MSF Auxiliary Modules

•

0 gefällt mir•2,153 views

Chris Gates

Gave a talk on auxiliary modules at Reverse Space in NoVA

Technologie

Metasploit Auxiliary Modules
Chris Gates
carnal0wnage

1

Outline

• Metasploit Framework Architecture
• Metasploit Libraries
• Auxiliary Modules Types
• Examples/Practical Examples

Metasploit Framework architecture

LIBRARIES INTERFACES
Console
TOOLS Rex

CLI
MSF Core
GUI &
Armitage

PLUGINS MSF Base
RPC

MODULES

Exploit Payload Encoder NOP Auxiliary

Libraries – Rex

• lib/rex/
• “Ruby EXploitation library”
• Basic library for most tasks
• Sockets, protocols, command shell interface
• SSL, SMB, HTTP, XOR, Base64, random text
• Intended to be useful outside of the framework

Libraries – MSF Core

• lib/msf/core
• “Ruby EXploitation library”
• Mixins for exploits and auxiliaries
• AuxiliaryScanner, Report, AuthBrute, etc

Libraries – MSF Core

• ExploitHTTP, FTP, Oracle, MSSQL, SMB

Libraries – MSF Core

• Auxiliary mixins makes use of REX libraries

Where they live

• Official modules live in msf3/modules/
– Subdirectories organized by module type (exploit/, auxiliary/,
post/, …)
• ~/.msf3/modules/ has same structure, loaded at startup if
it exists

What is an auxiliary module?

• Auxiliary – An exploit without a payload
– Underappreciated*
• Used mostly for discovery, fingerprinting, and
automating tasks :-)
• Makes use of the MSF REX library and other
mixins
• Uses run() instead of exploit()

Types of Auxiliary Modules

• Various scanners for protocols (SMB,
DCERPC, HTTP)
• Network protocol “fuzzers”
• Port scanner modules
• Wireless
• IPV6
• Denial of service modules
• Server modules
• Administrative access exploits

Various scanners for protocols

• Designed to help with reconnaissance
• Dozens of useful service scanners
• Simple module format, easy to use
• Specify THREADS for concurrency
– Keep this under 16 for native Windows
– 256 is fine on Linux
• Uses RHOSTS instead of RHOST

13

Scanner tricks & tips

• Uses OptAddressRange option class, similar
to nmap host specification
– 192.168.0.1,3,5-7
– 192.168.0.*
– www.metasploit.com/24
– file:/tmp/ranges.txt

14

IPv6

• Makes use of the IPV6rachet mixin

21

Denial of service modules

• Ummm Denial of Service modules…for those times when
you need to force a reboot 

22

Server modules

• Evil services, mostly for stealing credentials

23

Administrative access exploits

• Directory traversals
– Vmware, coldfusion
• Authentication bruteforcing
– SMB, HTTP, FTP
• Web application vulnerabilities

24

Administrative access exploits

• Directory traversal

25

Authentication Bruteforcing

• Authentication Bruteforcing

26

Practical Examples

• Practical Example
– Useragent checker

27

Questions?

Chris Gates

@carnal0wnage

cg@metasploit.com

Weitere ähnliche Inhalte

Andere mochten auch

Dirty Little Secrets They Didn't Teach You In Pentest Class v2

Chris Gates

MSF process model

Muhammad Taqi Hassan Bukhari

MSF (Microsoft Solution Framework)

Deniz Kılınç

Appsec DC - wXf -2010

Chris Gates

Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...

Chris Gates

In a rare mash-up, DevOps is increasingly blending the work of both application and network security professionals. In a quest to move faster, organizations can end up creating security vulnerabilities using the tools and products meant to protect them. Both Chris Gates (carnal0wnage) and Ken Johnson (cktricky) will share their collaborative research into the technology driving DevOps as well as share their stories of what happens when these tools are used insecurely as well as when the tools are just insecure. Technologies discussed will encompass AWS Technology, Chef, Puppet, Hudson/Jenkins, Vagrant, Kickstart and much, much more. Everything from common misconfigurations to remote code execution will be presented. This is research to bring awareness to those responsible for securing a DevOps environment.

Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015

Chris Gates

hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2

Chris Gates

Windows attacks - AT is the new black

Chris Gates

In a quest to move faster, organizations can end up creating security vulnerabilities using the tools and products meant to protect them. Both Chris Gates and Ken Johnson will share their collaborative research into the technology driving DevOps as well as share their stories of what happens when these tools are used insecurely as well as when the tools are just insecure. Technologies discussed will encompass AWS Technology, Chef, Puppet, Hudson/Jenkins, Vagrant, Kickstart and much, much more. This talk will most definitely be an entertaining one but a cautionary tale as well, provoking attendees into action. Ultimately, this is research targeted towards awareness for those operating within a DevOps environment.

DevOops & How I hacked you DevopsDays DC June 2015

Chris Gates

Top Security Challenges Facing Credit Unions Today

Chris Gates

In a follow-up to the duo’s offensive focused talk “DevOops, How I hacked you”, they discuss defensive countermeasures and real experiences in preventing attacks that target flaws in your DevOps environments. In this talk, Chris and Ken describe common ways in which DevOps environments fall prey to malicious actors with a focus on preventative steps. The team will present their recommended approach to hardening for teams using AWS, Continuous Integration, GitHub, and common DevOps tools and processes. More specifically, the following items will be demonstrated: -AWS Hardening -AWS Monitoring -AWS Disaster Recovery -GitHub Monitoring -OPINT -Software Development Practices/Processes -Secure use of Jenkins/Hudson -Developer laptop hardening (OS X)

DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016

Chris Gates

Lares from LOW to PWNED

Chris Gates

A little over a year ago I made the transition from external security consultant to internal offensive security engineer at Facebook. I went from a full time breaker to part time fixer. This talk is aimed at providing lessons learned and documenting the mindset changes I've made over the last year that I feel can be used by the industry as a whole. I've broken the lessons learned into three primary buckets; Red, Blue, and Purple and the talk will hopefully bring value to anyone working in their respective bucket or assist in their creation/continuing of purple teaming at their company.

Going Purple : From full time breaker to part time fixer: 1 year later

Chris Gates

Open Canary - novahackers

Chris Gates

Metasploit

Raghunath G

Brucon 2016 The evolution chain in security testing is fundamentally broken due to a lack of understanding, reduction of scope, and a reliance on vulnerability “whack a mole.” To help break the barriers of the common security program we are going to have to divorce ourselves from the metrics of vulnerability statistics and Pavlovian risk color charts and really get to work on how our security programs perform during a REAL event. To do so, we must create an entirely new set of metrics, tests, procedures, implementations and repeatable process. It is extremely rare that a vulnerability causes a direct risk to an environment, it is usually what the attacker DOES with the access gained that matters. In this talk we will discuss the way that Internal and external teams have been created to simulate a REAL WORLD attack and work hand in hand with the Defensive teams to measure the environments resistance to the attacks. We will demonstrate attacks, capabilities, TTP’s tracking, trending, positive metrics, hunt integration and most of all we will lay out a road map to STOP this nonsense of Red vs BLUE and realize that we are all on the same team. Sparring and training every day to be ready for the fight when it comes to us.

Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...

Chris Gates

Home Arcade setup (NoVA Hackers)

Chris Gates

ColdFusion for Penetration Testers

Chris Gates

Sector 2016 Chris Gates & Haydn Johnson Purple Teaming is conducting focused Red Teams with clear training objectives for the Blue Team for the ultimate goal of improving the organization’s overall security posture. The popular opinion is that Purple Teaming requires a big undertaking. This is not true and we will show practical exercises for Purple Teaming for varying levels of organizational maturity using the Cyber Kill Chain[1] as our framework.

Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...

Chris Gates

LasCon 2014 DevOoops

Chris Gates

Andere mochten auch (20)

Dirty Little Secrets They Didn't Teach You In Pentest Class v2

MSF process model

MSF (Microsoft Solution Framework)

Appsec DC - wXf -2010

Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...

Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015

hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2

Windows attacks - AT is the new black

DevOops & How I hacked you DevopsDays DC June 2015

Top Security Challenges Facing Credit Unions Today

DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016

Lares from LOW to PWNED

Going Purple : From full time breaker to part time fixer: 1 year later

Open Canary - novahackers

Metasploit

Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...

