SlideShare ist ein Scribd-Unternehmen logo

The State of the Metasploit Framework

egypt
egypt

The document summarizes the past, present, and future of the Metasploit framework. In the past, the framework was tied to its directory structure and modules would break if moved. Currently, the focus is on usability, scalability, passwords, better payloads, and post exploitation. Going forward, there will be continued work on authenticated code execution, payloads for additional platforms, and improving post exploitation modules and APIs.

TechnologieBildung
1 von 43
Downloaden Sie, um offline zu lesen
We interrupt your regularly scheduled programming to bring you…
The State of the Framework
Past
We must know where we came from to know where we are going
4.0 3.0 3.6 3.1 3.2 3.4 BSD 2003 … 2007 2008 2009 2010 2011 2012
Modules by type and release 1400 1200 1000 800 Post 600 Auxiliary Exploit 400 200 0 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 4.0
Auxiliary Exploit Post 1-Jul-2011 Modules Over Time 1-Mar-2011 1-Nov-2010 1-Jul-2010 1-Mar-2010 1-Nov-2009 1-Jul-2009 1-Mar-2009 1-Nov-2008 1-Jul-2008 1-Mar-2008 1-Nov-2007 1-Jul-2007 1-Mar-2007 0 800 700 600 500 400 300 200 100
Module Format • Originally tied to directory structure – Now more flexible • Module broke if you mv'd it
Uses for Metasploit • Running exploits, getting shells • Creating exploits
Present
Focuses for 4.0 • Usability • Scalability • Passwords • Better payloads • Post exploitation
Usability • Installers that make everything easy • Help for most commands • Database command improvements • Msfvenom
Everything Works Out of the Box • Ruby 1.9.2 • Postgres • Java (for msfgui, armitage) • Option to automatically update • pcaprub
The Database • Auto configured by installer • Now a core feature used by lots of modules – Almost all auxiliaries, many posts • Scales much better than before • Better search capabilities • Workspaces for logical separation
Scalability
Recent Focus on Passwords • Authenticated code execution by design is better than an exploit • Obvious: SSH, Telnet, RDP, VNC • Less obvious: – MySQL/MSSQL/PostgreSQL – Tomcat/Axis2/JBOSS/Glassfish – ManageEngine
Payloads • Dozens of formats and architectures – PHP; Java (jar, war, jsp); Win32, 64; BSD; OSX – x86, PPC, ARM, MIPS, cmd exec, … • Reverse HTTP(s) stagers for Win32, Java meterpreters • Railgun
Post Modules • Biggest change in a long time • Replaces meterpreter scripts • More comprehensive Post-exploitation API – OMG Railgun – Shell sessions, too – You should have been in Rob and Chris' talk • My utopian ideal: post mods work on all kinds of sessions on all supported platforms
Moar Passwerdz
Uses for Metasploit • Running exploits, getting shells • Creating exploits • Auxiliary modules, discovery, systems admin • Post exploitation, looting pwned boxes • Data collection and correlation
Future
Future of Exploits • Continued focus on Authenticated Code Exec – Oracle, various CMSes • Hack all the things
Future of Payloads • Linux meterpreter – Yes, I know I've been saying this for 3 years • Java meterpreter to keep pace with Win32 – Thanks to mihi • Meterpreter needs to only load stuff that makes sense for the platform • IPv6 support for more stuff – Mostly works, 32-bit Windows and Linux payloads – Toredo
Future of Post Exploitation • Huge amount of community dev going into Post modules • Password stealers for every conceivable application that stores them – Thanks TheLightCosine! • More local privesc exploits
More Post Exploitation • More and better APIs – Cross-platform pilfering • Easier
Future of Modules in General • Some form of exploit abstraction • Transport should be a user option – Not a whole different module with the same exploit code – Example: PDF exploits over HTTP, FTP, SMB, email
Startup Time
Contributing Should be Easy
Contribution Workflow Ask about it in Find a bug Submit a ticket IRC Get tired of Tell me I forgot waiting, fix it Submit a patch about it yourself Remind me Give up again
Documentation • Two main sources of documentation right now – Reading 500k lines of ruby source – Asking me in IRC • It was hard to write, it should be hard to read, dammit!
Documentation • Updated users' guide • Updated developers' guide • Clean up rdoc
Installation Should be Easier • Everything should *really* work out of the box • Everything should be configurable from the commandline • Install Express/Pro without another big download of mostly the same stuff – I know, shameless plug, but hey it pays for all the rest of this
Uses for Metasploit • Running exploits, getting shells • Creating exploits • Auxiliary modules, discovery, systems admin • Post exploitation, looting pwned boxes • Data collection and correlation • And….
Why? • Metasploit should be the first and the last tool you need • Anything that gets you access – Proof positive tool – Not just exploits, identities • Maintain that access • Use your access to achieve your goals • Store all of the above in a manageable way
Questions? • If I have ever kickbanned you in #metasploit, I'm sorry – But not that sorry, you should have googled more

