SlideShare uma empresa Scribd logo

The State of the Metasploit Framework

egypt
egypt

The document summarizes the past, present, and future of the Metasploit framework. In the past, the framework was tied to its directory structure and modules would break if moved. Currently, the focus is on usability, scalability, passwords, better payloads, and post exploitation. Going forward, there will be continued work on authenticated code execution, payloads for additional platforms, and improving post exploitation modules and APIs.

TecnologiaEducação
1 de 43
Baixar para ler offline
We interrupt your regularly scheduled programming to bring you…
The State of the Framework
Past
We must know where we came from to know where we are going
4.0 3.0 3.6 3.1 3.2 3.4 BSD 2003 … 2007 2008 2009 2010 2011 2012
Modules by type and release 1400 1200 1000 800 Post 600 Auxiliary Exploit 400 200 0 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 4.0
Auxiliary Exploit Post 1-Jul-2011 Modules Over Time 1-Mar-2011 1-Nov-2010 1-Jul-2010 1-Mar-2010 1-Nov-2009 1-Jul-2009 1-Mar-2009 1-Nov-2008 1-Jul-2008 1-Mar-2008 1-Nov-2007 1-Jul-2007 1-Mar-2007 0 800 700 600 500 400 300 200 100
Module Format • Originally tied to directory structure – Now more flexible • Module broke if you mv'd it
Uses for Metasploit • Running exploits, getting shells • Creating exploits
Present
Focuses for 4.0 • Usability • Scalability • Passwords • Better payloads • Post exploitation
Usability • Installers that make everything easy • Help for most commands • Database command improvements • Msfvenom
Everything Works Out of the Box • Ruby 1.9.2 • Postgres • Java (for msfgui, armitage) • Option to automatically update • pcaprub
The Database • Auto configured by installer • Now a core feature used by lots of modules – Almost all auxiliaries, many posts • Scales much better than before • Better search capabilities • Workspaces for logical separation
Scalability
Recent Focus on Passwords • Authenticated code execution by design is better than an exploit • Obvious: SSH, Telnet, RDP, VNC • Less obvious: – MySQL/MSSQL/PostgreSQL – Tomcat/Axis2/JBOSS/Glassfish – ManageEngine
Payloads • Dozens of formats and architectures – PHP; Java (jar, war, jsp); Win32, 64; BSD; OSX – x86, PPC, ARM, MIPS, cmd exec, … • Reverse HTTP(s) stagers for Win32, Java meterpreters • Railgun
Post Modules • Biggest change in a long time • Replaces meterpreter scripts • More comprehensive Post-exploitation API – OMG Railgun – Shell sessions, too – You should have been in Rob and Chris' talk • My utopian ideal: post mods work on all kinds of sessions on all supported platforms
Moar Passwerdz
Uses for Metasploit • Running exploits, getting shells • Creating exploits • Auxiliary modules, discovery, systems admin • Post exploitation, looting pwned boxes • Data collection and correlation
Future
Future of Exploits • Continued focus on Authenticated Code Exec – Oracle, various CMSes • Hack all the things
Future of Payloads • Linux meterpreter – Yes, I know I've been saying this for 3 years • Java meterpreter to keep pace with Win32 – Thanks to mihi • Meterpreter needs to only load stuff that makes sense for the platform • IPv6 support for more stuff – Mostly works, 32-bit Windows and Linux payloads – Toredo
Future of Post Exploitation • Huge amount of community dev going into Post modules • Password stealers for every conceivable application that stores them – Thanks TheLightCosine! • More local privesc exploits
More Post Exploitation • More and better APIs – Cross-platform pilfering • Easier
Future of Modules in General • Some form of exploit abstraction • Transport should be a user option – Not a whole different module with the same exploit code – Example: PDF exploits over HTTP, FTP, SMB, email
Startup Time
Contributing Should be Easy
Contribution Workflow Ask about it in Find a bug Submit a ticket IRC Get tired of Tell me I forgot waiting, fix it Submit a patch about it yourself Remind me Give up again
Documentation • Two main sources of documentation right now – Reading 500k lines of ruby source – Asking me in IRC • It was hard to write, it should be hard to read, dammit!
Documentation • Updated users' guide • Updated developers' guide • Clean up rdoc
Installation Should be Easier • Everything should *really* work out of the box • Everything should be configurable from the commandline • Install Express/Pro without another big download of mostly the same stuff – I know, shameless plug, but hey it pays for all the rest of this
Uses for Metasploit • Running exploits, getting shells • Creating exploits • Auxiliary modules, discovery, systems admin • Post exploitation, looting pwned boxes • Data collection and correlation • And….
Why? • Metasploit should be the first and the last tool you need • Anything that gets you access – Proof positive tool – Not just exploits, identities • Maintain that access • Use your access to achieve your goals • Store all of the above in a manageable way
Questions? • If I have ever kickbanned you in #metasploit, I'm sorry – But not that sorry, you should have googled more

