Date post: | 05-Jul-2015 |
Category: |
Technology |
Upload: | egypt |
View: | 1,190 times |
Download: | 6 times |
We interrupt your regularly scheduled programming to bring
you…
The State of the Framework
Past
We must know where we came from to know where we
are going
4.0
2003 2007 2008 2009 2011 … 2010
3.2 BSD
3.4
2012
3.0 3.6
3.1
Modules by type and release
0
200
400
600
800
1000
1200
1400
3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 4.0
Post
Auxiliary
Exploit
Modules Over Time
0
100
200
300
400
500
600
700
800
1-M
ar-20
07
1-Ju
l-20
07
1-N
ov-2
00
7
1-M
ar-20
08
1-Ju
l-20
08
1-N
ov-2
00
8
1-M
ar-20
09
1-Ju
l-20
09
1-N
ov-2
00
9
1-M
ar-20
10
1-Ju
l-20
10
1-N
ov-2
01
0
1-M
ar-20
11
1-Ju
l-20
11
Exploit
Auxiliary
Post
Module Format
• Originally tied to directory structure
– Now more flexible
• Module broke if you mv'd it
Uses for Metasploit
• Running exploits, getting shells
• Creating exploits
Present
Focuses for 4.0
• Usability
• Scalability
• Passwords
• Better payloads
• Post exploitation
Usability
• Installers that make everything easy
• Help for most commands
• Database command improvements
• Msfvenom
Everything Works Out of the Box
• Ruby 1.9.2
• Postgres
• Java (for msfgui, armitage)
• Option to automatically update
• pcaprub
The Database
• Auto configured by installer
• Now a core feature used by lots of modules
– Almost all auxiliaries, many posts
• Scales much better than before
• Better search capabilities
• Workspaces for logical separation
Scalability
Recent Focus on Passwords
• Authenticated code execution by design is better than an exploit
• Obvious: SSH, Telnet, RDP, VNC
• Less obvious:
– MySQL/MSSQL/PostgreSQL
– Tomcat/Axis2/JBOSS/Glassfish
– ManageEngine
Payloads
• Dozens of formats and architectures
– PHP; Java (jar, war, jsp); Win32, 64; BSD; OSX
– x86, PPC, ARM, MIPS, cmd exec, …
• Reverse HTTP(s) stagers for Win32, Java meterpreters
• Railgun
Post Modules
• Biggest change in a long time
• Replaces meterpreter scripts
• More comprehensive Post-exploitation API
– OMG Railgun
– Shell sessions, too
– You should have been in Rob and Chris' talk
• My utopian ideal: post mods work on all kinds of sessions on all supported platforms
Moar Passwerdz
Uses for Metasploit
• Running exploits, getting shells
• Creating exploits
• Auxiliary modules, discovery, systems admin
• Post exploitation, looting pwned boxes
• Data collection and correlation
Future
Future of Exploits
• Continued focus on Authenticated Code Exec
– Oracle, various CMSes
• Hack all the things
Future of Payloads
• Linux meterpreter – Yes, I know I've been saying this for 3 years
• Java meterpreter to keep pace with Win32 – Thanks to mihi
• Meterpreter needs to only load stuff that makes sense for the platform
• IPv6 support for more stuff – Mostly works, 32-bit Windows and Linux payloads
– Toredo
Future of Post Exploitation
• Huge amount of community dev going into Post modules
• Password stealers for every conceivable application that stores them
– Thanks TheLightCosine!
• More local privesc exploits
More Post Exploitation
• More and better APIs
– Cross-platform pilfering
• Easier
Future of Modules in General
• Some form of exploit abstraction
• Transport should be a user option
– Not a whole different module with the same exploit code
– Example: PDF exploits over HTTP, FTP, SMB, email
Startup Time
Contributing Should be Easy
Contribution Workflow
Find a bug Submit a ticket Ask about it in
IRC
Get tired of waiting, fix it
yourself Submit a patch
Tell me I forgot about it
Remind me again
Give up
Documentation
• Two main sources of documentation right now
– Reading 500k lines of ruby source
– Asking me in IRC
• It was hard to write, it should be hard to read, dammit!
Documentation
• Updated users' guide
• Updated developers' guide
• Clean up rdoc
Installation Should be Easier
• Everything should *really* work out of the box
• Everything should be configurable from the commandline
• Install Express/Pro without another big download of mostly the same stuff
– I know, shameless plug, but hey it pays for all the rest of this
Uses for Metasploit
• Running exploits, getting shells
• Creating exploits
• Auxiliary modules, discovery, systems admin
• Post exploitation, looting pwned boxes
• Data collection and correlation
• And….
Why?
• Metasploit should be the first and the last tool you need
• Anything that gets you access
– Proof positive tool
– Not just exploits, identities
• Maintain that access
• Use your access to achieve your goals
• Store all of the above in a manageable way
Questions?
• If I have ever kickbanned you in #metasploit, I'm sorry
– But not that sorry, you should have googled more