Upload
sussurro
View
2.264
Download
3
Embed Size (px)
DESCRIPTION
Citation preview
Multiplayer MetasploitDouble Penetration Made Easy
Ryan LinnSkytalks Defcon 2010
Saturday, July 31, 2010
Outline
• What are we talking about
• Why do we care
• Overview of using XMLRPC
• Overview of requests
• Demos
Saturday, July 31, 2010
What are we talking about
• Automation
• Multiple people using same MSF instance
• Ability to pass shells/targets from one person to next
• Facilitating sharing and ease of use with Metasploit
Saturday, July 31, 2010
Why do we Care
• Most pen tests have time limitations, lets maximize what we get done
• Repetitive tasks get boring, automate the sucky shit
• Testing outside of pen test scenario. Do you know what your IDS/IPS/AV/NIPS/HIPS does and doesn’t detect ?
Saturday, July 31, 2010
Overview of Using XMLRPC
• 2 Types:
• Standard: raw XMLRPC null terminated
• Web: XMLRPC over http, what most folks use
• Typically bound to localhost, but can be bound to any adapter/IP
• Authenticates via username/password
• Subsequent calls require tokens
• Tokens expire every 15 mins
Saturday, July 31, 2010
Overview of Requests
• Auth requests
• Module requests
• Job requests
• Session requests
• Soon to be DB requests
Saturday, July 31, 2010
Auth Requests
• Auth.Login
• takes username and password
• Returns token
• Token expires every 15 mins
• I usually refresh every 10
Saturday, July 31, 2010
Module Requests
• Module.exploits
• Module.auxiliary• Module.payloads
• Module.encoders• Module.nops
• Module.info• Module.options
• Module.compatible_payloads• Module.execute
Saturday, July 31, 2010
Job Requests
• Job.list
• Job.stop
Saturday, July 31, 2010
Session Requests
• Session.list
• Session.stop
• Session.shell_read
• Session.shell_write
Saturday, July 31, 2010
Demos
• Service Startup
• Launching Nmap with Nsploit
• Scripting Attacks
• Scripting Recon
• BeEF Injection and XMLRPC
Saturday, July 31, 2010
Contact Info
• Twitter: @sussurro
• Blog: blog.happypacket.net
• Email: [email protected]
Saturday, July 31, 2010
Thanks
• 303 Crew for hosting
• Y’all for coming out
• Heather, Ed, Brian, HD, Egypt, and everyone else who helped me with code, ideas, and stuff
Saturday, July 31, 2010