SlideShare una empresa de Scribd logo

The State of the Metasploit Framework

egypt
egypt

The document summarizes the past, present, and future of the Metasploit framework. In the past, the framework was tied to its directory structure and modules would break if moved. Currently, the focus is on usability, scalability, passwords, better payloads, and post exploitation. Going forward, there will be continued work on authenticated code execution, payloads for additional platforms, and improving post exploitation modules and APIs.

TecnologíaEducación
1 de 43
Descargar para leer sin conexión
We interrupt your regularly scheduled programming to bring you…
The State of the Framework
Past
We must know where we came from to know where we are going
4.0 3.0 3.6 3.1 3.2 3.4 BSD 2003 … 2007 2008 2009 2010 2011 2012
Modules by type and release 1400 1200 1000 800 Post 600 Auxiliary Exploit 400 200 0 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 4.0
Auxiliary Exploit Post 1-Jul-2011 Modules Over Time 1-Mar-2011 1-Nov-2010 1-Jul-2010 1-Mar-2010 1-Nov-2009 1-Jul-2009 1-Mar-2009 1-Nov-2008 1-Jul-2008 1-Mar-2008 1-Nov-2007 1-Jul-2007 1-Mar-2007 0 800 700 600 500 400 300 200 100
Module Format • Originally tied to directory structure – Now more flexible • Module broke if you mv'd it
Uses for Metasploit • Running exploits, getting shells • Creating exploits
Present
Focuses for 4.0 • Usability • Scalability • Passwords • Better payloads • Post exploitation
Usability • Installers that make everything easy • Help for most commands • Database command improvements • Msfvenom
Everything Works Out of the Box • Ruby 1.9.2 • Postgres • Java (for msfgui, armitage) • Option to automatically update • pcaprub
The Database • Auto configured by installer • Now a core feature used by lots of modules – Almost all auxiliaries, many posts • Scales much better than before • Better search capabilities • Workspaces for logical separation
Scalability
Recent Focus on Passwords • Authenticated code execution by design is better than an exploit • Obvious: SSH, Telnet, RDP, VNC • Less obvious: – MySQL/MSSQL/PostgreSQL – Tomcat/Axis2/JBOSS/Glassfish – ManageEngine
Payloads • Dozens of formats and architectures – PHP; Java (jar, war, jsp); Win32, 64; BSD; OSX – x86, PPC, ARM, MIPS, cmd exec, … • Reverse HTTP(s) stagers for Win32, Java meterpreters • Railgun
Post Modules • Biggest change in a long time • Replaces meterpreter scripts • More comprehensive Post-exploitation API – OMG Railgun – Shell sessions, too – You should have been in Rob and Chris' talk • My utopian ideal: post mods work on all kinds of sessions on all supported platforms
Moar Passwerdz
Uses for Metasploit • Running exploits, getting shells • Creating exploits • Auxiliary modules, discovery, systems admin • Post exploitation, looting pwned boxes • Data collection and correlation
Future
Future of Exploits • Continued focus on Authenticated Code Exec – Oracle, various CMSes • Hack all the things
Future of Payloads • Linux meterpreter – Yes, I know I've been saying this for 3 years • Java meterpreter to keep pace with Win32 – Thanks to mihi • Meterpreter needs to only load stuff that makes sense for the platform • IPv6 support for more stuff – Mostly works, 32-bit Windows and Linux payloads – Toredo
Future of Post Exploitation • Huge amount of community dev going into Post modules • Password stealers for every conceivable application that stores them – Thanks TheLightCosine! • More local privesc exploits
More Post Exploitation • More and better APIs – Cross-platform pilfering • Easier
Future of Modules in General • Some form of exploit abstraction • Transport should be a user option – Not a whole different module with the same exploit code – Example: PDF exploits over HTTP, FTP, SMB, email
Startup Time
Contributing Should be Easy
Contribution Workflow Ask about it in Find a bug Submit a ticket IRC Get tired of Tell me I forgot waiting, fix it Submit a patch about it yourself Remind me Give up again
Documentation • Two main sources of documentation right now – Reading 500k lines of ruby source – Asking me in IRC • It was hard to write, it should be hard to read, dammit!
Documentation • Updated users' guide • Updated developers' guide • Clean up rdoc
Installation Should be Easier • Everything should *really* work out of the box • Everything should be configurable from the commandline • Install Express/Pro without another big download of mostly the same stuff – I know, shameless plug, but hey it pays for all the rest of this
Uses for Metasploit • Running exploits, getting shells • Creating exploits • Auxiliary modules, discovery, systems admin • Post exploitation, looting pwned boxes • Data collection and correlation • And….
Why? • Metasploit should be the first and the last tool you need • Anything that gets you access – Proof positive tool – Not just exploits, identities • Maintain that access • Use your access to achieve your goals • Store all of the above in a manageable way
Questions? • If I have ever kickbanned you in #metasploit, I'm sorry – But not that sorry, you should have googled more

