Powerpreter: Post Exploitation like a Boss
•Als PPTX, PDF herunterladen•
2 gefällt mir•8,726 views
Slides of my talk at Defcon 21
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (20)
Ähnlich wie Powerpreter: Post Exploitation like a Boss
Ähnlich wie Powerpreter: Post Exploitation like a Boss (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Powerpreter: Post Exploitation like a Boss
- 1. PowerPreter: Post Exploitation like a boss Nikhil “SamratAshok” Mittal
- 2. Get-Host • Hacker who goes by the handle SamratAshok • Twitter - @nikhil_mitt • Blog – http://labofapenetrationtester.blogspot.com • Creator of Kautilya and Nishang • Interested in Offensive Information Security, new attack vectors and methodologies to pwn systems. • Freelance penetration tester *hint* • Spoken at BlackHat, Troopers, PHDays and more 2Powerpreter by Nikhil Mittal
- 3. Get-Content • Need for Post Exploitation • PowerShell • Why PowerShell? • Introducing – Powerpreter – Architecture – Usage – Payloads – Capabilities – Deployment • Antak – The WebShell • Limitations • Conclusion 3Powerpreter by Nikhil Mittal
- 4. Need for Post Exploitation • The most important part of a penetration test. • Guy who will pay you $$$ do not understand technology (neither he wants to). A “shell” is not what he wants from you. • IMHO, this differentiates a good pen tester and one-click-i-pwn-you-omg pen tester. • Etc Etc 4Powerpreter by Nikhil Mittal
- 5. PowerShell • A shell and scripting language present by default on new Windows machines. • Designed to automate things and make life easier for system admin. • Based on .Net framework and is tightly integrated with Windows. 5Powerpreter by Nikhil Mittal
- 6. 6Powerpreter by Nikhil Mittal
- 7. Why PowerShell? • Provides access to almost everything in a Windows platform which could be useful for an attacker. • Easy to learn and really powerful. • Trusted by the countermeasures and system administrators. • Consider it bash of Windows. • Less dependence on msf and <insert_linux_scripting>-to-executable libraries. 7Powerpreter by Nikhil Mittal
- 8. Powerpreter - Introduction • A post exploitation tool written completely in powershell. • To be a part of Nishang, powershell based post exploitation framework, written by the speaker. • The name is similar to meterpreter. Powerpreter wants to be like meterpreter after growing up :) 8Powerpreter by Nikhil Mittal
- 9. Powerpreter - Architecture • Powerpreter is a powershell module and/or script depending on the usage. • Payloads and features in powerpreter are structured as functions. Separate function for each functionality. • It could be easily extended to include new scripts, just add a new function and it would be used with other options. 9Powerpreter by Nikhil Mittal
- 10. Powerpreter – Usage • Powerpreter is best used from a Powershell Remote Session. • It could be imported as a module and the functionalities get loaded in the current session. • It could also be used with meterpreter and “possibly” other shells as well. 10Powerpreter by Nikhil Mittal
- 11. Powerpreter – Payloads • Payloads depend on the privileges available. • Many useful payloads. • Better seen in the demo. 11Powerpreter by Nikhil Mittal
- 12. Powerpreter – Capabilities • Persistence • Pivoting • Admin to SYSTEM • Helper functionalities • Etc Etc 12Powerpreter by Nikhil Mittal
- 13. Powerpreter – Deployment • From a powershell session • Using meterpreter. • Using psexec. • Drive-by-download • Human Interface Device (Bare bones preferred) 13Powerpreter by Nikhil Mittal
- 14. Powerpreter - DEMO 14Powerpreter by Nikhil Mittal
- 15. Antak- The Webshell • Named after God of Death (Yamraj) in Indian mythology….muhahaha • Written in C#.Net (that is what I call it). • The UI is designed to look like a powershell prompt. • Ability to upload & download files, executing commands. • Scripts can be executed by using the “Encode and Execute” option. • If remoting is enabled, commands/scripts on remote systems can be executed. 15Powerpreter by Nikhil Mittal
- 16. BTW meet Yamraj Powerpreter by Nikhil Mittal 16
- 17. Limitations • Yet to undergo community testing. • Keylogger does not work from powershell remoting session. • Backdoors can be detected with careful traffic analysis. • Pivot depends upon powershell remoting. 17Powerpreter by Nikhil Mittal
- 18. Conclusion • Powershell provides much control over a Windows system and Windows based network • Powerpreter has been designed to derive its power from above fact and provides (or at least attempts to) a useful set of features for penetration testers. • Obviously, there are other ways to achieve similar things. Powerpreter just makes it easier. 18Powerpreter by Nikhil Mittal
- 19. Thanks/Credit/Greetz • Thanks to my friend Arthur Donkers for helping me to come to Defcon. • Thanks/Credit/Greetz/Shoutz to powershell hackers (in no particular order) @obscuresec, @mattifestation, @Carlos_Perez, @Lee_Holmes, @ScriptingGuys, @BrucePayette, @adamdiscroll, @JosephBialek, @dave_rel1k and all bloggers and book writers. • Go see another awesome powershell talk in Track- 2 tomorrow – “PowerPwning: Post-Exploiting By Overpowering PowerShell by Joe Bialek“ 19Powerpreter by Nikhil Mittal
- 20. Thank You • Questions? • Insults? • Feedback? • Powerpreter would be available at http://code.google.com/p/nishang/ • Follow me @nikhil_mitt • Latest slides for this preso could be found at: http://labofapenetrationtester.blogspot.in/p/blog- page.html 20Powerpreter by Nikhil Mittal