practical exploitation and social engineering

Practical Exploitation: Introduction to Metasploit, Social Engineering and a few other tools

Speakers

BSc, MSc, CEH, CHFI,thought I was going to be a PhD decided to become a ninja instead.

BSc, MSc-Now works for ABBANBreaking servers, sip trunks, and doing research into VoIP and IMS

Synopsis – wrong order, all content

Introduction to practical exploitation Introduction to cyberstalking Introduction to Metasploit

(short) History of metasploit Modules

Exploits Payloads Tools

Metasploit fundamentals Vulnerability Scanning

MSF Databases commands Client side exploits Post Exploitation Meterpreter Armitage

Social Engineering SET

Types of attacks Infection Media

Practical workshopPs: I know you have high hopes that it will go by this order, but it wont, we are not that organized, and apologize in advance.

Workshop

During the practical workshop, you will work in pairs, you will be given an IP address to a virtual machine.

The objective of this workshop is very simple

PWN the living crap out of these virtual machines using techniques that were taught to you during this presentation and read the file password.txt located at Windows/System32 or /home/just4meeting (depending if you get a windows box or a linux box), and sucessfully create your own account on the remote system.

Seriouz Business

When presenting, we like to talk about both the fun side of things and the bit about serious implications these “fun things” can have in life.

During this presentation you will hear a bit about cyberstalking and how these tools work from a cyberstalker perspective and a victim.

To write this part of the presentation we worked along side with the brand new UK National Center for Cyberstalking Research, they are cool people and provided us with lots of data and information.

http://www.beds.ac.uk/nccr/news

Practical exploitation Q:What do we call practical exploitation? On the interwebz you can find many definitions created by

“security professionals”, we are not (security professionals), so here is our definition of practical exploitation: Get root and learn how to use current tools to automate and

increase the speed when doing a penetration test. Understand how to use the tools past a script kiddie level – aka

being able to extend the tool code if needed or combine multiple tools to achieve a target (!!root!!)

Cyberstalking

Q: What is CYBERSTALKING?

A: Cyberstalking is the use of internet and/or other electronic means to stalk or harass an individual.

However cyberstalking can be legal and illegal. (To be explained further)

Cyberstalking

Q: Who practices cyberstalking?

Me You

Cyberstalking “I’VE NEVER CYBERSTALKED!!!!one!!!eleven!!”

Cyberstalking

Remember when 2 slides back we said cyberstalking could be both legal and illegal ? This is what we meant...

Lets go through a scenario where Cyberstalking would be legal!

Cyberstalking Meet Tiago:

As you can see, Tiago is ur average 23 year old stud, he likes to go out and party, when he does so he meetssssssssssssss

Cyberstalking GIRLS!

However....

Cyberstalking

Tiago has certain things he likes in girls and things he dislikes!

Tiago like more then 500million people has a facebook account

So Tiago goes and does a bit of Cyberstalking to decide which girls he wants to be friends with or not. Or even possible future girlfriends.

Cyberstalking Even without adding these girls to facebook he gets plenty

information sometimes to decide if he wants to go further with them.

Cyberstalking

So, as you can see this is an example of a situation where cyberstalking is perfectly acceptable and legal. You access public information about someone that is in the “cyber” world.

This is also an action done sometimes by companies that are considering hiring a certain person, to get some background information on the person.

Cyberstalking

HOWEVER

Cyberstalking – Scenario 2 Tiago also knows his way around computers and specifically

security and the tools used in infosec. He also knows how to check securitytube and common security websites for different types of attacks.

BLACKHAT ON!

Cyberstalking – Scenario 2 Analyzing the profiles Tiago decides he wants to go further

and know a bit too much about one of these girls.

Profiling Tiago starts by getting all sorts of information he can on this

girl that might be useful in any way:

From the facebook profile we get that: Her name is Anna Konova She is both a Chelsea and Barça fan She likes Burberry, fashion events, dominoes pizza, and something

called SIFE Her favorite music: MJ, Lady gaga, Beyoncé, Alicia Keys, Cheryl Cole

Using the information collected from this facebook profile we go to google...

Profiling

Quite a few results lets have a look at a few....

<<- OH LOOK THE SIFE THING

Profiling From the facebook profile we get that:

Her name is Anna Konova She is both a Chelsea and Barça fan She likes Burberry, fashion events, dominoes pizza, and something

called SIFE Her favorite music: MJ, Lady gaga, Beyoncé, Alicia Keys, Cheryl Cole

From twitter we get 0 From linkedIN:

Project manager at Innovate Went to University of Bedfordshire Is looking for new career opportunities etc etc etc SIFE - SIFE is an international non-profit organization that works with

leaders in business and higher education to mobilize university students to make a difference in their communities while developing the skills to become socially responsible business leaders.

Going over the line How can all this simple, easily accesible information help

Tiago cyberstalk someone?

Well let me introduce you to METASPLOIT.

DEMO 1 – PDF + Email

DEMO

DEMO 1 – PDF + Email

As you can see it wasn’t an attack hard to setup and easily a real life scenario.

For those of you that find that attack complicated, we have something for you later on....

A bit more on cyberstalking....

Following we will present some data that was provided to us by the Research Center! coz stats are always fun n giggles!