Recomendados

Rejectkaigi 2010
Rejectkaigi 2010Rejectkaigi 2010
Rejectkaigi 2010John Woodell
 
JRuby - The Best of Java and Ruby
JRuby - The Best of Java and RubyJRuby - The Best of Java and Ruby
JRuby - The Best of Java and RubyEvgeny Rahman
 
Días productivos
Días productivosDías productivos
Días productivosIsabel Avendaño
 
Nuestra Cotidianidad
Nuestra CotidianidadNuestra Cotidianidad
Nuestra CotidianidadIsabel Avendaño
 
Articuloosopanda fatla1
Articuloosopanda fatla1Articuloosopanda fatla1
Articuloosopanda fatla1Isabel Avendaño
 
Arya 2
Arya 2Arya 2
Arya 2arunkelluri
 
10x Performance Improvements - A Case Study
10x Performance Improvements - A Case Study10x Performance Improvements - A Case Study
10x Performance Improvements - A Case StudyRonald Bradford
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploitTiago Henriques
 

Recomendados

Rejectkaigi 2010
Rejectkaigi 2010Rejectkaigi 2010
Rejectkaigi 2010John Woodell
 
JRuby - The Best of Java and Ruby
JRuby - The Best of Java and RubyJRuby - The Best of Java and Ruby
JRuby - The Best of Java and RubyEvgeny Rahman
 
Días productivos
Días productivosDías productivos
Días productivosIsabel Avendaño
 
Nuestra Cotidianidad
Nuestra CotidianidadNuestra Cotidianidad
Nuestra CotidianidadIsabel Avendaño
 
Articuloosopanda fatla1
Articuloosopanda fatla1Articuloosopanda fatla1
Articuloosopanda fatla1Isabel Avendaño
 
Arya 2
Arya 2Arya 2
Arya 2arunkelluri
 
10x Performance Improvements - A Case Study
10x Performance Improvements - A Case Study10x Performance Improvements - A Case Study
10x Performance Improvements - A Case StudyRonald Bradford
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploitTiago Henriques
 
Big Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a BudgetBig Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a BudgetJoshua L. Davis
 
Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)Chris Aniszczyk
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...EC-Council
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
Pharo Status
Pharo StatusPharo Status
Pharo StatusJannik Laval
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGuillaume Laforge
 
Metasploit Module Development
Metasploit Module DevelopmentMetasploit Module Development
Metasploit Module Developmentkyaw thiha
 
What's new with Apache Tika?
What's new with Apache Tika?What's new with Apache Tika?
What's new with Apache Tika?gagravarr
 
Akka Actors
Akka ActorsAkka Actors
Akka ActorsDylan Forciea
 
Introduction to libre « fulltext » technology
Introduction to libre « fulltext » technologyIntroduction to libre « fulltext » technology
Introduction to libre « fulltext » technologyRobert Viseur
 
Oscon 2010
Oscon 2010Oscon 2010
Oscon 2010John Woodell
 
Django in enterprise world
Django in enterprise worldDjango in enterprise world
Django in enterprise worldSimone Federici
 
Movable Type 5.1 最新情報
Movable Type 5.1 最新情報Movable Type 5.1 最新情報
Movable Type 5.1 最新情報Six Apart KK
 
#dd12 IBM Lotus Traveler High Availability in a nutshell
#dd12 IBM Lotus Traveler High Availability in a nutshell#dd12 IBM Lotus Traveler High Availability in a nutshell
#dd12 IBM Lotus Traveler High Availability in a nutshellDominopoint - Italian Lotus User Group
 
Large Files without the Trials
Large Files without the TrialsLarge Files without the Trials
Large Files without the TrialsJazkarta, Inc.
 
