4 County Complex Court Phone (703) 335-8925 P.O. Box 2266 Fax (703) 335-7954 Woodbridge, VA 22192-9201 www.pwcsa.org Purchasing Department REQUEST FOR INTEREST RFI # 1818 December 29, 2017 RFI Title: H. L. Mooney Water Reclamation Facility

223 views • 6 slides
Duality on Value Semigroups Philipp Korell Technische Universitt Kaiserslautern July 4, 2016

Duality on Value Semigroups Philipp Korell Technische Universitt Kaiserslautern July 4, 2016

Duality on Value Semigroups Philipp Korell Technische Universitt Kaiserslautern July 4, 2016 Joint work w/ Laura Tozzo &amp; Mathias Schulze Example Complex algebroid curve R = C [[ x , y ]] / x 3 y + y 6 = C [[ x , y ]] /

567 views • 28 slides

More recommend