Empfohlen

Rejectkaigi 2010
Rejectkaigi 2010Rejectkaigi 2010
Rejectkaigi 2010John Woodell
 
JRuby - The Best of Java and Ruby
JRuby - The Best of Java and RubyJRuby - The Best of Java and Ruby
JRuby - The Best of Java and RubyEvgeny Rahman
 
Días productivos
Días productivosDías productivos
Días productivosIsabel Avendaño
 
Nuestra Cotidianidad
Nuestra CotidianidadNuestra Cotidianidad
Nuestra CotidianidadIsabel Avendaño
 
Articuloosopanda fatla1
Articuloosopanda fatla1Articuloosopanda fatla1
Articuloosopanda fatla1Isabel Avendaño
 
Arya 2
Arya 2Arya 2
Arya 2arunkelluri
 
10x Performance Improvements - A Case Study
10x Performance Improvements - A Case Study10x Performance Improvements - A Case Study
10x Performance Improvements - A Case StudyRonald Bradford
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploitTiago Henriques
 

Empfohlen

Rejectkaigi 2010
Rejectkaigi 2010Rejectkaigi 2010
Rejectkaigi 2010John Woodell
 
JRuby - The Best of Java and Ruby
JRuby - The Best of Java and RubyJRuby - The Best of Java and Ruby
JRuby - The Best of Java and RubyEvgeny Rahman
 
Días productivos
Días productivosDías productivos
Días productivosIsabel Avendaño
 
Nuestra Cotidianidad
Nuestra CotidianidadNuestra Cotidianidad
Nuestra CotidianidadIsabel Avendaño
 
Articuloosopanda fatla1
Articuloosopanda fatla1Articuloosopanda fatla1
Articuloosopanda fatla1Isabel Avendaño
 
Arya 2
Arya 2Arya 2
Arya 2arunkelluri
 
10x Performance Improvements - A Case Study
10x Performance Improvements - A Case Study10x Performance Improvements - A Case Study
10x Performance Improvements - A Case StudyRonald Bradford
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploitTiago Henriques
 
Big Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a BudgetBig Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a BudgetJoshua L. Davis
 
Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)Chris Aniszczyk
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...EC-Council
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
Pharo Status
Pharo StatusPharo Status
Pharo StatusJannik Laval
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGuillaume Laforge
 
Metasploit Module Development
Metasploit Module DevelopmentMetasploit Module Development
Metasploit Module Developmentkyaw thiha
 
What's new with Apache Tika?
What's new with Apache Tika?What's new with Apache Tika?
What's new with Apache Tika?gagravarr
 
Akka Actors
Akka ActorsAkka Actors
Akka ActorsDylan Forciea
 
Introduction to libre « fulltext » technology
Introduction to libre « fulltext » technologyIntroduction to libre « fulltext » technology
Introduction to libre « fulltext » technologyRobert Viseur
 
Oscon 2010
Oscon 2010Oscon 2010
Oscon 2010John Woodell
 
Django in enterprise world
Django in enterprise worldDjango in enterprise world
Django in enterprise worldSimone Federici
 
Movable Type 5.1 最新情報
Movable Type 5.1 最新情報Movable Type 5.1 最新情報
Movable Type 5.1 最新情報Six Apart KK
 
#dd12 IBM Lotus Traveler High Availability in a nutshell
#dd12 IBM Lotus Traveler High Availability in a nutshell#dd12 IBM Lotus Traveler High Availability in a nutshell
#dd12 IBM Lotus Traveler High Availability in a nutshellDominopoint - Italian Lotus User Group
 
Large Files without the Trials
Large Files without the TrialsLarge Files without the Trials
Large Files without the TrialsJazkarta, Inc.
 
