Embed Size (px)
Citation preview
You’re Already 0wnedJames Lee
Think Like an Attacker
# whoami
@egyp7Metasploit developerAttackerErstwhile:
reverse engineervuln researcherpenetration tester
A Brief History of Exploitation
Golden Era (up to mid-late 1990s)Silver Era (mid-late 1990s to mid 2000s)Modern Era (late 2000s to now)
Golden Era
Centralized ComputingUniversities, Research Orgs
Golden Era Exploitation
PasswordsWar dialingWhistling into phones launching ICBMsConfiguration errors
Silver Era (mid 1990s)
Practical portable systemsRise of WiFiMuch greater use of technical mitigation
Silver Era Exploitation
PasswordsThe rise of client-sidesThe rise of web exploitation
The Age of Worms
Email Worms
ILOVEYOUSircamSobigMyDoom
Server-side Worms
ms00-078 IIS, solaris sadminms01-033 IIS(big list of vectors)ms02-039 SQLServerms03-026 dcomms04-011 lsassms05-039ms08-067
SadmindCode Red
NimdaSlammer
BlasterSasser
ZotobConficker
The web is the InternetUbiquitous mobile computingSecure Development Lifecycle (SDLC)
Modern Era
An exploit converts illegitimate access into
legitimate access
Converting Access
Web applicationsPhishingApp Servers, legit admin stuff
Trust relationships
Single Sign OnKerberosSSH keys, ssh-agent
The Three Ps
Post Exploitation
Presence
DemoSteal all the Passwords
mimikatz
DemoSteal all the Passwords
post/multi/gather/filezilla_client_cred
Persistence
Pivoting
Pivoting
Two* methods in Metasploit● Route● Portfwd
* Mostly
Exploit
Payload
With Bind Payload
With Reverse Payload
Payload
DemoReverse Pivoting
Exploit
Payload
DemoBind pivoting
Modern Era Exploitation...
Very much like old school exploitation