Message:Passing - lpw 2012
Message:Passing - lpw 2012Message:Passing - lpw 2012
Message:Passing - lpw 2012Tomas Doran
 
Oracle 11g R2 Live Part 2
Oracle 11g R2 Live Part 2Oracle 11g R2 Live Part 2
Oracle 11g R2 Live Part 2Oracle Corporation
 
Finite State Queries In Lucene
Finite State Queries In LuceneFinite State Queries In Lucene
Finite State Queries In Luceneotisg
 
Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2Beau Lebens
 
Privilege Escalation with Metasploit
Privilege Escalation with MetasploitPrivilege Escalation with Metasploit
Privilege Escalation with Metasploitegypt
 
The State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdfThe State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdfegypt
 

Mais conteúdo relacionado

Semelhante a The State of the Metasploit Framework

Big Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a BudgetBig Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a BudgetJoshua L. Davis
 
Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)Chris Aniszczyk
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...EC-Council
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGuillaume Laforge
 
Metasploit Module Development
Metasploit Module DevelopmentMetasploit Module Development
Metasploit Module Developmentkyaw thiha
 
What's new with Apache Tika?
What's new with Apache Tika?What's new with Apache Tika?
What's new with Apache Tika?gagravarr
 
Introduction to libre « fulltext » technology
Introduction to libre « fulltext » technologyIntroduction to libre « fulltext » technology
Introduction to libre « fulltext » technologyRobert Viseur
 
Django in enterprise world
Django in enterprise worldDjango in enterprise world
Django in enterprise worldSimone Federici
 
Movable Type 5.1 最新情報
Movable Type 5.1 最新情報Movable Type 5.1 最新情報
Movable Type 5.1 最新情報Six Apart KK
 
Large Files without the Trials
Large Files without the TrialsLarge Files without the Trials
Large Files without the TrialsJazkarta, Inc.
 
Message:Passing - lpw 2012
Message:Passing - lpw 2012Message:Passing - lpw 2012
Message:Passing - lpw 2012Tomas Doran
 
Finite State Queries In Lucene
Finite State Queries In LuceneFinite State Queries In Lucene
Finite State Queries In Luceneotisg
 
Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2Beau Lebens
 

Semelhante a The State of the Metasploit Framework (20)

Big Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a BudgetBig Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a Budget
 
Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
Pharo Status
Pharo StatusPharo Status
Pharo Status
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
 
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
 
Metasploit Module Development
Metasploit Module DevelopmentMetasploit Module Development
Metasploit Module Development
 
What's new with Apache Tika?
What's new with Apache Tika?What's new with Apache Tika?
What's new with Apache Tika?
 
Akka Actors
Akka ActorsAkka Actors
Akka Actors
 
Introduction to libre « fulltext » technology
Introduction to libre « fulltext » technologyIntroduction to libre « fulltext » technology
Introduction to libre « fulltext » technology
 
Oscon 2010
Oscon 2010Oscon 2010
Oscon 2010
 
Django in enterprise world
Django in enterprise worldDjango in enterprise world
Django in enterprise world
 
Movable Type 5.1 最新情報
Movable Type 5.1 最新情報Movable Type 5.1 最新情報
Movable Type 5.1 最新情報
 
#dd12 IBM Lotus Traveler High Availability in a nutshell
#dd12 IBM Lotus Traveler High Availability in a nutshell#dd12 IBM Lotus Traveler High Availability in a nutshell
#dd12 IBM Lotus Traveler High Availability in a nutshell
 
