Metasploit3 - David Calligaris

3,108 views

Published on

1] Panoramica sui framework per lo sviluppo di exploit attualmente
disponibili sia commerciali come IMMUNITY CANVAS, CORE IMPACT e in
particolar modo a quelli Open Source come Metasploit 2 e Metasploit 3.
2] Vantaggi del framework Open Source Metasploit 3
3] Demo e utilizzo generico del Framework Open Source msf3
4] Analisi di una vulnerabilita' e scrittura del relativo exploit
utilizzando le librerie e le utility fornite dal framework Open Source msf3

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
3,108
On SlideShare
0
From Embeds
0
Number of Embeds
32
Actions
Shares
0
Downloads
98
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Metasploit3 - David Calligaris

  1. 2. Exploit Frameworks
  2. 3. whoami David Calligaris <ul><li>Senior Security Research @emaze.net </li></ul><ul><li>Penetration Tester </li></ul><ul><li>Exploit Writer </li></ul><ul><li>Code Auditor </li></ul><ul><li>Iplegion developer </li></ul>
  3. 4. Exploit ??? What is an Exploit ???
  4. 5. A framework ?
  5. 6. Why we need an Exploit Framework ? <ul><li>Penetration Testing </li></ul><ul><li>IDS / IPS Testing </li></ul><ul><li>Exploit Portability </li></ul><ul><li>Fast Development </li></ul><ul><li>Funny / Study </li></ul>
  6. 7. Core Impact <ul><li>Commercial Product (Core SDI) </li></ul><ul><li>No developer version </li></ul><ul><li>Windows </li></ul><ul><li>C++ & Python </li></ul><ul><li>Private Exploits </li></ul><ul><li>Powerful GUI </li></ul><ul><li>Easy to Use </li></ul>
  7. 8. Core Impact
  8. 9. Immunity Canvas <ul><li>Commercial Product (Immunity Inc) </li></ul><ul><li>Windows / Linux / OSX </li></ul><ul><li>Pure Python </li></ul><ul><li>Private Exploits </li></ul><ul><li>0day Vulnerabilities </li></ul><ul><li>GUI </li></ul><ul><li>Additional 0days packs (Gleg - Argeniss) </li></ul>
  9. 10. Immunity Canvas
  10. 11. Metasploit III (msf3) <ul><li>Open Source (MSF Licence) </li></ul><ul><li>Windows / Linux / OSX </li></ul><ul><li>Ruby / C / C++ </li></ul><ul><li>Lot of Documentation </li></ul><ul><li>Beta GUI </li></ul><ul><li>Beta Web Interface </li></ul>
  11. 12. Metasploit III (msf3)
  12. 13. Metasploit III Live Demo
  13. 14. Writing Exploits
  14. 15. How to get msf3 SVN How to get msf3
  15. 16. What We Need <ul><li>Knowledge of Exploitation Techniques </li></ul><ul><li>Minimal Ruby Knowledge </li></ul><ul><li>Debugger (Ollydbg – Windbg) </li></ul><ul><li>Funny </li></ul>
  16. 17. Exploit Analisi sidvault.rb
  17. 18. Attach OllyDbg
  18. 19. Find Offset With msf3 Utils
  19. 20. Find Offset With msf3 Utils
  20. 21. Find Offset With msf3 Utils
  21. 22. Take Control Of EIP
  22. 23. Take Control Of EIP
  23. 24. Check BadChars
  24. 25. Find A Valid Opcode
  25. 26. Find A Valid Opcode
  26. 27. Exploit
  27. 28. Exploit
  28. 29. Contacts David Calligaris [email_address] Send Your Resume We Are Hiring [email_address]

×