JW Network Consulting » Metasploit

Metasploit Breaks into SkyNet!

Jason — Fri, 01 Apr 2011 14:54:14 +0000

Metasploit has successfully broken into Skynet thanks to Comodo, RSA, MySQL and Stuxnet! Here is the output from msfconsole after updating today. Rock on guys.

(0 08:43:03 515) -> ./msfconsole 

#    # ###### #####   ##    ####  #####  #       ####  # #####
##  ## #        #    #  #  #      #    # #      #    # #   #
# ## # #####    #   #    #  ####  #    # #      #    # #   #
#    # #        #   ######      # #####  #      #    # #   #
#    # #        #   #    # #    # #      #      #    # #   #
#    # ######   #   #    #  ####  #      ######  ####  #   #

       =[ metasploit v3.7.0-dev [core:3.7 api:1.0]
+ -- --=[ 673 exploits - 353 auxiliary
+ -- --=[ 217 payloads - 27 encoders - 8 nops
       =[ svn r12202 updated today (2011.04.01)

[*] Calculating new Comodo SSL CA key...
Factoring..........

-----BEGIN RSA PRIVATE KEY-----
zFBBetA9KgxVcBQB6VhJEHoLk4KL4R7tOoAQgs6WijTwzNfTubRQh1VUCbidQihV
AOWMNVS/3SWRRrcN5V2DqOWL+4TkPK522sRDK1t0C/i+XWjxeFu1zn3xXZlA2sru
OIFQvpihbLgkrfOvjA/XESgshBhMfbXZjzC1GwIDAQABAoIBAQCJoijaEXWLmvFA
thiZL7jEATCNd4PK4AyFacG8E9w8+uzR15qLcFgBTqF95R49cNSiQtP/VkGikkkc
ao25aprcu2PnNA+lpnHKajnM9G3WOHuOXHXIps08es3MmBKTxvjNph6cUlqQULrz
Zry+29DpmIN/snpY/EzLNIMptn4o6xnsjAIgJDpQfFKQztxdmZU6S6eVVn0mJ5cx
q+8TTjStaMbh+Yy73s+rcaCXzL7yqWDb1l5oQJ/DMYNfufY6lcLgZUMwFxYKjCFN
ScAPCiXFUKTzY3Hy1Z4tLndFxipyEPywDep1TB2nMb+F3OOXUs3z+kKVjGFaGnLZ
591n3x3hAoGBAOOgsb4QybjHh9+CxhUkfsqcztGGdaiI3U5R1qefXL7R47qCWfGc
FKdoJh3JwJzLOLX68ZmHz9dPhSXw6YrlLblCi6U/3g7BOMme5KRZKBTjHFo7O9II
B0laE5ISRH4OccsOC3XUf9XBkm8szzEBj95DgzB0QydPL4jp7NY0h0QrAoGBAMEv
jEFkr/JCRe2RWUAPR1LWT/DHnVLMnDb/FryN2M1fAerpMYNUc2rnndjp2cYbsGLs
cSF6Xecm3mUGqn8Y5r8QqFo0lzp5OunCFCXEJvkiU3NSs8oskCsB8QJ6vk3qmauU
-----END RSA PRIVATE KEY-----

[*] Scanning RSA tokens for usable seed.....4d416f70-5f16-0410-b530-b9f4589650da!

[*] Logging into vault.rsa.com as 'rivest'......Successful

[+] Compromised 'vault.rsa.com' via ACE backdoor...

[*] Launching SQL injection attack against MySQL.com....Done

[*] Extracting passwords hashes....Done
[+] 54,024 passwords obtained

[*] Replaying SHA1 hashes against Sun.com.......Done

[*] Attaching to Stuxnet through Oracle Command Center....!#$

#

$@#$$puTTY

!@$@vaul
t.rsa.com
# #@puTTY#$

@#

..@#$@34 m

sf>.. uid=0(root) gid=0(ro
ot) groups=
0(root) @#$@#4

2 3ms

f>bash-4.1# 

ERROR
NOCARRIER
[*] Welcome to SkyNet v5.23.0-BETA
[*] Launching autonomous agent...
[*] Scanning 158.95.29.10.0/22...
[*] Injecting agent code into memory...
[*]         15 Nodes Online
[*]      3,156 Nodes Online
[*]     17,024 Nodes Online
[*]  1,423,813 Nodes Online
[*]  SkyNet has been loaded
[*]  Entering command shell
msf sky-net>

Technorati Tags: april 1st, Metasploit, skynet

Latest Happenings and Upcoming Events

Jason — Fri, 22 Oct 2010 04:47:00 +0000

Things have been really busy lately. First off, my Mentor session for SANS Security 504 started on September 21st. We are at the halfway point right now and leading this has been incredible. It seems whenever I need to present or teach something I learn more than anyone else. Plus teaching is just fun! Particularly when it is about stuff that I really enjoy. The student reviews have been great so far, so I must be doing something right.