Large Files without the Trials
Large Files without the TrialsLarge Files without the Trials
Large Files without the Trials
 
Message:Passing - lpw 2012
Message:Passing - lpw 2012Message:Passing - lpw 2012
Message:Passing - lpw 2012
 
Oracle 11g R2 Live Part 2
Oracle 11g R2 Live Part 2Oracle 11g R2 Live Part 2
Oracle 11g R2 Live Part 2
 
Finite State Queries In Lucene
Finite State Queries In LuceneFinite State Queries In Lucene
Finite State Queries In Lucene
 
Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2
 

Mais de egypt

Privilege Escalation with Metasploit
Privilege Escalation with MetasploitPrivilege Escalation with Metasploit
Privilege Escalation with Metasploitegypt
 
The State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdfThe State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdfegypt
 
New Shiny in the Metasploit Framework
New Shiny in the Metasploit FrameworkNew Shiny in the Metasploit Framework
New Shiny in the Metasploit Frameworkegypt
 
Open Source, Security, and Open Source Security.pdf
Open Source, Security, and Open Source Security.pdfOpen Source, Security, and Open Source Security.pdf
Open Source, Security, and Open Source Security.pdfegypt
 
Authenticated Code Execution by Design.pptx
Authenticated Code Execution by Design.pptxAuthenticated Code Execution by Design.pptx
Authenticated Code Execution by Design.pptxegypt
 
One-Liners to Rule Them All
One-Liners to Rule Them AllOne-Liners to Rule Them All
One-Liners to Rule Them Allegypt
 
Offensive Security with Metasploit
Offensive Security with MetasploitOffensive Security with Metasploit
Offensive Security with Metasploitegypt
 
Shiny
ShinyShiny
Shinyegypt
 
already-0wned
already-0wnedalready-0wned
already-0wnedegypt
 
Post Metasploitation
Post MetasploitationPost Metasploitation
Post Metasploitationegypt
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Frameworkegypt
 
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...egypt
 

Mais de egypt (12)

Privilege Escalation with Metasploit
Privilege Escalation with MetasploitPrivilege Escalation with Metasploit
Privilege Escalation with Metasploit
 
The State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdfThe State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdf
 
New Shiny in the Metasploit Framework
New Shiny in the Metasploit FrameworkNew Shiny in the Metasploit Framework
New Shiny in the Metasploit Framework
 
Open Source, Security, and Open Source Security.pdf
Open Source, Security, and Open Source Security.pdfOpen Source, Security, and Open Source Security.pdf
Open Source, Security, and Open Source Security.pdf
 
Authenticated Code Execution by Design.pptx
Authenticated Code Execution by Design.pptxAuthenticated Code Execution by Design.pptx
Authenticated Code Execution by Design.pptx
 
One-Liners to Rule Them All
One-Liners to Rule Them AllOne-Liners to Rule Them All
One-Liners to Rule Them All
 
Offensive Security with Metasploit
Offensive Security with MetasploitOffensive Security with Metasploit
Offensive Security with Metasploit
 
Shiny
ShinyShiny
Shiny
 
already-0wned
already-0wnedalready-0wned
already-0wned
 
Post Metasploitation
Post MetasploitationPost Metasploitation
Post Metasploitation
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
 
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
 

Último

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Último (20)

