1. JMU GenCyber Boot Camp Summer, 2015

2. “Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories (good and bad) for vulnerability information, exploits, shellcode: –www.securityfocus.com –milw0rm.com –www.metasploit.com

3. Canned Exploit Code Demo 1 Example: a (local) kernel exploit –http://www.securityfocus.com/bid/9138/ Let’s: –Download the exploit code referenced on securityfocus –Compile it on the victim’s machine (.204) –Run it (as guest) on the victim’s machine

4. Canned Exploit Code Demo 2 Example: a (remote) exploit –http://www.securityfocus.com/bid/8205 Let’s: –Compile exploit on the victim’s machine (.204) –Attack another machine (.202)

5. The Metasploit Framework An exploit development, testing, and deployment tool URL: http://www.metasploit.com/ –Free (community edition) Decouples the two parts of an exploit: –Attack vector –Payload

6. Metasploit – Attack Vectors Many from which to choose: –Operating systems Windows, Linux, Mac, Unix, Cisco, etc. –Services Web, database, e-mail, FTP, etc. Extensible and configurable

7. Metasploit - Payloads Can be used to generate shellcode –Framework comes with many useful payloads Spawn shell Run command Add privileged user –Configurable –Extensible

8. Metasploit Demo 1 Example: the vulnerability that the MSBlaster worm exploited –http://www.securityfocus.com/bid/8205 Let’s use Metasploit to: –Choose the attack vector –Choose the payload –Run the exploit –Interact with the compromised host

9. Metasploit Demo 2 Example: a web browser vulnerability Let’s use Metasploit to: –Choose the attack vector –Choose the payload –Run the exploit –Interact with the compromised host Elevate privileges Setup persistence Capture passwords

10. Summary For many known vulnerabilities attackers do not have to write their own exploit code –“Canned” exploits –The Metasploit Framework Choose and configure an attack vector Choose and configure a payload Interact with host