1] Panoramica sui framework per lo sviluppo di exploit attualmentedisponibili sia commerciali come IMMUNITY CANVAS, CORE IMPACT e inparticolar modo a quelli Open Source come Metasploit 2 e Metasploit 3.2] Vantaggi del framework Open Source Metasploit 33] Demo e utilizzo generico del Framework Open Source msf34] Analisi di una vulnerabilita' e scrittura del relativo exploitutilizzando le librerie e le utility fornite dal framework Open Source msf3
Citation preview
1.
2. Exploit Frameworks 3. whoami David Calligaris
Senior Security Research @emaze.net
Penetration Tester
Exploit Writer
Code Auditor
Iplegion developer
4. Exploit ???What is an Exploit ??? 5. A framework ? 6. Why we
need an Exploit Framework ?
Penetration Testing
IDS / IPS Testing
Exploit Portability
Fast Development
Funny / Study
7. Core Impact
Commercial Product (Core SDI)
No developer version
Windows
C++ & Python
Private Exploits
Powerful GUI
Easy to Use
8. Core Impact 9. Immunity Canvas
Commercial Product (Immunity Inc)
Windows / Linux / OSX
Pure Python
Private Exploits
0day Vulnerabilities
GUI
Additional 0days packs (Gleg - Argeniss)
10. Immunity Canvas 11. Metasploit III (msf3)
Open Source (MSF Licence)
Windows / Linux / OSX
Ruby / C / C++
Lot of Documentation
Beta GUI
Beta Web Interface
12. Metasploit III (msf3) 13. Metasploit IIILive Demo 14.
Writing Exploits 15. How to get msf3 SVN How to get msf3 16. What
We Need
Knowledge of Exploitation Techniques
Minimal Ruby Knowledge
Debugger (Ollydbg Windbg)
Funny
17. Exploit Analisi sidvault.rb 18. Attach OllyDbg 19. Find
Offset With msf3 Utils 20. Find Offset With msf3 Utils 21. Find
Offset With msf3 Utils 22. Take Control Of EIP 23. Take Control Of
EIP 24. Check BadChars 25. Find A Valid Opcode 26. Find A Valid
Opcode 27. Exploit 28. Exploit 29. Contacts David Calligaris
[email_address] Send Your Resume We Are Hiring [email_address]