Home Arcade setup (NoVA Hackers)

ColdFusion for Penetration Testers

Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...

LasCon 2014 DevOoops

Ähnlich wie MSF Auxiliary Modules

Open Source Cyber Weaponry

Joshua L. Davis

01 Metasploit kung fu introduction

Mostafa Abdel-sallam

Containerization - The DevOps Revolution

Yulian Slobodyan

Apache Kafka

emreakis

Is That A Penguin In My Windows?

zeroSteiner

Redis Labcamp

Angelo Simone Scotto

David buksbaum a-briefintroductiontocsharp

Jorge Antonio Contre Vargas

XML Interfaces to the popular Nessus Scanner

Network Intelligence India

Xml interfaces to the popular nessus scanner

n|u - The Open Security Community

WSO2 Microservices Framework for Java - Product Overview

WSO2

OpenNaaS Overview Complete

Joan Garcia

RabbitMQ And Nanite

mattmatt

Configuration management with puppet

Jakub Stransky

Dotnet.ppt

VivekRaj101435

From the 2012 Percona Live MySQL Conference in Santa Clara, CA. Craigslist uses a variety of data storage systems in its backend systems: in-memory, SQL, and NoSQL. This talk is an overview of how craigslist works with a focus on the data storage and management choices that were made in each of its major subsystems. These include MySQL, memcached, Redis, MongoDB, Sphinx, and the filesystem. Special attention will be paid to the benefits and tradeoffs associated with choosing from the various popular data storage systems, including long-term viability, support, and ease of integration.

Living with SQL and NoSQL at craigslist, a Pragmatic Approach

Jeremy Zawodny

Ruby Microservices with RabbitMQ

Zoran Majstorovic

Apache2 BootCamp : Understanding Apache Internals

Wildan Maulana

In an increasingly competitive marketplace, speed and business agility are paramount. And integration between customer-facing systems and back-end applications is more crucial than ever. At this event, you'll learn how open source software built by communities, like Apache Camel, Docker, Kubernetes, OpenShift Origin, and Fabric8, can help organizations integrate services and establish effective continuous integration and delivery (CI/CD) pipelines.

Integration in the age of DevOps

Albert Wong

Microsoft .NET (dotnet) Framework 2003 - 2004 overview and web services…

Lorenz Lo Sauer

XMPP Academy #2

Mickaël Rémond

Ähnlich wie MSF Auxiliary Modules (20)

Open Source Cyber Weaponry

01 Metasploit kung fu introduction

Containerization - The DevOps Revolution

Apache Kafka

Is That A Penguin In My Windows?

Redis Labcamp

David buksbaum a-briefintroductiontocsharp

XML Interfaces to the popular Nessus Scanner

Xml interfaces to the popular nessus scanner

WSO2 Microservices Framework for Java - Product Overview

OpenNaaS Overview Complete

RabbitMQ And Nanite

Configuration management with puppet

Dotnet.ppt

Living with SQL and NoSQL at craigslist, a Pragmatic Approach

Ruby Microservices with RabbitMQ

Apache2 BootCamp : Understanding Apache Internals

Integration in the age of DevOps

Microsoft .NET (dotnet) Framework 2003 - 2004 overview and web services…

XMPP Academy #2

Mehr von Chris Gates

Reiki 101 - Defcon29 MHHV

Chris Gates

Contrary to most presentations and blog posts there is more to AWS than S3. In a quest to create more re-usable code we have created WeirdAAL (AWS Attack Library). Offensively, WeirdAAL helps you answer the “what can I do with this AWS key”? We aim to answer that question, in a blackbox way, via recon modules and modules specifically dedicated to attack each of the interesting AWS service offerings while avoiding detection. It also provides multiple functions sorted by AWS service that you can use for both offensive and defensive checks.