Next, the Utah Open Source Conference (UTOSC) was two weeks ago, from October 7th to the 9th. There were a lot of great presentations and I had an absolute blast hanging out with all the technology loving folks who came. I was somewhat surprised on how far some people came to get there. I met people from Idaho, Wyoming, and California. It was really fun to sit in presentations and workshops on things that aren’t necessarily security related. It gave me some time to listen to what’s going on in other areas of technology and that’s can be really refreshing.

If that wasn’t enough, I also was able to speak at UTOSC again this year. Last year I spoke on building a toolkit of open source security tools. This year I did a presentation on Metasploit. I picked Metasploit because I started learning how to write modules for the framework this year. So doing a presentation on it seemed like a great way to learn even more about it. If nothing else, it would get me to spend more time using it and that’s where things really take off. My recording of the presentation didn’t go so well, so I’m waiting for the folks at UTOSC to release their recording. My slides are online though and you can download them on this site or view them at SlideShare.net/Tadaka. I put the presentation slides up on SlideShare after some folks expressed their reservations about downloading a PDF file from me after I mentioned backdooring PDF files. Go figure!

One offshoot of the UTOSC presentation was that one of the audience members, Joshua Williams, participates in the Linux Basix Podcast. It turns out that Joshua does this podcast with Infolookup, who is someone I know from IRC. They were chatting about my presentation and Infolookup realized that I was the guy he knew in IRC. One thing lead to another and I was invited to participate on last week’s Linux Basix Podcast! We spent about an hour chatting it up about Metasploit and just covering some of the basics about it. I really want to thank they guys for inviting me on. I had a ton of fun and they were all extremely friendly. You can download the podcast at http://www.linuxbasix.com/026-LB.

So that’s what I’ve been doing for the last month and a half or so. Now to something still to come. Paraben’s forensics conference (PFIC) will be on November 7th to 10th. I went last year and had a great time. Being very new to the forensics world, it was quite an interesting event. It is in Park City, UT at The Canyons Resort. I’m really looking forward to this year. If you are in the Utah area and want to attend a great, inexpensive conference then check it out. The cost is $299 and has some excellent speakers scheduled up. If you are there, let me know and we can meet somewhere. Meeting new people is one of the really cool things about conferences like this.

That’s all the events at this point. I’m hoping to get something else scheduled up in the next few months, but we will have to see how that goes. I’m also planning on doing another SANS Mentor session next year. I take what I learned this year and apply it to the next class.

Technorati Tags: JW Network Consulting, Linux Basix Podcast, Metasploit, PFIC 2010, Utah Technology Events, UTOSC

Submitted Speaking Proposal to the UTOS Conference 2010

Jason — Tue, 15 Jun 2010 21:29:33 +0000

Last year I was able to speak at the Utah Open Source Conference on building a security toolkit with open source software. I just finished submitting my proposal for this year entitled “Metasploit: Free, Powerful, Flexible”. Being able to present at UTOSC 2009 was an absolute blast and I hope that my presentation is accepted this year as well. The conference is well run and attended. There are a ton of great topics and speakers to listen to. Even if I don’t get accepted as a speaker, I will be there again this year. It’s just to great to pass up on and for $35 it can’t be beat.

http://2010.utosc.com/presentation/199/

Hope to see you there!

Technorati Tags: Metasploit, Security Presentation, Utah Open Source Conference, UTOSC

A Quick Update on the Latest Activity

Jason — Mon, 15 Feb 2010 05:57:04 +0000

It has been a busy couple of months, but my posts have been fairly quiet on the blog. Between attending the SANS Security 504 Incident Handling class, traveling for work, moving my family and the holidays things have been moving at a rapid pace. I’m going to be trying to comment more here, but for now a brief update.

First off, I took the examination for the SANS Incident Handler certification on Friday the 12th. All the time put into preparation paid off and I passed with 96%! It was extremely satisfying to pass this exam, since I have been spending the last several weeks studying for it. On top of just earning the certification, my score was high enough that I can apply to become a SANS Mentor now too. This is something that I think would be a lot of fun and I really want to do. Time to start writing up my application and hoping for the best.

Last, I’ve started working on rewriting Reconnoiter to run as a Metasploit module. I started on this late last week and have made some headway in the process. Scrapping HTML and using the data in a script or program isn’t much fun. The main problem I’ve run into is that Google really doesn’t want anyone doing this type of stuff. While Yahoo! has provided a nice XML web service to aid in accessing data, Google appears to be going out of their way to make this difficult. I’m actually a bit irritated by this since Google has taken great pains to convince everyone (with good reason on our part to do so) that we need to make it easy for Google to crawl our sites. Just don’t expect them to return the favor. Ah well.

Anyhow, I hope to have a rough module up and running by the end of this week. Current plans are to have the ability to pull results from Google and Yahoo both. You will be able specify an output directory to save username lists. Plus, since this is in Metasploit, you can choose between the command line or a web interface to run the module. That alone may be a real kicker for folks.

The Google query is going to be pretty buggy and a pain to maintain. The Yahoo! query should be very solid since the script pulls from their XML web service. The down side is that you will need an AppID to use the Yahoo! query. So the decision is whether you want to be (relatively) anonymous but have iffy results or if you don’t mind losing some of that anominity for more accurate results.

Technorati Tags: GCIH, Incident Handler, Metasploit, Reconnoiter, SANS