State of the Framework Address: Recent Developments in the Metasploit Framework

1,433 views
1,307 views

Published on

Presented at DerbyCon, 2011

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,433
On SlideShare
0
From Embeds
0
Number of Embeds
26
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

State of the Framework Address: Recent Developments in the Metasploit Framework

  1. 1. We interrupt your regularlyscheduled programming to bring you…
  2. 2. The State of the Framework
  3. 3. Past
  4. 4. We must know where wecame from to know where we are going
  5. 5. 4.0 3.0 3.6 3.1 3.2 3.4 BSD2003 … 2007 2008 2009 2010 2011 2012
  6. 6. Modules by type and release140012001000 800 Post 600 Auxiliary Exploit 400 200 0 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 4.0
  7. 7. Auxiliary Exploit Post 1-Jul-2011Modules Over Time 1-Mar-2011 1-Nov-2010 1-Jul-2010 1-Mar-2010 1-Nov-2009 1-Jul-2009 1-Mar-2009 1-Nov-2008 1-Jul-2008 1-Mar-2008 1-Nov-2007 1-Jul-2007 1-Mar-2007 0 800 700 600 500 400 300 200 100
  8. 8. Module Format• Originally tied to directory structure – Now more flexible• Module broke if you mvd it
  9. 9. Uses for Metasploit• Running exploits, getting shells• Creating exploits
  10. 10. Present
  11. 11. Focuses for 4.0• Usability• Scalability• Passwords• Better payloads• Post exploitation
  12. 12. Usability• Installers that make everything easy• Help for most commands• Database command improvements• Msfvenom
  13. 13. Everything Works Out of the Box• Ruby 1.9.2• Postgres• Java (for msfgui, armitage)• Option to automatically update• pcaprub
  14. 14. The Database• Auto configured by installer• Now a core feature used by lots of modules – Almost all auxiliaries, many posts• Scales much better than before• Better search capabilities• Workspaces for logical separation
  15. 15. Scalability
  16. 16. Recent Focus on Passwords• Authenticated code execution by design is better than an exploit• Obvious: SSH, Telnet, RDP, VNC• Less obvious: – MySQL/MSSQL/PostgreSQL – Tomcat/Axis2/JBOSS/Glassfish – ManageEngine
  17. 17. Payloads• Dozens of formats and architectures – PHP; Java (jar, war, jsp); Win32, 64; BSD; OSX – x86, PPC, ARM, MIPS, cmd exec, …• Reverse HTTP(s) stagers for Win32, Java meterpreters• Railgun
  18. 18. Post Modules• Biggest change in a long time• Replaces meterpreter scripts• More comprehensive Post-exploitation API – OMG Railgun – Shell sessions, too – You should have been in Rob and Chris talk• My utopian ideal: post mods work on all kinds of sessions on all supported platforms
  19. 19. Moar Passwerdz
  20. 20. Uses for Metasploit• Running exploits, getting shells• Creating exploits• Auxiliary modules, discovery, systems admin• Post exploitation, looting pwned boxes• Data collection and correlation
  21. 21. Future
  22. 22. Future of Exploits• Continued focus on Authenticated Code Exec – Oracle, various CMSes• Hack all the things
  23. 23. Future of Payloads• Linux meterpreter – Yes, I know Ive been saying this for 3 years• Java meterpreter to keep pace with Win32 – Thanks to mihi• Meterpreter needs to only load stuff that makes sense for the platform• IPv6 support for more stuff – Mostly works, 32-bit Windows and Linux payloads – Toredo
  24. 24. Future of Post Exploitation• Huge amount of community dev going into Post modules• Password stealers for every conceivable application that stores them – Thanks TheLightCosine!• More local privesc exploits
  25. 25. More Post Exploitation• More and better APIs – Cross-platform pilfering• Easier
  26. 26. Future of Modules in General• Some form of exploit abstraction• Transport should be a user option – Not a whole different module with the same exploit code – Example: PDF exploits over HTTP, FTP, SMB, email
  27. 27. Startup Time
  28. 28. Contributing Should be Easy
  29. 29. Contribution Workflow Ask about it in Find a bug Submit a ticket IRCGet tired of Tell me I forgotwaiting, fix it Submit a patch about it yourselfRemind me Give up again
  30. 30. Documentation• Two main sources of documentation right now – Reading 500k lines of ruby source – Asking me in IRC• It was hard to write, it should be hard to read, dammit!
  31. 31. Documentation• Updated users guide• Updated developers guide• Clean up rdoc
  32. 32. Installation Should be Easier• Everything should *really* work out of the box• Everything should be configurable from the commandline• Install Express/Pro without another big download of mostly the same stuff – I know, shameless plug, but hey it pays for all the rest of this
  33. 33. Uses for Metasploit• Running exploits, getting shells• Creating exploits• Auxiliary modules, discovery, systems admin• Post exploitation, looting pwned boxes• Data collection and correlation• And….
  34. 34. Why?• Metasploit should be the first and the last tool you need• Anything that gets you access – Proof positive tool – Not just exploits, identities• Maintain that access• Use your access to achieve your goals• Store all of the above in a manageable way
  35. 35. Questions?• If I have ever kickbanned you in #metasploit, Im sorry – But not that sorry, you should have googled more

×