Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Practical exploitation and social engineering


Published on

Just4meeting 2011 - Practical exploitation and cyberstalking!

Published in: Technology
  • Be the first to like this

Practical exploitation and social engineering

  1. 1. Practical Exploitation: Introduction to Metasploit, Social Engineering and a few other tools<br />
  2. 2. Speakers<br />BSc, MSc, CEH, CHFI,thought I was going to be a PhD decided to become a ninja instead.<br />BSc, MSc<br />-Now works for ABBAN<br />Breaking servers, sip trunks, and doing research into VoIP and IMS<br />
  3. 3. Synopsis – wrong order, all content<br />Introduction to practical exploitation<br />Introduction to cyberstalking<br />Introduction to Metasploit<br />(short) History of metasploit<br />Modules<br />Exploits<br />Payloads<br />Tools<br />Metasploit fundamentals<br />Vulnerability Scanning<br />MSF Databases commands<br />Client side exploits<br />Post Exploitation<br />Meterpreter <br />Armitage<br />Social Engineering<br />SET<br />Types of attacks<br />Infection Media<br />Practical workshop<br />Ps: I know you have high hopes that it will go by this order, but it wont, we are not that organized, and apologize in advance.<br />
  4. 4. Workshop<br />During the practical workshop, you will work in pairs, you will be given an IP address to a virtual machine.<br />The objective of this workshop is very simple<br />PWN the living crap out of these virtual machines using techniques that were taught to you during this presentation and read the file password.txt located at Windows/System32 or /home/just4meeting (depending if you get a windows box or a linux box), and sucessfully create your own account on the remote system. <br />
  5. 5. Seriouz Business<br />When presenting, we like to talk about both the fun side of things and the bit about serious implications these “fun things” can have in life.<br />During this presentation you will hear a bit about cyberstalking and how these tools work from a cyberstalker perspective and a victim.<br />To write this part of the presentation we worked along side with the brand new UK National Center for Cyberstalking Research, they are cool people and provided us with lots of data and information.<br /><br />
  6. 6. Practical exploitation<br />Q:What do we call practical exploitation?<br />On the interwebz you can find many definitions created by “security professionals”, we are not (security professionals), so here is our definition of practical exploitation:<br />Get root and learn how to use current tools to automate and increase the speed when doing a penetration test. <br />Understand how to use the tools past a script kiddie level – aka being able to extend the tool code if needed or combine multiple tools to achieve a target (!!root!!)<br />
  7. 7. Cyberstalking<br />Q: What is CYBERSTALKING?<br />A: Cyberstalking is the use of internet and/or other electronic means to stalk or harass an individual. <br />However cyberstalking can be legal and illegal.<br />(To be explained further)<br />
  8. 8. Cyberstalking<br />Q: Who practices cyberstalking?<br />You<br />Me<br />
  9. 9. Cyberstalking<br />“I’VE NEVER CYBERSTALKED!!!!one!!!eleven!!”<br />
  10. 10. Cyberstalking<br />Remember when 2 slides back we said cyberstalking could be both legal and illegal ? This is what we meant...<br />Lets go through a scenario where Cyberstalking would be legal!<br />
  11. 11. Cyberstalking<br />Meet Tiago:<br />As you can see, Tiago is ur average 23 year old stud, he likes to go out and party, when he does so he meetssssssssssssss<br />
  12. 12. Cyberstalking<br />GIRLS!<br />However....<br />
  13. 13. Cyberstalking<br />Tiago has certain things he likes in girls and things he dislikes!<br />Tiago like more then 500million people has a facebook account<br />So Tiago goes and does a bit of Cyberstalking to decide which girls he wants to be friends with or not. Or even possible future girlfriends.<br />
  14. 14. Cyberstalking<br />Even without adding these girls to facebook he gets plenty information sometimes to decide if he wants to go further with them.<br />
  15. 15. Cyberstalking<br />So, as you can see this is an example of a situation where cyberstalking is perfectly acceptable and legal. You access public information about someone that is in the “cyber” world.<br />This is also an action done sometimes by companies that are considering hiring a certain person, to get some background information on the person.<br />
  16. 16. Cyberstalking<br />HOWEVER<br />
  17. 17. Cyberstalking – Scenario 2<br />Tiago also knows his way around computers and specifically security and the tools used in infosec. He also knows how to check securitytube and common security websites for different types of attacks.<br />BLACKHAT ON!<br />
  18. 18. Cyberstalking – Scenario 2<br />Analyzing the profiles Tiago decides he wants to go further and know a bit too much about one of these girls.<br />
  19. 19. Profiling<br />Tiago starts by getting all sorts of information he can on this girl that might be useful in any way:<br />From the facebook profile we get that:<br />Her name is Anna Konova<br />She is both a Chelsea and Barça fan<br />She likes Burberry, fashion events, dominoes pizza, and something called SIFE<br />Her favorite music: MJ, Lady gaga, Beyoncé, Alicia Keys, Cheryl Cole<br />Using the information collected from this facebook profile we go to google...<br />
