More than Just Lines on a Map: Best Practices for U.S Bike Routes
Multi-Player Metasploit: Double Penetration Made Easy
1. Multiplayer Metasploit
Double Penetration Made Easy
Ryan Linn
Skytalks Defcon 2010
Saturday, July 31, 2010
2. Outline
• What are we talking about
• Why do we care
• Overview of using XMLRPC
• Overview of requests
• Demos
Saturday, July 31, 2010
3. What are we talking
about
• Automation
• Multiple people using same MSF
instance
• Ability to pass shells/targets from one
person to next
• Facilitating sharing and ease of use
with Metasploit
Saturday, July 31, 2010
4. Why do we Care
• Most pen tests have time limitations,
lets maximize what we get done
• Repetitive tasks get boring, automate
the sucky shit
• Testing outside of pen test scenario. Do
you know what your IDS/IPS/AV/
NIPS/HIPS does and doesn’t detect ?
Saturday, July 31, 2010
5. Overview of Using XMLRPC
• 2 Types:
• Standard: raw XMLRPC null terminated
• Web: XMLRPC over http, what most folks use
• Typically bound to localhost, but can be bound
to any adapter/IP
• Authenticates via username/password
• Subsequent calls require tokens
• Tokens expire every 15 mins
Saturday, July 31, 2010
6. Overview of Requests
• Auth requests
• Module requests
• Job requests
• Session requests
• Soon to be DB requests
Saturday, July 31, 2010
7. Auth Requests
• Auth.Login
• takes username and password
• Returns token
• Token expires every 15 mins
• I usually refresh every 10
Saturday, July 31, 2010
11. Demos
• Service Startup
• Launching Nmap with Nsploit
• Scripting Attacks
• Scripting Recon
• BeEF Injection and XMLRPC
Saturday, July 31, 2010
12. Contact Info
• Twitter: @sussurro
• Blog: blog.happypacket.net
• Email: sussurro@happypacket.net
Saturday, July 31, 2010
13. Thanks
• 303 Crew for hosting
• Y’all for coming out
• Heather, Ed, Brian, HD, Egypt, and
everyone else who helped me with
code, ideas, and stuff
Saturday, July 31, 2010