JMU GenCyber Boot Camp Summer, 2015
“Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories (good and bad) for vulnerability information, exploits, shellcode: – –milw0rm.com –
Canned Exploit Code Demo 1 Example: a (local) kernel exploit – Let’s: –Download the exploit code referenced on securityfocus –Compile it on the victim’s machine (.204) –Run it (as guest) on the victim’s machine
Canned Exploit Code Demo 2 Example: a (remote) exploit – Let’s: –Compile exploit on the victim’s machine (.204) –Attack another machine (.202)
The Metasploit Framework An exploit development, testing, and deployment tool URL: –Free (community edition) Decouples the two parts of an exploit: –Attack vector –Payload
Metasploit – Attack Vectors Many from which to choose: –Operating systems Windows, Linux, Mac, Unix, Cisco, etc. –Services Web, database, , FTP, etc. Extensible and configurable
Metasploit - Payloads Can be used to generate shellcode –Framework comes with many useful payloads Spawn shell Run command Add privileged user –Configurable –Extensible
Metasploit Demo 1 Example: the vulnerability that the MSBlaster worm exploited – Let’s use Metasploit to: –Choose the attack vector –Choose the payload –Run the exploit –Interact with the compromised host
Metasploit Demo 2 Example: a web browser vulnerability Let’s use Metasploit to: –Choose the attack vector –Choose the payload –Run the exploit –Interact with the compromised host Elevate privileges Setup persistence Capture passwords
Summary For many known vulnerabilities attackers do not have to write their own exploit code –“Canned” exploits –The Metasploit Framework Choose and configure an attack vector Choose and configure a payload Interact with host