Message:Passing - lpw 2012
Message:Passing - lpw 2012Message:Passing - lpw 2012
Message:Passing - lpw 2012Tomas Doran
 
Oracle 11g R2 Live Part 2
Oracle 11g R2 Live Part 2Oracle 11g R2 Live Part 2
Oracle 11g R2 Live Part 2Oracle Corporation
 
Finite State Queries In Lucene
Finite State Queries In LuceneFinite State Queries In Lucene
Finite State Queries In Luceneotisg
 
Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2Beau Lebens
 
Privilege Escalation with Metasploit
Privilege Escalation with MetasploitPrivilege Escalation with Metasploit
Privilege Escalation with Metasploitegypt
 
The State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdfThe State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdfegypt
 

Weitere ähnliche Inhalte

Ähnlich wie The State of the Metasploit Framework

Big Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a BudgetBig Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a BudgetJoshua L. Davis
 
Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)Chris Aniszczyk
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...EC-Council
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGuillaume Laforge
 
Metasploit Module Development
Metasploit Module DevelopmentMetasploit Module Development
Metasploit Module Developmentkyaw thiha
 
What's new with Apache Tika?
What's new with Apache Tika?What's new with Apache Tika?
What's new with Apache Tika?gagravarr
 
Introduction to libre « fulltext » technology
Introduction to libre « fulltext » technologyIntroduction to libre « fulltext » technology
Introduction to libre « fulltext » technologyRobert Viseur
 
Django in enterprise world
Django in enterprise worldDjango in enterprise world
Django in enterprise worldSimone Federici
 
Movable Type 5.1 最新情報
Movable Type 5.1 最新情報Movable Type 5.1 最新情報
Movable Type 5.1 最新情報Six Apart KK
 
Large Files without the Trials
Large Files without the TrialsLarge Files without the Trials
Large Files without the TrialsJazkarta, Inc.
 
Message:Passing - lpw 2012
Message:Passing - lpw 2012Message:Passing - lpw 2012
Message:Passing - lpw 2012Tomas Doran
 
Finite State Queries In Lucene
Finite State Queries In LuceneFinite State Queries In Lucene
Finite State Queries In Luceneotisg
 
Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2Beau Lebens
 

Ähnlich wie The State of the Metasploit Framework (20)

Big Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a BudgetBig Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a Budget
 
Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
Pharo Status
Pharo StatusPharo Status
Pharo Status
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
 
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
 
Metasploit Module Development
Metasploit Module DevelopmentMetasploit Module Development
Metasploit Module Development
 
What's new with Apache Tika?
What's new with Apache Tika?What's new with Apache Tika?
What's new with Apache Tika?
 
Akka Actors
Akka ActorsAkka Actors
Akka Actors
 
Introduction to libre « fulltext » technology
Introduction to libre « fulltext » technologyIntroduction to libre « fulltext » technology
Introduction to libre « fulltext » technology
 
Oscon 2010
Oscon 2010Oscon 2010
Oscon 2010
 
Django in enterprise world
Django in enterprise worldDjango in enterprise world
Django in enterprise world
 
Movable Type 5.1 最新情報
Movable Type 5.1 最新情報Movable Type 5.1 最新情報
Movable Type 5.1 最新情報
 
#dd12 IBM Lotus Traveler High Availability in a nutshell
#dd12 IBM Lotus Traveler High Availability in a nutshell#dd12 IBM Lotus Traveler High Availability in a nutshell
#dd12 IBM Lotus Traveler High Availability in a nutshell
 
Large Files without the Trials
Large Files without the TrialsLarge Files without the Trials
Large Files without the Trials
 
