0
Multiplayer Metasploit
    Tag-Team Pen Testing and Reporting
                Ryan Linn
                Defcon 18
Outline

• Description of Problem
• Discussion of current solutions
• Overview of XMLRPC database
  integration
• Discussi...
What’s the problem?

• Pen testing/security audit teams need
  to share information
• How do you plan further action?
• Wh...
Analysis of current solutions


• Dradis - best alternative, imports data
  great, but hard to further actions, no
  integ...
overview of solution


• Metasploit is readily available
• Extend XMLRPC to facilitate DB
  transactions
• XMLRPC extensio...
Types of Objects
• workspaces - separate spaces for data
• hosts
• services
• vulns
• notes - general purpose data storage...
Workspaces

• Values:
 • name
 • created_at
 • updated_at
 • boundary
 • description
Hosts
• created_at   • os_name
• updated_at   • os_flavor
• address      • os_sp
• address6     • os_lang
• mac          • ...
Services

• host
• port
• proto
• state
• name
• info
Vulns


• host
• service
• name
• info
Notes

• ntype
• service
• host
• critical
• seen
• data
Events

• host
• name
• seen
• critical
• username
• info
loots
• host
• service
• ltype
• path
• data
• content_type
• name
• info
Clients


• host
• ua_string
• ua_name
• ua_ver
Users
• username
• crypted_password
• password_salt
• persistance_token
• fullname
• email
• phone
• company
• prefs
Demos

• Service Startup
• Launching Nmap with Nsploit
• Storing BeEF data in Metasploit
• External report generation
• Di...
Thanks

• Defcon staff and attendees for a great
  conference
• Heather Pilkington, Scott Hilbert,
  Jonathan Cran, HD Moo...
Contact Information



• IRC: sussurro
• Twitter: @sussurro
• Blog: blog.happypacket.net
Questions?
Upcoming SlideShare
Loading in...5
×

Multi-Player Metasploit: Tag Team Pen Testing and Reporting

1,221

Published on

This presentation discusses how database components of Metasploit can be used through XMLRPC to facilitate pen testing data sharing and collection in order to ensure real time actionable information is available to all testers at all times.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,221
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
31
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide



















  • Transcript of "Multi-Player Metasploit: Tag Team Pen Testing and Reporting"

    1. 1. Multiplayer Metasploit Tag-Team Pen Testing and Reporting Ryan Linn Defcon 18
    2. 2. Outline • Description of Problem • Discussion of current solutions • Overview of XMLRPC database integration • Discussion of types of objects • Demos
    3. 3. What’s the problem? • Pen testing/security audit teams need to share information • How do you plan further action? • What about deltas from previous tests? • No easy way to automate reporting
    4. 4. Analysis of current solutions • Dradis - best alternative, imports data great, but hard to further actions, no integration with other tools • Leo - geared toward one person and logging/reporting only • Wiki - multi-user but arbitrary organization, hard to convert to further action or reporting
    5. 5. overview of solution • Metasploit is readily available • Extend XMLRPC to facilitate DB transactions • XMLRPC extension allows central logging • All information is actionable • Data can be added real time
    6. 6. Types of Objects • workspaces - separate spaces for data • hosts • services • vulns • notes - general purpose data storage • events - log of commands executed • loots - phat loots lives here • clients - web clients • users - users + credentials
    7. 7. Workspaces • Values: • name • created_at • updated_at • boundary • description
    8. 8. Hosts • created_at • os_name • updated_at • os_flavor • address • os_sp • address6 • os_lang • mac • arch • comm • purpose • name • info • state • comments
    9. 9. Services • host • port • proto • state • name • info
    10. 10. Vulns • host • service • name • info
    11. 11. Notes • ntype • service • host • critical • seen • data
    12. 12. Events • host • name • seen • critical • username • info
    13. 13. loots • host • service • ltype • path • data • content_type • name • info
    14. 14. Clients • host • ua_string • ua_name • ua_ver
    15. 15. Users • username • crypted_password • password_salt • persistance_token • fullname • email • phone • company • prefs
    16. 16. Demos • Service Startup • Launching Nmap with Nsploit • Storing BeEF data in Metasploit • External report generation • Diffing workspaces
    17. 17. Thanks • Defcon staff and attendees for a great conference • Heather Pilkington, Scott Hilbert, Jonathan Cran, HD Moore, Egypt, anyone else I’ve forgotten • Fyodor, Wade Alcorn for Nmap and BeEF
    18. 18. Contact Information • IRC: sussurro • Twitter: @sussurro • Blog: blog.happypacket.net
    19. 19. Questions?
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×