Presentation is loading. Please wait.

Presentation is loading. Please wait.

Download the Containers!

Published byMarc-Antoine Renaud Modified over 6 years ago

Similar presentations

Presentation on theme: "Download the Containers!"— Presentation transcript:

1 Download the Containers!
Exploitation 101 Download the Containers! Github:/Microcentillion/snowfroc_metasploit Github:/Microcentillion/snowfroc_joomla Since this is a 101 course, we'll do a quick run-down of what we'll cover in this presentation: We'll start with fundamentals and basic terminology in what exploitation *is*. We'll talk about the four most common categorizations of attacks, and then we'll jump into the demo to show you how simple yet phenomenally powerful the attacker's toolkit really is. REMINDER CONTAINERS The demo uses docker containers. If you haven't already built the containers, you can get the links to the repos in the description for this talk on the SnowFROC website.

2 Exploitation 101 Brad Woodward Senior Engineer – AppliedTrust
Welcome to SnowFROC 2016 and Exploitation 101 My name is Brad Woodward. I've worked in the IT field for 12 years, and am currently a Senior Engineer at AppliedTrust. Glad to be here Thanks to SnowFROC Crew for the opportunity to speak.

3 Agenda What is Exploitation? Classes of Exploits
Hands-on Demonstration Identifying Vulnerable Applications Configuring Metasploit 'Pulling the Trigger' Since this is a 101 course, we'll do a quick run-down of what we'll cover in this presentation: We'll start with fundamentals and basic terminology in what exploitation *is*. We'll talk about the four most common categorizations of attacks, and then we'll jump into the demo to show you how simple yet phenomenally powerful the attacker's toolkit really is. REMINDER CONTAINERS The demo uses docker containers. If you haven't already built the containers, you can get the links to the repos in the description for this talk on the SnowFROC website.

4 What is…? What is Exploitation? Exploitation 101
Whether it's a computer system, a building, or a person, exploitation is the process of leveraging a weakness for personal gain. In the context of Computing, it generally refers to the process of bypassing security controls through software vulnerabilities. In our case, we're specifically attempting to gain unauthorized access to a computer system

5 What is…? What is Exploitation? Exploitation 101
The process of leveraging software vulnerabilities to bypass security controls, with the intent of gaining unauthorized access to a computer system. In our case we're specifically attempting to gain unauthorized access to a computer system.

6 What is…? What is Exploitation? What is an 'exploit'? Exploitation 101
The process of leveraging software vulnerabilities to bypass security controls, with the intent of gaining unauthorized access to a computer system. What is an 'exploit'? How about the term 'Exploit'?

7 What is…? What is Exploitation? What is an 'exploit'? Exploitation 101
The process of leveraging software vulnerabilities to bypass security controls, with the intent of gaining unauthorized access to a computer system. What is an 'exploit'? “A software tool designed to take advantage of a flaw in a computer system.”

8 Exploitation 101 What is…? What is a vulnerability?

9 What is…? What is a vulnerability? Exploitation 101
“A weakness in design, implementation, operation or internal control.” A vulnerability is: Put simply, Exploitation is taking advantage of a weakness. The vulnerability is the weakness itself, and the exploit is the what you *use* to take advantage.

10 Classes of Exploits Denial of Service Unauthorized Data Access
Exploitation 101 Classes of Exploits Denial of Service Unauthorized Data Access Privilege Escalation Local/Remote Code Execution When reviewing lists of exploits, you'll find that they are commonly categorized into one of the following types. This isn't an exhaustive list, but the grand majority will fall into one of the following categories. DOS make a service inaccessible to legitimate use. The LAND Attack – TCP SYN Heartbleed is an example of Unauthorized Data Access, where a modified request would cause additional information to be divulged in the response. Shift user contexts. e.g. from apache to root. Local and Remote Code Execution allow

11 Hands-on Demo The containers use your host IP Start the containers
Exploitation 101 Hands-on Demo The containers use your host IP Disconnect from untrusted networks and set a static IP on the host before starting them. Start the containers Joomla: run_joomla.sh Metasploit: start_metasploit.sh Without further ado, let's jump into the Demo. A few things to note if you plan to follow along with the demo: Once that's all taken care of, you can launch the two containers with the commands here.

12 Hands-on Demo joomla_http_header_rce Affected Exploitation 101
Released Dec 14th 2015 'rce' = Remote Code Execution Buffer overflow in X-Forwarded-For and User-Agent HTTP Headers Affected Joomla – 3.4.5 PHP < dfsg-1ubuntu4.13 Pay attention to the version number at the end

13 Next steps? Exploitation 101
We've gone from zero to sixty, and if this is your first exposure to exploitation, you're probably really excited about what's possible. If this field interests you and you want to continue to develop your skills, I have a few suggestions:

14 Next steps? Start simple Exploitation 101
Start simple. It may be tempting Sophisticated

15 Next steps? Start simple Watch for new CVEs and Exploits
Exploitation 101 Next steps? Start simple Watch for new CVEs and Exploits

16 Next steps? Start simple Watch for new CVEs and Exploits
Exploitation 101 Next steps? Start simple Watch for new CVEs and Exploits Practice 'off the field' Re-use the containers!

17 Resources cve.mitre.org offensive-security.com meetup.com
Exploitation 101 Resources cve.mitre.org offensive-security.com meetup.com Denver OWASP OWASP Boulder Chapter Without further ado, let's jump into the Demo. A few things to note if you plan to follow along with the demo: Also keep your IP in mind, since we'll need it during the demo. Once that's all taken care of, you can launch the two containers with the commands here.

Download ppt "Download the Containers!"

Similar presentations

Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.

Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world.

How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world.
Introduction to Application Penetration Testing

Introduction to Application Penetration Testing
A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,

A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, S. Hansman and R. Hunt,
A Security Review Process for Existing Software Applications

A Security Review Process for Existing Software Applications
1 60-564 Survey “Intrusion Detection: Systems and Models” “A Stateful Intrusion Detection System for World-Wide Web Servers”

Survey “Intrusion Detection: Systems and Models” “A Stateful Intrusion Detection System for World-Wide Web Servers”
W HAT DOES EXPLOIT MEAN ? A ND THE S ASSER WORM Seminar on Software Engineering, Short Presentation 07.02.2008 Christian Gruber.

W HAT DOES EXPLOIT MEAN ? A ND THE S ASSER WORM Seminar on Software Engineering, Short Presentation Christian Gruber.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
BY OLIVIA WILSON AND BRITTANY MCDONALD Up Your Shields with Shields Up!

BY OLIVIA WILSON AND BRITTANY MCDONALD Up Your Shields with Shields Up!
OSI and TCP/IP Models And Some Vulnerabilities AfNOG 12 30 th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.

OSI and TCP/IP Models And Some Vulnerabilities AfNOG th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.
1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.

1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.
POSTER TEMPLATE BY: Whitewater HTTP Vulnerabilities Nick Berry, Joe Joyce, & Kevin Vaccaro. Syntax & Routing Attempt to capture.

POSTER TEMPLATE BY: Whitewater HTTP Vulnerabilities Nick Berry, Joe Joyce, & Kevin Vaccaro. Syntax & Routing Attempt to capture.
Security+ Guide to Network Security Fundamentals, Fourth Edition

Security+ Guide to Network Security Fundamentals, Fourth Edition
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

Similar presentations

Ads by Google