  20. 20. Profiling<br /><<- OH LOOK THE SIFE THING<br />Quite a few results lets have a look at a few....<br />
  21. 21. Profiling<br />From the facebook profile we get that:<br />Her name is Anna Konova<br />She is both a Chelsea and Barça fan<br />She likes Burberry, fashion events, dominoes pizza, and something called SIFE<br />Her favorite music: MJ, Lady gaga, Beyoncé, Alicia Keys, Cheryl Cole<br />From twitter we get 0<br />From linkedIN:<br />Project manager at Innovate <br />Went to University of Bedfordshire<br />Is looking for new career opportunities etc etc etc<br />SIFE - SIFE is an international non-profit organization that works with leaders in business and higher education to mobilize university students to make a difference in their communities while developing the skills to become socially responsible business leaders.<br />
  22. 22. Going over the line<br />How can all this simple, easily accesible information help Tiago cyberstalk someone?<br />Well let me introduce you to METASPLOIT.<br />
  23. 23. DEMO 1 – PDF + Email<br />DEMO<br />
  24. 24. DEMO 1 – PDF + Email<br />As you can see it wasn’t an attack hard to setup and easily a real life scenario.<br />For those of you that find that attack complicated, we have something for you later on....<br />
  25. 25. A bit more on cyberstalking....<br />Following we will present some data that was provided to us by the Research Center!  coz stats are always fun n giggles!<br />
  26. 26. Stats<br />Harrasser – Environment where they are first met<br />
  27. 27. Stats<br />Harrasser – Description<br />
  28. 28. Stats<br />Fears experienced by those who are harassed<br />
  29. 29. Stats<br />Consequences on those being harrased<br />
  30. 30. Types of attacks<br /><ul><li>Identity theft – controlling victim’s credentials
  31. 31. Posting false profiles
  32. 32. Posing as the victim and attacking others
  33. 33. Discrediting in online communities
  34. 34. Discrediting victim in workplace
  35. 35. Direct threats through email/instant messaging
  36. 36. Constructing websites targeting the victim
  37. 37. Transferring attack to victim’s relatives
  38. 38. Use of the victim’s image
  39. 39. Provoking others to attack the victim
  40. 40. Following the victim in cyberspace</li></li></ul><li>Tools<br />So what other tools does a cyberstalker have that are easily accesible and with a high ease of use?<br />SET<br />Metasploit<br />Evilgrade<br />
  41. 41. Metasploit<br />Exploitation framework<br />Lots of other tools and utilities<br />First written in PERL<br />Then changed to RUBY (THANK GOD)<br />3 versions – Pro, Express, free<br />
  42. 42. Metasploit nowadays...<br />We wont be able to look at all the different components so we will try to focus on the more commonly used ones.<br />
  43. 43. Metasploit - Starting<br />
  44. 44. Metasploit - Interaction<br />There are many ways a user can access metasploit features:<br /><ul><li>Msfconsole
  45. 45. msfGUI
  46. 46. msfWEB
  47. 47. Armitage</li></li></ul><li>Metasploit - MSFconsole<br />
  48. 48. Metasploit - MSFGui<br />
  49. 49. Metasploit - MSFWeb<br />
  50. 50. Metasploit - Armitage<br />
  51. 51. Metasploit – Main Modules<br />Exploits – Main module – used to pwn shit! :]<br />Encoders – Used to transform raw versions of payloads<br />Payload – Used to connect to the shit u pwn!<br />
  52. 52. Metasploit – Quick Intro<br />Step 1 – Open msfconsole<br />Step 2 – Choose exploit<br />Step 3 – Configure exploit and payload<br />Step 4 – exploit!<br />
  53. 53. Metasploit – Intro DEMO<br />DEMO 0<br />
  54. 54. Metasploit – Process<br />
  55. 55. Metasploit - Essentials<br />use module- start configuring module<br />show options - show configurable options <br />set varnamevalue - set option<br />exploit - launch exploit module<br />run - launch non-exploit<br />sessions –i n - interact with a session<br />help command - get help for a command<br />
  56. 56. Metasploit – Payloads<br />Shell<br />VNC<br />DLLinjection<br />Meterpreter<br />
  57. 57. But but but...<br />Am a lazy bastard and I think all the methods uve shown me are too hard <br />
  58. 58. But but but...<br />FINEEEEEEEEEEEEEE<br />Meet: Armitage<br />
  59. 59. Meterpreter<br />Meterpreter is COOL<br />Meterpreter is VERY COOL<br />Meterpreter because of a thing called RAILGUN = Full access to windows API<br />What does that mean? This is what it means... You cyberstalkers!<br />
  60. 60. Meterpreter<br />DEMO meterpreter<br />
  61. 61. Back to seriouz<br />This is all good fun, but shows how easy you can “pwn” and cyberstalk some1 or even be cyberstalked. <br />Advices are the usual: Anti virus updated, Software updated, Firewalls up and running (However that probably wont do you much)<br />2 best advices I can give:<br />Do not read PDF’s, or if u do read them inside google chrome (coz at least ur sandboxed n shit :D )<br />ANDDDDDDDDDDD<br />
  62. 62. Back to seriouz<br />
  63. 63. KUDOS<br />FILIPE REIS!!!!!!! ONE ELEVEN!!!!! <br />And more FILIPE REIS! He helped recording the demos and is awesome. <br />Center for Research on Cyberstalking for the data provided<br />The girls for accepting that we had to stay up late. <br />Oh and Chris Bockermann, Bruno Morisson and Oli for allowing me to go home yesterday to write these slides instead of getting us drunk.<br />
  64. 64. Questions...<br />