Multi-Player Metasploit: Double Penetration Made Easy
description
Transcript of Multi-Player Metasploit: Double Penetration Made Easy
![Page 1: Multi-Player Metasploit: Double Penetration Made Easy](https://reader034.fdocuments.us/reader034/viewer/2022051313/54820a58b47959e20c8b4695/html5/thumbnails/1.jpg)
Multiplayer MetasploitDouble Penetration Made Easy
Ryan LinnSkytalks Defcon 2010
Saturday, July 31, 2010
![Page 2: Multi-Player Metasploit: Double Penetration Made Easy](https://reader034.fdocuments.us/reader034/viewer/2022051313/54820a58b47959e20c8b4695/html5/thumbnails/2.jpg)
Outline
• What are we talking about
• Why do we care
• Overview of using XMLRPC
• Overview of requests
• Demos
Saturday, July 31, 2010
![Page 3: Multi-Player Metasploit: Double Penetration Made Easy](https://reader034.fdocuments.us/reader034/viewer/2022051313/54820a58b47959e20c8b4695/html5/thumbnails/3.jpg)
What are we talking about
• Automation
• Multiple people using same MSF instance
• Ability to pass shells/targets from one person to next
• Facilitating sharing and ease of use with Metasploit
Saturday, July 31, 2010
![Page 4: Multi-Player Metasploit: Double Penetration Made Easy](https://reader034.fdocuments.us/reader034/viewer/2022051313/54820a58b47959e20c8b4695/html5/thumbnails/4.jpg)
Why do we Care
• Most pen tests have time limitations, lets maximize what we get done
• Repetitive tasks get boring, automate the sucky shit
• Testing outside of pen test scenario. Do you know what your IDS/IPS/AV/NIPS/HIPS does and doesn’t detect ?
Saturday, July 31, 2010
![Page 5: Multi-Player Metasploit: Double Penetration Made Easy](https://reader034.fdocuments.us/reader034/viewer/2022051313/54820a58b47959e20c8b4695/html5/thumbnails/5.jpg)
Overview of Using XMLRPC
• 2 Types:
• Standard: raw XMLRPC null terminated
• Web: XMLRPC over http, what most folks use
• Typically bound to localhost, but can be bound to any adapter/IP
• Authenticates via username/password
• Subsequent calls require tokens
• Tokens expire every 15 mins
Saturday, July 31, 2010
![Page 6: Multi-Player Metasploit: Double Penetration Made Easy](https://reader034.fdocuments.us/reader034/viewer/2022051313/54820a58b47959e20c8b4695/html5/thumbnails/6.jpg)
Overview of Requests
• Auth requests
• Module requests
• Job requests
• Session requests
• Soon to be DB requests
Saturday, July 31, 2010
![Page 7: Multi-Player Metasploit: Double Penetration Made Easy](https://reader034.fdocuments.us/reader034/viewer/2022051313/54820a58b47959e20c8b4695/html5/thumbnails/7.jpg)
Auth Requests
• Auth.Login
• takes username and password
• Returns token
• Token expires every 15 mins
• I usually refresh every 10
Saturday, July 31, 2010
![Page 8: Multi-Player Metasploit: Double Penetration Made Easy](https://reader034.fdocuments.us/reader034/viewer/2022051313/54820a58b47959e20c8b4695/html5/thumbnails/8.jpg)
Module Requests
• Module.exploits
• Module.auxiliary• Module.payloads
• Module.encoders• Module.nops
• Module.info• Module.options
• Module.compatible_payloads• Module.execute
Saturday, July 31, 2010
![Page 9: Multi-Player Metasploit: Double Penetration Made Easy](https://reader034.fdocuments.us/reader034/viewer/2022051313/54820a58b47959e20c8b4695/html5/thumbnails/9.jpg)
Job Requests
• Job.list
• Job.stop
Saturday, July 31, 2010
![Page 10: Multi-Player Metasploit: Double Penetration Made Easy](https://reader034.fdocuments.us/reader034/viewer/2022051313/54820a58b47959e20c8b4695/html5/thumbnails/10.jpg)
Session Requests
• Session.list
• Session.stop
• Session.shell_read
• Session.shell_write
Saturday, July 31, 2010
![Page 11: Multi-Player Metasploit: Double Penetration Made Easy](https://reader034.fdocuments.us/reader034/viewer/2022051313/54820a58b47959e20c8b4695/html5/thumbnails/11.jpg)
Demos
• Service Startup
• Launching Nmap with Nsploit
• Scripting Attacks
• Scripting Recon
• BeEF Injection and XMLRPC
Saturday, July 31, 2010
![Page 12: Multi-Player Metasploit: Double Penetration Made Easy](https://reader034.fdocuments.us/reader034/viewer/2022051313/54820a58b47959e20c8b4695/html5/thumbnails/12.jpg)
Contact Info
• Twitter: @sussurro
• Blog: blog.happypacket.net
• Email: [email protected]
Saturday, July 31, 2010
![Page 13: Multi-Player Metasploit: Double Penetration Made Easy](https://reader034.fdocuments.us/reader034/viewer/2022051313/54820a58b47959e20c8b4695/html5/thumbnails/13.jpg)
Thanks
• 303 Crew for hosting
• Y’all for coming out
• Heather, Ed, Brian, HD, Egypt, and everyone else who helped me with code, ideas, and stuff
Saturday, July 31, 2010