practical exploitation and social engineering
DESCRIPTION
Just4meeting 2011 - Practical exploitation and cyberstalking!TRANSCRIPT
Practical Exploitation: Introduction to Metasploit, Social Engineering and a few other tools
Speakers
BSc, MSc, CEH, CHFI,thought I was going to be a PhD decided to become a ninja instead.
BSc, MSc-Now works for ABBANBreaking servers, sip trunks, and doing research into VoIP and IMS
Synopsis – wrong order, all content
Introduction to practical exploitation Introduction to cyberstalking Introduction to Metasploit
(short) History of metasploit Modules
Exploits Payloads Tools
Metasploit fundamentals Vulnerability Scanning
MSF Databases commands Client side exploits Post Exploitation Meterpreter Armitage
Social Engineering SET
Types of attacks Infection Media
Practical workshopPs: I know you have high hopes that it will go by this order, but it wont, we are not that organized, and apologize in advance.
Workshop
During the practical workshop, you will work in pairs, you will be given an IP address to a virtual machine.
The objective of this workshop is very simple
PWN the living crap out of these virtual machines using techniques that were taught to you during this presentation and read the file password.txt located at Windows/System32 or /home/just4meeting (depending if you get a windows box or a linux box), and sucessfully create your own account on the remote system.
Seriouz Business
When presenting, we like to talk about both the fun side of things and the bit about serious implications these “fun things” can have in life.
During this presentation you will hear a bit about cyberstalking and how these tools work from a cyberstalker perspective and a victim.
To write this part of the presentation we worked along side with the brand new UK National Center for Cyberstalking Research, they are cool people and provided us with lots of data and information.
http://www.beds.ac.uk/nccr/news
Practical exploitation Q:What do we call practical exploitation? On the interwebz you can find many definitions created by
“security professionals”, we are not (security professionals), so here is our definition of practical exploitation: Get root and learn how to use current tools to automate and
increase the speed when doing a penetration test. Understand how to use the tools past a script kiddie level – aka
being able to extend the tool code if needed or combine multiple tools to achieve a target (!!root!!)
Cyberstalking
Q: What is CYBERSTALKING?
A: Cyberstalking is the use of internet and/or other electronic means to stalk or harass an individual.
However cyberstalking can be legal and illegal. (To be explained further)
Cyberstalking
Q: Who practices cyberstalking?
Me You
Cyberstalking “I’VE NEVER CYBERSTALKED!!!!one!!!eleven!!”
Cyberstalking
Remember when 2 slides back we said cyberstalking could be both legal and illegal ? This is what we meant...
Lets go through a scenario where Cyberstalking would be legal!
Cyberstalking Meet Tiago:
As you can see, Tiago is ur average 23 year old stud, he likes to go out and party, when he does so he meetssssssssssssss
Cyberstalking GIRLS!
However....
Cyberstalking
Tiago has certain things he likes in girls and things he dislikes!
Tiago like more then 500million people has a facebook account
So Tiago goes and does a bit of Cyberstalking to decide which girls he wants to be friends with or not. Or even possible future girlfriends.
Cyberstalking Even without adding these girls to facebook he gets plenty
information sometimes to decide if he wants to go further with them.
Cyberstalking
So, as you can see this is an example of a situation where cyberstalking is perfectly acceptable and legal. You access public information about someone that is in the “cyber” world.
This is also an action done sometimes by companies that are considering hiring a certain person, to get some background information on the person.
Cyberstalking
HOWEVER
Cyberstalking – Scenario 2 Tiago also knows his way around computers and specifically
security and the tools used in infosec. He also knows how to check securitytube and common security websites for different types of attacks.
BLACKHAT ON!
Cyberstalking – Scenario 2 Analyzing the profiles Tiago decides he wants to go further
and know a bit too much about one of these girls.
Profiling Tiago starts by getting all sorts of information he can on this
girl that might be useful in any way:
From the facebook profile we get that: Her name is Anna Konova She is both a Chelsea and Barça fan She likes Burberry, fashion events, dominoes pizza, and something
called SIFE Her favorite music: MJ, Lady gaga, Beyoncé, Alicia Keys, Cheryl Cole
Using the information collected from this facebook profile we go to google...
Profiling
Quite a few results lets have a look at a few....
<<- OH LOOK THE SIFE THING
Profiling From the facebook profile we get that:
Her name is Anna Konova She is both a Chelsea and Barça fan She likes Burberry, fashion events, dominoes pizza, and something
called SIFE Her favorite music: MJ, Lady gaga, Beyoncé, Alicia Keys, Cheryl Cole
From twitter we get 0 From linkedIN:
Project manager at Innovate Went to University of Bedfordshire Is looking for new career opportunities etc etc etc SIFE - SIFE is an international non-profit organization that works with
leaders in business and higher education to mobilize university students to make a difference in their communities while developing the skills to become socially responsible business leaders.
Going over the line How can all this simple, easily accesible information help
Tiago cyberstalk someone?
Well let me introduce you to METASPLOIT.
DEMO 1 – PDF + Email
DEMO
DEMO 1 – PDF + Email
As you can see it wasn’t an attack hard to setup and easily a real life scenario.
For those of you that find that attack complicated, we have something for you later on....
A bit more on cyberstalking....
Following we will present some data that was provided to us by the Research Center! coz stats are always fun n giggles!
