Multiplayer Metasploit
                          Double Penetration Made Easy
                                   Ryan Linn...
Outline

                     • What are we talking about
                     • Why do we care
                     • Ove...
What are we talking
                                about
                     • Automation
                     • Multipl...
Why do we Care


                     • Most pen tests have time limitations,
                       lets maximize what we...
Overview of Using XMLRPC


                     • 2 Types:
                          • Standard: raw XMLRPC null terminate...
Overview of Requests

                     • Auth requests
                     • Module requests
                     • J...
Auth Requests

                     • Auth.Login
                          • takes username and password
                 ...
Module Requests
                     • Module.exploits
                     • Module.auxiliary
                     • Modu...
Job Requests



                     • Job.list
                     • Job.stop




Saturday, July 31, 2010
Session Requests


                     • Session.list
                     • Session.stop
                     • Session....
Demos

                     • Service Startup
                     • Launching Nmap with Nsploit
                     • Sc...
Contact Info



                     • Twitter: @sussurro
                     • Blog: blog.happypacket.net
              ...
Thanks


                     • 303 Crew for hosting
                     • Y’all for coming out
                     • He...
Upcoming SlideShare
Loading in...5
×

Multi-Player Metasploit: Double Penetration Made Easy

1,817

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,817
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Multi-Player Metasploit: Double Penetration Made Easy"

  1. 1. Multiplayer Metasploit Double Penetration Made Easy Ryan Linn Skytalks Defcon 2010 Saturday, July 31, 2010
  2. 2. Outline • What are we talking about • Why do we care • Overview of using XMLRPC • Overview of requests • Demos Saturday, July 31, 2010
  3. 3. What are we talking about • Automation • Multiple people using same MSF instance • Ability to pass shells/targets from one person to next • Facilitating sharing and ease of use with Metasploit Saturday, July 31, 2010
  4. 4. Why do we Care • Most pen tests have time limitations, lets maximize what we get done • Repetitive tasks get boring, automate the sucky shit • Testing outside of pen test scenario. Do you know what your IDS/IPS/AV/ NIPS/HIPS does and doesn’t detect ? Saturday, July 31, 2010
  5. 5. Overview of Using XMLRPC • 2 Types: • Standard: raw XMLRPC null terminated • Web: XMLRPC over http, what most folks use • Typically bound to localhost, but can be bound to any adapter/IP • Authenticates via username/password • Subsequent calls require tokens • Tokens expire every 15 mins Saturday, July 31, 2010
  6. 6. Overview of Requests • Auth requests • Module requests • Job requests • Session requests • Soon to be DB requests Saturday, July 31, 2010
  7. 7. Auth Requests • Auth.Login • takes username and password • Returns token • Token expires every 15 mins • I usually refresh every 10 Saturday, July 31, 2010
  8. 8. Module Requests • Module.exploits • Module.auxiliary • Module.payloads • Module.encoders • Module.nops • Module.info • Module.options • Module.compatible_payloads • Module.execute Saturday, July 31, 2010
  9. 9. Job Requests • Job.list • Job.stop Saturday, July 31, 2010
  10. 10. Session Requests • Session.list • Session.stop • Session.shell_read • Session.shell_write Saturday, July 31, 2010
  11. 11. Demos • Service Startup • Launching Nmap with Nsploit • Scripting Attacks • Scripting Recon • BeEF Injection and XMLRPC Saturday, July 31, 2010
  12. 12. Contact Info • Twitter: @sussurro • Blog: blog.happypacket.net • Email: sussurro@happypacket.net Saturday, July 31, 2010
  13. 13. Thanks • 303 Crew for hosting • Y’all for coming out • Heather, Ed, Brian, HD, Egypt, and everyone else who helped me with code, ideas, and stuff Saturday, July 31, 2010
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×