WeirdAAL (Awesome Attack Library) CactusCon 2018

Chris Gates

WeirdAAL (AWS Attack Library)

Chris Gates

PENETRATION TESTING FROM A HOT TUB TIME MACHINE

Chris Gates

The evolution chain in security testing is fundamentally broken due to a lack of understanding, reduction of scope, and a reliance on vulnerability “whack a mole.” To help break the barriers of the common security program we are going to have to divorce ourselves from the metrics of vulnerability statistics and Pavlovian risk color charts and really get to work on how our security programs perform during a REAL event. To do so, we must create an entirely new set of metrics, tests, procedures, implementations and repeatable process. It is extremely rare that a vulnerability causes a direct risk to an environment, it is usually what the attacker DOES with the access gained that matters. In this talk, we will discuss the way that Internal and external teams have been created to simulate a REAL WORLD attack and work hand in hand with the Defensive teams to measure the environments resistance to the attacks. We will demonstrate attacks, capabilities, TTP’s tracking, trending, positive metrics, hunt integration and most of all we will lay out a road map to STOP this nonsense of Red vs BLUE and realize that we are all on the same team. Sparring and training every day to be ready for the fight when it comes to us. This is an update to our 2016 Brucon talk. We plan to discuss what have we accomplished regarding the above in the last year. We plan to show how we have progressed with the automation of attacker activities and event generation using MITRE’s Cyber Analytics Repository & CAR Exploration Tool (CARET) along with pumping these results to Unfetter (https://iadgov.github.io/unfetter/) for aggregation and display in a useful format.

Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017

Chris Gates

DevOps toolchains are transforming modern IT, but hackers can undermine their benefits through poorly implemented or vulnerable DevOps tools. Chris Gates and Ken Johnson will share their collaborative attack research into the technology driving DevOps. They will share an attacker's perspective on exploiting DevOps organizations and the countermeasures these organizations should employ. RSAC 2017 Ken Johnson & Chris Gates

DevOOPS: Attacks and Defenses for DevOps Toolchains

Chris Gates

Open Source Information Gathering Brucon Edition

Chris Gates

The Dirty Little Secrets They Didn’t Teach You In Pentesting Class

Chris Gates

This presentation focuses on pentesting high security environments, new ways of identifying/bypassing common security mechanisms, owning the domain, staying persistent, and ex-filtrating critical data from the network without being detected. The term Advanced Persistent Threat (APT) has caused quite a stir in the IT Security field, but few pentesters actually utilize APT techniques and tactics in their pentests.

Big Bang Theory: The Evolution of Pentesting High Security Environments

Chris Gates

SOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXf

Chris Gates

Hacking Oracle Web Applications With Metasploit

Chris Gates

Attacking Oracle with the Metasploit Framework

Chris Gates

Client-Side Penetration Testing Presentation

Chris Gates

Mehr von Chris Gates (13)

Reiki 101 - Defcon29 MHHV

WeirdAAL (Awesome Attack Library) CactusCon 2018

WeirdAAL (AWS Attack Library)

PENETRATION TESTING FROM A HOT TUB TIME MACHINE

Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017

DevOOPS: Attacks and Defenses for DevOps Toolchains

Open Source Information Gathering Brucon Edition

The Dirty Little Secrets They Didn’t Teach You In Pentesting Class

Big Bang Theory: The Evolution of Pentesting High Security Environments

SOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXf

Hacking Oracle Web Applications With Metasploit

Attacking Oracle with the Metasploit Framework

Client-Side Penetration Testing Presentation

Kürzlich hochgeladen

Architecting Cloud Native Applications

WSO2

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

The action of the next cyber saga takes place in the mystical lands of the Asia-Pacific region, where the main characters began their digital activities in the middle of 2021 and qualitatively strengthened it in 2022. Corporate espionage, document theft, audio recordings, and data leaks from messaging platforms were all a matter of one day for Dark Pink. Their geographical focus may have started in the Asia-Pacific region, but their ambitions knew no bounds, targeting a European government ministry in a bold move to expand their portfolio. Their victim profile was as diverse as a UN meeting, targeting military organizations, government agencies, and even a religious organization. Because discrimination is not a fashionable agenda. In the world of cybercrime, they serve as a reminder that sometimes the most serious threats come in the most unassuming packages with a pink bow.