Recomendados

Rejectkaigi 2010
Rejectkaigi 2010Rejectkaigi 2010
Rejectkaigi 2010John Woodell
 
JRuby - The Best of Java and Ruby
JRuby - The Best of Java and RubyJRuby - The Best of Java and Ruby
JRuby - The Best of Java and RubyEvgeny Rahman
 
Días productivos
Días productivosDías productivos
Días productivosIsabel Avendaño
 
Nuestra Cotidianidad
Nuestra CotidianidadNuestra Cotidianidad
Nuestra CotidianidadIsabel Avendaño
 
Articuloosopanda fatla1
Articuloosopanda fatla1Articuloosopanda fatla1
Articuloosopanda fatla1Isabel Avendaño
 
Arya 2
Arya 2Arya 2
Arya 2arunkelluri
 
10x Performance Improvements - A Case Study
10x Performance Improvements - A Case Study10x Performance Improvements - A Case Study
10x Performance Improvements - A Case StudyRonald Bradford
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploitTiago Henriques
 

Recomendados

Rejectkaigi 2010
Rejectkaigi 2010Rejectkaigi 2010
Rejectkaigi 2010John Woodell
 
JRuby - The Best of Java and Ruby
JRuby - The Best of Java and RubyJRuby - The Best of Java and Ruby
JRuby - The Best of Java and RubyEvgeny Rahman
 
Días productivos
Días productivosDías productivos
Días productivosIsabel Avendaño
 
Nuestra Cotidianidad
Nuestra CotidianidadNuestra Cotidianidad
Nuestra CotidianidadIsabel Avendaño
 
Articuloosopanda fatla1
Articuloosopanda fatla1Articuloosopanda fatla1
Articuloosopanda fatla1Isabel Avendaño
 
Arya 2
Arya 2Arya 2
Arya 2arunkelluri
 
10x Performance Improvements - A Case Study
10x Performance Improvements - A Case Study10x Performance Improvements - A Case Study
10x Performance Improvements - A Case StudyRonald Bradford
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploitTiago Henriques
 
Big Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a BudgetBig Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a BudgetJoshua L. Davis
 
Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)Chris Aniszczyk
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...EC-Council
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
Pharo Status
Pharo StatusPharo Status
Pharo StatusJannik Laval
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGuillaume Laforge
 
Metasploit Module Development
Metasploit Module DevelopmentMetasploit Module Development
Metasploit Module Developmentkyaw thiha
 
What's new with Apache Tika?
What's new with Apache Tika?What's new with Apache Tika?
What's new with Apache Tika?gagravarr
 
Akka Actors
Akka ActorsAkka Actors
Akka ActorsDylan Forciea
 
Introduction to libre « fulltext » technology
Introduction to libre « fulltext » technologyIntroduction to libre « fulltext » technology
Introduction to libre « fulltext » technologyRobert Viseur
 
Oscon 2010
Oscon 2010Oscon 2010
Oscon 2010John Woodell
 
Django in enterprise world
Django in enterprise worldDjango in enterprise world
Django in enterprise worldSimone Federici
 
Movable Type 5.1 最新情報
Movable Type 5.1 最新情報Movable Type 5.1 最新情報
Movable Type 5.1 最新情報Six Apart KK
 
#dd12 IBM Lotus Traveler High Availability in a nutshell
#dd12 IBM Lotus Traveler High Availability in a nutshell#dd12 IBM Lotus Traveler High Availability in a nutshell
#dd12 IBM Lotus Traveler High Availability in a nutshellDominopoint - Italian Lotus User Group
 
Large Files without the Trials
Large Files without the TrialsLarge Files without the Trials
Large Files without the TrialsJazkarta, Inc.
 
