Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gone in 60 minutes A Practical Approach to Hacking an Enterprise with YASUO Saurabh Harit Stephen Hall

Published byDella Brooks Modified over 9 years ago

Similar presentations

Presentation on theme: "Gone in 60 minutes A Practical Approach to Hacking an Enterprise with YASUO Saurabh Harit Stephen Hall"— Presentation transcript:

1 Gone in 60 minutes A Practical Approach to Hacking an Enterprise with YASUO Saurabh Harit {@0xsauby} Stephen Hall {@_stephen_h}

2 root@msf:~$> getuid Saurabh Harit (@0xsauby) Director of Security Research @Security Compass Pentester i.e. Domain Admin at many companies Have a secret crush on reverse engineering Gym freak / Proud father of two beautiful dogs Stephen Hall (@_stephen_h) Security Consultant @Security Compass …… Owner of a Christmas hat

3 What this talk is not about No0-days No Shells

4 Scenario You’re on a red-team engagement You’ve bypassed physical security You’ve bypassed NAC What next? How would you pwn the network? Vulnerability scanner?

5 The Problem Can’t use network vulnerability scanner Have to be Stealth & Quick Can’t use Google dorks (internal network) site, link, inurl

6 Where do $hells come from? It’s not about what, it’s about WHERE

7 Popular Vulnerable Apps Apache Tomcat

8 Popular Vulnerable Apps JBoss jmx-console

9 Popular Vulnerable Apps Hudson Jenkins

10 $hells

11 Not So Popular Vulnerable Apps ADManager Plus

12 Not So Popular Vulnerable Apps ADManager Plus

13 Not So Popular Vulnerable Apps Cyberoam UTM

14 Not So Popular Vulnerable Apps Cyberoam UTM

15 YASUO what??? Written in ruby Written in ruby Did not write it on our flight here Did not write it on our flight here Scans the network for vulnerable applications Scans the network for vulnerable applications Currently supports around 100+ vulnerable applications Currently supports around 100+ vulnerable applications All currently supported apps are Metasploit-able All currently supported apps are Metasploit-able

16 Why Yasuo Because there are tons of vulnerable applications and its not easy to find them

17 World Without Automation Run nmap scan & manually poke each & every web port This CANNOT be fun

18 What’s currently out there Nikto by Chris Sullo https://www.cirt.net/Nikto2 Nmap script – http-enum.nse by Ron Bowes, Andrew Orr, Rob Nicholls http://nmap.org/nsedoc/scripts/http-enum.html Nmap script – http-default-accounts.nse by Paulino Calderon https://www.nmap.org/nmap- exp/calderon/scripts/http-default-accounts.nse

19 Exploring Yasuo

20

21 What’s in the Box yasuo.rbresp200.rbdefault-path.csvusers.txtpass.txtGPL

22

23 Behind the Scenes Detects false-positives Automatically extracts login form Automatically extracts login parameters

24 What’s New

25 RaNdOmIzAtIoN!!! More robust check to detect false positives Properly formatted output table More application signatures Signatures for IP Cameras / Encoder / Decoders Modular & Cleaned-up Code – if there is any such thing

26 Demo Time

27 Challenges Exploit-db – great resource but inconsistent format

28 Challenges Dynamic detection of login page and parameters is regex based.

29 Future Development Smarter version detection Support masscan output format (because y’all love to scan the Interwebs) Add support for more vulnerable applications, Ofcourse Add secondary signature Make current crappy code modular Add multi-threading Add support for vFeed??? Change format of default path file – CSV to YAML? or JSON?

30 CFH (cry for help) Signatures Signatures Signatures & Signatures Please submit application signatures: Post a comment on Github Update default path file on Github Drop us an Email Send a Pigeon.

31 Questions??? or not

32 Thank You! _stephen_h perfectlylogical@gmail.com ✖ 0xsaubysaurabh.harit@gmail.com https://github.com/0xsauby/yasuo

33 Credit Nmap ruby library - https://github.com/sophsec/ruby-nmap https://github.com/sophsec/ruby-nmap The Exploit Database (EDB) - http://www.exploit-db.com/ http://www.exploit-db.com/ @funkaoshi Google Image Cache

Download ppt "Gone in 60 minutes A Practical Approach to Hacking an Enterprise with YASUO Saurabh Harit Stephen Hall"

Similar presentations

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
Implementing Tableau Server in an Enterprise Environment

Implementing Tableau Server in an Enterprise Environment
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Web Vulnerability Assessments

Web Vulnerability Assessments
Presenter: Robbie Corley Organization: KCTCS

Presenter: Robbie Corley Organization: KCTCS
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
1 MTvScan (Malware, Trojan, Viruses Scanner) Enterprise Class Security Scanner.

1 MTvScan (Malware, Trojan, Viruses Scanner) Enterprise Class Security Scanner.
This presentation is intended as a detailed WebEx, to bring potential customers to an understanding of Dream Report capabilities. This presentation focuses.

This presentation is intended as a detailed WebEx, to bring potential customers to an understanding of Dream Report capabilities. This presentation focuses.
Lesson 4: Web Browsing.

Lesson 4: Web Browsing.
Easy Website Creation Using WordPress Welcome and Thank You to our Sponsors.

Easy Website Creation Using WordPress Welcome and Thank You to our Sponsors.
SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)

SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)
Offensive Security Part 1 Basics of Penetration Testing

Offensive Security Part 1 Basics of Penetration Testing
IP Address Management and Request Service Kim Huynh CS491B.

IP Address Management and Request Service Kim Huynh CS491B.
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
The easy way to a nice looking website design By a total non-designer (Me!)

The easy way to a nice looking website design By a total non-designer (Me!)
GreenSQL Yuli Stremovsky /MSN/Gtalk:

GreenSQL Yuli Stremovsky /MSN/Gtalk:
Web Application Security Assessment and Vulnerability Assessment.

Web Application Security Assessment and Vulnerability Assessment.
Introducing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Introducing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
Teaching School Wide Positive Behavior Expectations Using QR Codes Name: Barbara Grace Age of Students: 10-19 Content Area of Teaching Lesson: Behavior.

Teaching School Wide Positive Behavior Expectations Using QR Codes Name: Barbara Grace Age of Students: Content Area of Teaching Lesson: Behavior.

Similar presentations

Ads by Google