Cyberprint. Dark Pink Apt Group [EN].pdf

Overkill Security

Exploring Multimodal Embeddings with Milvus

Zilliz

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

AXA XL - Insurer Innovation Award Americas 2024

The Digital Insurer

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Kürzlich hochgeladen (20)

Architecting Cloud Native Applications

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Cyberprint. Dark Pink Apt Group [EN].pdf

Exploring Multimodal Embeddings with Milvus

Exploring the Future Potential of AI-Enabled Smartphone Processors

AXA XL - Insurer Innovation Award Americas 2024

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Apidays New York 2024 - The value of a flexible API Management solution for O...

How to Troubleshoot Apps for the Modern Connected Worker

MS Copilot expands with MS Graph connectors

Corporate and higher education May webinar.pptx

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Artificial Intelligence Chap.5 : Uncertainty

Axa Assurance Maroc - Insurer Innovation Award 2024

MSF Auxiliary Modules

1. Metasploit Auxiliary Modules Chris Gates carnal0wnage 1

2. Outline • Metasploit Framework Architecture • Metasploit Libraries • Auxiliary Modules Types • Examples/Practical Examples

3. Metasploit Framework architecture LIBRARIES INTERFACES Console TOOLS Rex CLI MSF Core GUI & Armitage PLUGINS MSF Base RPC MODULES Exploit Payload Encoder NOP Auxiliary

4. Libraries – Rex • lib/rex/ • “Ruby EXploitation library” • Basic library for most tasks • Sockets, protocols, command shell interface • SSL, SMB, HTTP, XOR, Base64, random text • Intended to be useful outside of the framework

5. Libraries – MSF Core • lib/msf/core • “Ruby EXploitation library” • Mixins for exploits and auxiliaries • AuxiliaryScanner, Report, AuthBrute, etc

6. Libraries – MSF Core • ExploitHTTP, FTP, Oracle, MSSQL, SMB

7. Libraries – MSF Core • Auxiliary mixins makes use of REX libraries

8. Where they live • Official modules live in msf3/modules/ – Subdirectories organized by module type (exploit/, auxiliary/, post/, …) • ~/.msf3/modules/ has same structure, loaded at startup if it exists

9. What is an auxiliary module? • Auxiliary – An exploit without a payload – Underappreciated* • Used mostly for discovery, fingerprinting, and automating tasks :-) • Makes use of the MSF REX library and other mixins • Uses run() instead of exploit()

10. Types of Auxiliary Modules • Various scanners for protocols (SMB, DCERPC, HTTP) • Network protocol “fuzzers” • Port scanner modules • Wireless • IPV6 • Denial of service modules • Server modules • Administrative access exploits

11. Various scanners for protocols 11

12. Various scanners for protocols 12

13. Various scanners for protocols • Designed to help with reconnaissance • Dozens of useful service scanners • Simple module format, easy to use • Specify THREADS for concurrency – Keep this under 16 for native Windows – 256 is fine on Linux • Uses RHOSTS instead of RHOST 13

14. Scanner tricks & tips • Uses OptAddressRange option class, similar to nmap host specification – 192.168.0.1,3,5-7 – 192.168.0.* – www.metasploit.com/24 – file:/tmp/ranges.txt 14

15. Scanner Tricks & Tips 15

16. Scanner Tricks & Tips 16

17. Network protocol “fuzzers” 17

18. Port scanner modules 18

19. Port scanner modules 19

20. Wireless 20

21. IPv6 • Makes use of the IPV6rachet mixin 21

22. Denial of service modules • Ummm Denial of Service modules…for those times when you need to force a reboot  22

23. Server modules • Evil services, mostly for stealing credentials 23

24. Administrative access exploits • Directory traversals – Vmware, coldfusion • Authentication bruteforcing – SMB, HTTP, FTP • Web application vulnerabilities 24

25. Administrative access exploits • Directory traversal 25

26. Authentication Bruteforcing • Authentication Bruteforcing 26

27. Practical Examples • Practical Example – Useragent checker 27

28. Questions? Chris Gates @carnal0wnage cg@metasploit.com

MSF Auxiliary Modules

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Andere mochten auch

Andere mochten auch (20)

Ähnlich wie MSF Auxiliary Modules

Ähnlich wie MSF Auxiliary Modules (20)

Mehr von Chris Gates

Mehr von Chris Gates (13)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

MSF Auxiliary Modules