Message:Passing - lpw 2012
Message:Passing - lpw 2012Message:Passing - lpw 2012
Message:Passing - lpw 2012
 
Oracle 11g R2 Live Part 2
Oracle 11g R2 Live Part 2Oracle 11g R2 Live Part 2
Oracle 11g R2 Live Part 2
 
Finite State Queries In Lucene
Finite State Queries In LuceneFinite State Queries In Lucene
Finite State Queries In Lucene
 
Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2
 

Mehr von egypt

Privilege Escalation with Metasploit
Privilege Escalation with MetasploitPrivilege Escalation with Metasploit
Privilege Escalation with Metasploitegypt
 
The State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdfThe State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdfegypt
 
New Shiny in the Metasploit Framework
New Shiny in the Metasploit FrameworkNew Shiny in the Metasploit Framework
New Shiny in the Metasploit Frameworkegypt
 
Open Source, Security, and Open Source Security.pdf
Open Source, Security, and Open Source Security.pdfOpen Source, Security, and Open Source Security.pdf
Open Source, Security, and Open Source Security.pdfegypt
 
Authenticated Code Execution by Design.pptx
Authenticated Code Execution by Design.pptxAuthenticated Code Execution by Design.pptx
Authenticated Code Execution by Design.pptxegypt
 
One-Liners to Rule Them All
One-Liners to Rule Them AllOne-Liners to Rule Them All
One-Liners to Rule Them Allegypt
 
Offensive Security with Metasploit
Offensive Security with MetasploitOffensive Security with Metasploit
Offensive Security with Metasploitegypt
 
Shiny
ShinyShiny
Shinyegypt
 
already-0wned
already-0wnedalready-0wned
already-0wnedegypt
 
Post Metasploitation
Post MetasploitationPost Metasploitation
Post Metasploitationegypt
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Frameworkegypt
 
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...egypt
 

Mehr von egypt (12)

Privilege Escalation with Metasploit
Privilege Escalation with MetasploitPrivilege Escalation with Metasploit
Privilege Escalation with Metasploit
 
The State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdfThe State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdf
 
New Shiny in the Metasploit Framework
New Shiny in the Metasploit FrameworkNew Shiny in the Metasploit Framework
New Shiny in the Metasploit Framework
 
Open Source, Security, and Open Source Security.pdf
Open Source, Security, and Open Source Security.pdfOpen Source, Security, and Open Source Security.pdf
Open Source, Security, and Open Source Security.pdf
 
Authenticated Code Execution by Design.pptx
Authenticated Code Execution by Design.pptxAuthenticated Code Execution by Design.pptx
Authenticated Code Execution by Design.pptx
 
One-Liners to Rule Them All
One-Liners to Rule Them AllOne-Liners to Rule Them All
One-Liners to Rule Them All
 
Offensive Security with Metasploit
Offensive Security with MetasploitOffensive Security with Metasploit
Offensive Security with Metasploit
 
Shiny
ShinyShiny
Shiny
 
already-0wned
already-0wnedalready-0wned
already-0wned
 
Post Metasploitation
Post MetasploitationPost Metasploitation
Post Metasploitation
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
 
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
 

Kürzlich hochgeladen

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Kürzlich hochgeladen (20)

