Upload
loraine-jenkins
View
217
Download
0
Tags:
Embed Size (px)
Citation preview
May06-11: ISEAGE Attack Tool Repository and Player
Jeremy Brotherton, Timothy Hilby, Brett Mastbergen, Jasen Stoeker
Agenda• Problem introduction
• Basic solution architecture
• Technology considerations
• Detailed design
Project Introduction• Problem
• Growing dependency on computer technology
• Auditing systems is complex and time consuming
• Solution• Central repository of exploit code• Searchable through web interface• Launch attacks from web interface
Design Objectives• Web based user interface
• Searchable database of attack tools
• Attack player
• Attack download capability
• Database update tools
Basic Solution Architecture
User Machine
DatabaseWeb server
PHP Script
Database Technologies Considered• PostgreSQL
• Oracle
• SQL Server 2005
• MySQL
SQL Server 2005 Pros• Best integration of any solution.
• Most extensive tools.
• Fast and scalable.
• Large amount of prewritten functions and objects.
• Interacts well with the Visual Studio IDE.
SQL Server 2005 Cons• Microsoft licensing issues.
• Future release date.
• New release means additional likelihood of major bugs.
• Database tied to Microsoft platforms.
MySQL Pros• Large amount of online examples
and a large online user community.
• Current version mature and well tested.
• Open source license will be easiest to work with.
• Able to be used on most major platforms.
• Relatively easy to learn.
MySQL Cons• Not as much code comes with the
database as with SQL Server 2005.
• Not as well integrated with other products as SQL Server 2005 is with .Net products.
Web Technologies• ASP .NET 2005
• PHP
ASP .NET 2005 Pros• Extremely well integrated with SQL
Server 2005.
• Ability to drag and drop graphical web interface.
• Large MSDN documentation library.
• Very large amount of built in objects and functions.
• Excellent IDE and graphical debugger.
ASP .NET 2005 Cons• Microsoft licensing issues.
• Future release date.
• New release means additional likelihood of major bugs.
• A server for ASP .NET would be tied to Microsoft platforms.
• Already decided against SQL Server 2005.
PHP Pros• Current version well tested.
• Many online examples.
• No licensing issues.
• Cross platform.
• Fast code execution
• Easy to learn
PHP Cons• Not as well integrated as ASP .NET.
• No graphical debugger/IDE.
• No ability to drag and drop interfaces.
Final Technology Selections• MySQL
• PHP
• Apache
Application HomepageAttack Tool Repository and PlayerAttack Tool Repository and Player
Welcome to the ISEAGE attack tool repository and player
Today’s world is changing shape as it increases its dependency on computer technology. As we move further into the digital world, there has been growing concern for the security of the information stored on computers . Finding exploits to evaluate the security of a given system can be a daunting task. Those individuals wishing to test system security need a way to quickly locate relevant exploits and execute them.
This web application will provide you with the capabilities to search for attacks based on a number of different criteria and then provide the ability to launch a particular attack. You also have the option of downloading the source (if available) and setting up the attack yourself. If you have any questions or comments, please contact an administrator through the contact info page.
Site Navigation
Home
Search
Contact Info
Launch Attack
Admin
Application Search PageAttack Tool Repository and PlayerAttack Tool Repository and Player
Welcome to the ISEAGE attack tool repository and player
Select your search criteria below
Target Platform Service AttackedType of Attack Doc. Avaliable Confirmed exploit RunnableName search
Run Search
Site Navigation
Home
Search
Contact Info
Launch Attack
Admin
Application Search ResultsAttack Tool Repository and PlayerAttack Tool Repository and Player
Welcome to the ISEAGE attack tool repository and player
Select your search criteria below
Target Platform Service AttackedType of Attack Doc. Avaliable Confirmed exploit RunnableName search
Run SearchHome
Search
Contact Info
Site Navigation
Launch Attack NameTarget
PlatformDoc.
AvaliableService
AttackedType of Attack
Confirmed exploit
RunnableLocation
(Machine)Source
HomepageVersion Number
test2 windows nowebDOS yes yes micro http://test2.com 2.0.2
test4 unix nowebDOS no yes sparky http://test4.com 1.0.2
test6 unix nowebDOS no yes sparky http://test6.com 1.0.2
test8 windows nowebDOS yes yes micro - 1.0.2
test10 unix yesftpapp no yes sparky - 1.0.27
test12 unix yeswebDOS no yes sparky http://test12.com 2.0
test14 unix yestelnetapp no yes sparky 3.3
test16 unix nosmtpDOS no yes sparky - 4.1
test18 bsd noicmpDOS no yes curly - 1.0.2
test1 unix yeswebDOS yes yes sparky - 1.0.2
test3 linux yesftpapp yes yes torvi - 1.3
test5 mac nosshapp no yes darwin http://test5.com 5.6
test7 unix yestelnetapp no yes sparky - 0.8
test9 unix yesemailDOS yes yes sparky http://test9.com 1.0.2
test11 mac yesdnsapp no yes darwin - 1.0.2
test13 linux nodnsapp no yes torvi http://test13.com 1.0.2
test15 bsd yesemailDOS yes yes curly 1.0.2
test17 unix yessnmpDOS yes yes sparky - 1.0.2
test19 unix yessshapp yes yes sparky http://test19.com 1.0.2
-
-
Download
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Admin
Attack Launch PageAttack Tool Repository and PlayerAttack Tool Repository and Player
Welcome to the ISEAGE attack tool repository and player
Site Navigation
Search for the attack you wish to run
NameTarget
PlatformDoc.
AvaliableService
AttackedType of Attack
Confirmed exploit
RunnableLocation
(Machine)Source
HomepageVersion Number
test3 linux yesftpapp yes yes torvi - 1.3
Select the radio button of the attack you would like to launch then press launch to run the attack . Note: You will only be able to select 1 attack
Launch
Target Platform Service AttackedType of Attack Doc. Avaliable Confirmed exploit RunnableName search
Run Search
Command line parameters
Enter any command line parameters you wish to use with the attack in the box below
Home
Search
Contact Info
Launch Attack
Admin
Database Administration
Questions
Any questions or comments?