Stats Harrasser – Environment where they are first met
TotalSocial
offline
unknown
e-commerce
blog
forum
chatroom
website
online game
online dating
Harrasser Total Male FemaleSocial 8.0% 6.5% 7.5%offline 54.3% 51.6% 56.4%unknown 19.6% 25.8% 16.5%e-commerce 0.5% 1.6% 0.0%blog 4.0% 3.2% 4.5%forum 6.0% 4.8% 6.8%chatroom 0.5% 0.0% 0.8%website 2.0% 1.6% 2.3%online game 1.5% 1.6% 1.5%twitter 1.0% 1.6% 0.8%online dating 2.5% 1.6% 3.0%
Stats Harrasser – Description
Harasser description Total Male Female
An acquaintance. 20.4% 14.1% 22.5%A stranger 21.7% 23.9% 20.7%pupil 0.3% 1.1% 0.0%Someone I dated casually for a while 18.2% 12.0% 21.2%A close friend 3.8% 1.1% 5.0%business 0.3% 1.1% 0.0%Someone I lived with or was married to or have children with
9.7% 8.7% 10.4%
unknown 16.4% 25.0% 13.1%A work colleague 6.3% 10.9% 4.5%relative 0.9% 1.1% 0.9%partners ex 1.3% 1.1% 1.4%politics 0.3% 0.0% 0.0%Estranged spouse I am still married to 0.3% 0.0% 0.5%
Total An acquaintance.A strangerpupilSomeone I dated casually for a whileA close friendbusinessSomeone I lived with or was married to or have children withunknownA work colleaguerelativepartners ex
Stats Fears experienced by those who are harassed
Main Fear Total Male FemalePhysical injury to self 23.8% 14.7% 28.0%Injury to feelings 13.0% 10.5% 13.8%Damage to reputation 34.3% 46.3% 28.4%Financial loss 1.9% 3.2% 1.3%Physical injury to significant others 5.9% 5.3% 6.2%Other 21.3% 20.0% 22.2%
Total
Physical injury to self
Injury to feelings
Damage to reputation
Financial loss
Physical injury to signif-icant others
Other
Stats Consequences on those being harrased
Cut w
orkin
g ho
urs
Chang
ed e
mplo
ymen
t/cou
rse
of s
tudy
Perfo
rman
ce a
t wor
k ad
vers
ely a
ffect
ed
Chang
ed jo
b/pla
ce o
f stu
dy
Been
fired
/dem
oted
Other No
0.0%5.0%
10.0%15.0%20.0%25.0%30.0%35.0%40.0%
Male
Female
WorkingChanges Total Male Female
Cut working hours 2.2% 1.1% 2.7%Changed employment/course of study 3.1% 3.2% 3.1%Performance at work adversely affected
30.2% 29.5% 30.2%
Changed job/place of study 5.9% 5.3% 6.2%Been fired /demoted 3.7% 7.4% 2.2%Other 28.4% 33.7% 26.7%No 26.9% 20.0% 29.3%
Types of attacks
• Identity theft – controlling victim’s credentials• Posting false profiles• Posing as the victim and attacking others• Discrediting in online communities• Discrediting victim in workplace• Direct threats through email/instant messaging• Constructing websites targeting the victim• Transferring attack to victim’s relatives• Use of the victim’s image • Provoking others to attack the victim• Following the victim in cyberspace
Tools
So what other tools does a cyberstalker have that are easily accesible and with a high ease of use?
SET
Metasploit
Evilgrade
Metasploit Exploitation framework
Lots of other tools and utilities
First written in PERL
Then changed to RUBY (THANK GOD) 3 versions – Pro, Express, free
Metasploit nowadays...
We wont be able to look at all the different components so we will try to focus on the more commonly used ones.
Metasploit - Starting
Metasploit - Interaction
There are many ways a user can access metasploit features:
• Msfconsole
• msfGUI
• msfWEB
• Armitage
Metasploit - MSFconsole
Metasploit - MSFGui
Metasploit - MSFWeb
Metasploit - Armitage
Metasploit – Main Modules
Exploits – Main module – used to pwn shit! :]
Encoders – Used to transform raw versions of payloads
Payload – Used to connect to the shit u pwn!
Metasploit – Quick Intro
Step 1 – Open msfconsole
Step 2 – Choose exploit
Step 3 – Configure exploit and payload
Step 4 – exploit!
Metasploit – Intro DEMO
DEMO 0
Metasploit – Process
Metasploit - Essentials
use module - start configuring module
show options - show configurable options
set varname value - set option
exploit - launch exploit module
run - launch non-exploit
sessions –i n - interact with a session
help command - get help for a command
Metasploit – Payloads
Shell
VNC
DLLinjection
Meterpreter
But but but...
Am a lazy bastard and I think all the methods uve shown me are too hard
But but but...
FINEEEEEEEEEEEEEE
Meet: Armitage
Meterpreter
Meterpreter is COOL
Meterpreter is VERY COOL
Meterpreter because of a thing called RAILGUN = Full access to windows API
What does that mean? This is what it means... You cyberstalkers!
Meterpreter
DEMO meterpreter
Back to seriouz
This is all good fun, but shows how easy you can “pwn” and cyberstalk some1 or even be cyberstalked.
Advices are the usual: Anti virus updated, Software updated, Firewalls up and running (However that probably wont do you much)
2 best advices I can give:
Do not read PDF’s, or if u do read them inside google chrome (coz at least ur sandboxed n shit :D )
ANDDDDDDDDDDD
Back to seriouz
KUDOS
FILIPE REIS!!!!!!! ONE ELEVEN!!!!!
And more FILIPE REIS! He helped recording the demos and is awesome.
Center for Research on Cyberstalking for the data provided
The girls for accepting that we had to stay up late.
Oh and Chris Bockermann, Bruno Morisson and Oli for allowing me to go home yesterday to write these slides instead of getting us drunk.
Questions...