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

The State of the Metasploit Framework

  • 1.
  • 2. We interrupt your regularly scheduled programming to bring you…
  • 3. The State of the Framework
  • 5. We must know where we came from to know where we are going
  • 6.
  • 7.
  • 8.
  • 9. 4.0 3.0 3.6 3.1 3.2 3.4 BSD 2003 … 2007 2008 2009 2010 2011 2012
  • 10. Modules by type and release 1400 1200 1000 800 Post 600 Auxiliary Exploit 400 200 0 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 4.0
  • 11. Auxiliary Exploit Post 1-Jul-2011 Modules Over Time 1-Mar-2011 1-Nov-2010 1-Jul-2010 1-Mar-2010 1-Nov-2009 1-Jul-2009 1-Mar-2009 1-Nov-2008 1-Jul-2008 1-Mar-2008 1-Nov-2007 1-Jul-2007 1-Mar-2007 0 800 700 600 500 400 300 200 100
  • 12. Module Format • Originally tied to directory structure – Now more flexible • Module broke if you mv'd it
  • 13. Uses for Metasploit • Running exploits, getting shells • Creating exploits
  • 14.
  • 16.
  • 17. Focuses for 4.0 • Usability • Scalability • Passwords • Better payloads • Post exploitation
  • 18. Usability • Installers that make everything easy • Help for most commands • Database command improvements • Msfvenom
  • 19. Everything Works Out of the Box • Ruby 1.9.2 • Postgres • Java (for msfgui, armitage) • Option to automatically update • pcaprub
  • 20. The Database • Auto configured by installer • Now a core feature used by lots of modules – Almost all auxiliaries, many posts • Scales much better than before • Better search capabilities • Workspaces for logical separation
  • 22. Recent Focus on Passwords • Authenticated code execution by design is better than an exploit • Obvious: SSH, Telnet, RDP, VNC • Less obvious: – MySQL/MSSQL/PostgreSQL – Tomcat/Axis2/JBOSS/Glassfish – ManageEngine
  • 23. Payloads • Dozens of formats and architectures – PHP; Java (jar, war, jsp); Win32, 64; BSD; OSX – x86, PPC, ARM, MIPS, cmd exec, … • Reverse HTTP(s) stagers for Win32, Java meterpreters • Railgun
  • 24. Post Modules • Biggest change in a long time • Replaces meterpreter scripts • More comprehensive Post-exploitation API – OMG Railgun – Shell sessions, too – You should have been in Rob and Chris' talk • My utopian ideal: post mods work on all kinds of sessions on all supported platforms
  • 26. Uses for Metasploit • Running exploits, getting shells • Creating exploits • Auxiliary modules, discovery, systems admin • Post exploitation, looting pwned boxes • Data collection and correlation
  • 28. Future of Exploits • Continued focus on Authenticated Code Exec – Oracle, various CMSes • Hack all the things
  • 29. Future of Payloads • Linux meterpreter – Yes, I know I've been saying this for 3 years • Java meterpreter to keep pace with Win32 – Thanks to mihi • Meterpreter needs to only load stuff that makes sense for the platform • IPv6 support for more stuff – Mostly works, 32-bit Windows and Linux payloads – Toredo
  • 30. Future of Post Exploitation • Huge amount of community dev going into Post modules • Password stealers for every conceivable application that stores them – Thanks TheLightCosine! • More local privesc exploits
  • 31. More Post Exploitation • More and better APIs – Cross-platform pilfering • Easier
  • 32. Future of Modules in General • Some form of exploit abstraction • Transport should be a user option – Not a whole different module with the same exploit code – Example: PDF exploits over HTTP, FTP, SMB, email
  • 35. Contribution Workflow Ask about it in Find a bug Submit a ticket IRC Get tired of Tell me I forgot waiting, fix it Submit a patch about it yourself Remind me Give up again
  • 36.
  • 37. Documentation • Two main sources of documentation right now – Reading 500k lines of ruby source – Asking me in IRC • It was hard to write, it should be hard to read, dammit!
  • 38. Documentation • Updated users' guide • Updated developers' guide • Clean up rdoc
  • 39. Installation Should be Easier • Everything should *really* work out of the box • Everything should be configurable from the commandline • Install Express/Pro without another big download of mostly the same stuff – I know, shameless plug, but hey it pays for all the rest of this
  • 40. Uses for Metasploit • Running exploits, getting shells • Creating exploits • Auxiliary modules, discovery, systems admin • Post exploitation, looting pwned boxes • Data collection and correlation • And….
  • 41.
  • 42. Why? • Metasploit should be the first and the last tool you need • Anything that gets you access – Proof positive tool – Not just exploits, identities • Maintain that access • Use your access to achieve your goals • Store all of the above in a manageable way
  • 43. Questions? • If I have ever kickbanned you in #metasploit, I'm sorry – But not that sorry, you should have googled more