Stats Harrasser – Environment where they are first met

TotalSocial

offline

unknown

e-commerce

blog

forum

chatroom

website

online game

twitter

online dating

Harrasser Total Male FemaleSocial 8.0% 6.5% 7.5%offline 54.3% 51.6% 56.4%unknown 19.6% 25.8% 16.5%e-commerce 0.5% 1.6% 0.0%blog 4.0% 3.2% 4.5%forum 6.0% 4.8% 6.8%chatroom 0.5% 0.0% 0.8%website 2.0% 1.6% 2.3%online game 1.5% 1.6% 1.5%twitter 1.0% 1.6% 0.8%online dating 2.5% 1.6% 3.0%

Stats Harrasser – Description

Harasser description Total Male Female

An acquaintance. 20.4% 14.1% 22.5%A stranger 21.7% 23.9% 20.7%pupil 0.3% 1.1% 0.0%Someone I dated casually for a while 18.2% 12.0% 21.2%A close friend 3.8% 1.1% 5.0%business 0.3% 1.1% 0.0%Someone I lived with or was married to or have children with

9.7% 8.7% 10.4%

unknown 16.4% 25.0% 13.1%A work colleague 6.3% 10.9% 4.5%relative 0.9% 1.1% 0.9%partners ex 1.3% 1.1% 1.4%politics 0.3% 0.0% 0.0%Estranged spouse I am still married to 0.3% 0.0% 0.5%

Total An acquaintance.A strangerpupilSomeone I dated casually for a whileA close friendbusinessSomeone I lived with or was married to or have children withunknownA work colleaguerelativepartners ex

Stats Fears experienced by those who are harassed

Main Fear Total Male FemalePhysical injury to self 23.8% 14.7% 28.0%Injury to feelings 13.0% 10.5% 13.8%Damage to reputation 34.3% 46.3% 28.4%Financial loss 1.9% 3.2% 1.3%Physical injury to significant others 5.9% 5.3% 6.2%Other 21.3% 20.0% 22.2%

Total

Physical injury to self

Injury to feelings

Damage to reputation

Financial loss

Physical injury to signif-icant others

Other

Stats Consequences on those being harrased

Cut w

orkin

g ho

urs

Chang

ed e

mplo

ymen

t/cou

rse

of s

tudy

Perfo

rman

ce a

t wor

k ad

vers

ely a

ffect

ed

Chang

ed jo

b/pla

ce o

f stu

dy

Been

fired

/dem

oted

Other No

0.0%5.0%

10.0%15.0%20.0%25.0%30.0%35.0%40.0%

Male

Female

WorkingChanges Total Male Female

Cut working hours 2.2% 1.1% 2.7%Changed employment/course of study 3.1% 3.2% 3.1%Performance at work adversely affected

30.2% 29.5% 30.2%

Changed job/place of study 5.9% 5.3% 6.2%Been fired /demoted 3.7% 7.4% 2.2%Other 28.4% 33.7% 26.7%No 26.9% 20.0% 29.3%

Types of attacks

• Identity theft – controlling victim’s credentials• Posting false profiles• Posing as the victim and attacking others• Discrediting in online communities• Discrediting victim in workplace• Direct threats through email/instant messaging• Constructing websites targeting the victim• Transferring attack to victim’s relatives• Use of the victim’s image • Provoking others to attack the victim• Following the victim in cyberspace

Tools

So what other tools does a cyberstalker have that are easily accesible and with a high ease of use?

SET

Metasploit

Evilgrade

Metasploit Exploitation framework

Lots of other tools and utilities

First written in PERL

Then changed to RUBY (THANK GOD) 3 versions – Pro, Express, free

Metasploit nowadays...

We wont be able to look at all the different components so we will try to focus on the more commonly used ones.

Metasploit - Starting

Metasploit - Interaction

There are many ways a user can access metasploit features:

• Msfconsole

• msfGUI

• msfWEB

• Armitage

Metasploit - MSFconsole

Metasploit - MSFGui

Metasploit - MSFWeb

Metasploit - Armitage

Metasploit – Main Modules

Exploits – Main module – used to pwn shit! :]

Encoders – Used to transform raw versions of payloads

Payload – Used to connect to the shit u pwn!

Metasploit – Quick Intro

Step 1 – Open msfconsole

Step 2 – Choose exploit

Step 3 – Configure exploit and payload

Step 4 – exploit!

Metasploit – Intro DEMO

DEMO 0

Metasploit – Process

Metasploit - Essentials

use module - start configuring module

show options - show configurable options

set varname value - set option

exploit - launch exploit module

run - launch non-exploit

sessions –i n - interact with a session

help command - get help for a command

Metasploit – Payloads

Shell

VNC

DLLinjection

Meterpreter

But but but...

Am a lazy bastard and I think all the methods uve shown me are too hard

But but but...

FINEEEEEEEEEEEEEE

Meet: Armitage

Meterpreter

Meterpreter is COOL

Meterpreter is VERY COOL

Meterpreter because of a thing called RAILGUN = Full access to windows API

What does that mean? This is what it means... You cyberstalkers!

Meterpreter

DEMO meterpreter

Back to seriouz

This is all good fun, but shows how easy you can “pwn” and cyberstalk some1 or even be cyberstalked.

Advices are the usual: Anti virus updated, Software updated, Firewalls up and running (However that probably wont do you much)

2 best advices I can give:

Do not read PDF’s, or if u do read them inside google chrome (coz at least ur sandboxed n shit :D )

ANDDDDDDDDDDD

Back to seriouz

KUDOS

FILIPE REIS!!!!!!! ONE ELEVEN!!!!!

And more FILIPE REIS! He helped recording the demos and is awesome.

Center for Research on Cyberstalking for the data provided

The girls for accepting that we had to stay up late.

Oh and Chris Bockermann, Bruno Morisson and Oli for allowing me to go home yesterday to write these slides instead of getting us drunk.

Questions...