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

The State of the Metasploit Framework

  • 1.
  • 2. We interrupt your regularly scheduled programming to bring you…
  • 3. The State of the Framework
  • 5. We must know where we came from to know where we are going
  • 6.
  • 7.
  • 8.
  • 9. 4.0 3.0 3.6 3.1 3.2 3.4 BSD 2003 … 2007 2008 2009 2010 2011 2012
  • 10. Modules by type and release 1400 1200 1000 800 Post 600 Auxiliary Exploit 400 200 0 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 4.0
  • 11. Auxiliary Exploit Post 1-Jul-2011 Modules Over Time 1-Mar-2011 1-Nov-2010 1-Jul-2010 1-Mar-2010 1-Nov-2009 1-Jul-2009 1-Mar-2009 1-Nov-2008 1-Jul-2008 1-Mar-2008 1-Nov-2007 1-Jul-2007 1-Mar-2007 0 800 700 600 500 400 300 200 100
  • 12. Module Format • Originally tied to directory structure – Now more flexible • Module broke if you mv'd it
  • 13. Uses for Metasploit • Running exploits, getting shells • Creating exploits
  • 14.
  • 16.
  • 17. Focuses for 4.0 • Usability • Scalability • Passwords • Better payloads • Post exploitation
  • 18. Usability • Installers that make everything easy • Help for most commands • Database command improvements • Msfvenom
  • 19. Everything Works Out of the Box • Ruby 1.9.2 • Postgres • Java (for msfgui, armitage) • Option to automatically update • pcaprub
  • 20. The Database • Auto configured by installer • Now a core feature used by lots of modules – Almost all auxiliaries, many posts • Scales much better than before • Better search capabilities • Workspaces for logical separation
  • 22. Recent Focus on Passwords • Authenticated code execution by design is better than an exploit • Obvious: SSH, Telnet, RDP, VNC • Less obvious: – MySQL/MSSQL/PostgreSQL – Tomcat/Axis2/JBOSS/Glassfish – ManageEngine
  • 23. Payloads • Dozens of formats and architectures – PHP; Java (jar, war, jsp); Win32, 64; BSD; OSX – x86, PPC, ARM, MIPS, cmd exec, … • Reverse HTTP(s) stagers for Win32, Java meterpreters • Railgun
  • 24. Post Modules • Biggest change in a long time • Replaces meterpreter scripts • More comprehensive Post-exploitation API – OMG Railgun – Shell sessions, too – You should have been in Rob and Chris' talk • My utopian ideal: post mods work on all kinds of sessions on all supported platforms
  • 26. Uses for Metasploit • Running exploits, getting shells • Creating exploits • Auxiliary modules, discovery, systems admin • Post exploitation, looting pwned boxes • Data collection and correlation
  • 28. Future of Exploits • Continued focus on Authenticated Code Exec – Oracle, various CMSes • Hack all the things
  • 29. Future of Payloads • Linux meterpreter – Yes, I know I've been saying this for 3 years • Java meterpreter to keep pace with Win32 – Thanks to mihi • Meterpreter needs to only load stuff that makes sense for the platform • IPv6 support for more stuff – Mostly works, 32-bit Windows and Linux payloads – Toredo
  • 30. Future of Post Exploitation • Huge amount of community dev going into Post modules • Password stealers for every conceivable application that stores them – Thanks TheLightCosine! • More local privesc exploits
  • 31. More Post Exploitation • More and better APIs – Cross-platform pilfering • Easier
  • 32. Future of Modules in General • Some form of exploit abstraction • Transport should be a user option – Not a whole different module with the same exploit code – Example: PDF exploits over HTTP, FTP, SMB, email
  • 35. Contribution Workflow Ask about it in Find a bug Submit a ticket IRC Get tired of Tell me I forgot waiting, fix it Submit a patch about it yourself Remind me Give up again
  • 36.
  • 37. Documentation • Two main sources of documentation right now – Reading 500k lines of ruby source – Asking me in IRC • It was hard to write, it should be hard to read, dammit!
  • 38. Documentation • Updated users' guide • Updated developers' guide • Clean up rdoc
  • 39. Installation Should be Easier • Everything should *really* work out of the box • Everything should be configurable from the commandline • Install Express/Pro without another big download of mostly the same stuff – I know, shameless plug, but hey it pays for all the rest of this
  • 40. Uses for Metasploit • Running exploits, getting shells • Creating exploits • Auxiliary modules, discovery, systems admin • Post exploitation, looting pwned boxes • Data collection and correlation • And….
  • 41.
  • 42. Why? • Metasploit should be the first and the last tool you need • Anything that gets you access – Proof positive tool – Not just exploits, identities • Maintain that access • Use your access to achieve your goals • Store all of the above in a manageable way
  • 43. Questions? • If I have ever kickbanned you in #metasploit, I'm sorry – But not that sorry, you should have googled more