Message:Passing - lpw 2012
Message:Passing - lpw 2012Message:Passing - lpw 2012
Message:Passing - lpw 2012Tomas Doran
 
Oracle 11g R2 Live Part 2
Oracle 11g R2 Live Part 2Oracle 11g R2 Live Part 2
Oracle 11g R2 Live Part 2Oracle Corporation
 
Finite State Queries In Lucene
Finite State Queries In LuceneFinite State Queries In Lucene
Finite State Queries In Luceneotisg
 
Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2Beau Lebens
 
Privilege Escalation with Metasploit
Privilege Escalation with MetasploitPrivilege Escalation with Metasploit
Privilege Escalation with Metasploitegypt
 
The State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdfThe State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdfegypt
 

Más contenido relacionado

Similar a The State of the Metasploit Framework

Big Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a BudgetBig Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a BudgetJoshua L. Davis
 
Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)Chris Aniszczyk
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...EC-Council
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGuillaume Laforge
 
Metasploit Module Development
Metasploit Module DevelopmentMetasploit Module Development
Metasploit Module Developmentkyaw thiha
 
What's new with Apache Tika?
What's new with Apache Tika?What's new with Apache Tika?
What's new with Apache Tika?gagravarr
 
Introduction to libre « fulltext » technology
Introduction to libre « fulltext » technologyIntroduction to libre « fulltext » technology
Introduction to libre « fulltext » technologyRobert Viseur
 
Django in enterprise world
Django in enterprise worldDjango in enterprise world
Django in enterprise worldSimone Federici
 
Movable Type 5.1 最新情報
Movable Type 5.1 最新情報Movable Type 5.1 最新情報
Movable Type 5.1 最新情報Six Apart KK
 
Large Files without the Trials
Large Files without the TrialsLarge Files without the Trials
Large Files without the TrialsJazkarta, Inc.
 
Message:Passing - lpw 2012
Message:Passing - lpw 2012Message:Passing - lpw 2012
Message:Passing - lpw 2012Tomas Doran
 
Finite State Queries In Lucene
Finite State Queries In LuceneFinite State Queries In Lucene
Finite State Queries In Luceneotisg
 
Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2Beau Lebens
 

Similar a The State of the Metasploit Framework (20)

Big Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a BudgetBig Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a Budget
 
Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
Pharo Status
Pharo StatusPharo Status
Pharo Status
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
 
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
 
Metasploit Module Development
Metasploit Module DevelopmentMetasploit Module Development
Metasploit Module Development
 
What's new with Apache Tika?
What's new with Apache Tika?What's new with Apache Tika?
What's new with Apache Tika?
 
Akka Actors
Akka ActorsAkka Actors
Akka Actors
 
Introduction to libre « fulltext » technology
Introduction to libre « fulltext » technologyIntroduction to libre « fulltext » technology
Introduction to libre « fulltext » technology
 
Oscon 2010
Oscon 2010Oscon 2010
Oscon 2010
 
Django in enterprise world
Django in enterprise worldDjango in enterprise world
Django in enterprise world
 
Movable Type 5.1 最新情報
Movable Type 5.1 最新情報Movable Type 5.1 最新情報
Movable Type 5.1 最新情報
 
#dd12 IBM Lotus Traveler High Availability in a nutshell
#dd12 IBM Lotus Traveler High Availability in a nutshell#dd12 IBM Lotus Traveler High Availability in a nutshell
#dd12 IBM Lotus Traveler High Availability in a nutshell
 
Large Files without the Trials
Large Files without the TrialsLarge Files without the Trials
Large Files without the Trials
 
Message:Passing - lpw 2012
Message:Passing - lpw 2012Message:Passing - lpw 2012
Message:Passing - lpw 2012
 
Oracle 11g R2 Live Part 2
Oracle 11g R2 Live Part 2Oracle 11g R2 Live Part 2
Oracle 11g R2 Live Part 2
 
Finite State Queries In Lucene
Finite State Queries In LuceneFinite State Queries In Lucene
Finite State Queries In Lucene
 
Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2
 

Más de egypt

Privilege Escalation with Metasploit
Privilege Escalation with MetasploitPrivilege Escalation with Metasploit
Privilege Escalation with Metasploitegypt
 
The State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdfThe State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdfegypt
 
New Shiny in the Metasploit Framework
New Shiny in the Metasploit FrameworkNew Shiny in the Metasploit Framework
New Shiny in the Metasploit Frameworkegypt
 
Open Source, Security, and Open Source Security.pdf
Open Source, Security, and Open Source Security.pdfOpen Source, Security, and Open Source Security.pdf
Open Source, Security, and Open Source Security.pdfegypt
 
Authenticated Code Execution by Design.pptx
Authenticated Code Execution by Design.pptxAuthenticated Code Execution by Design.pptx
Authenticated Code Execution by Design.pptxegypt
 
One-Liners to Rule Them All
One-Liners to Rule Them AllOne-Liners to Rule Them All
One-Liners to Rule Them Allegypt
 
Offensive Security with Metasploit
Offensive Security with MetasploitOffensive Security with Metasploit
Offensive Security with Metasploitegypt
 
Shiny
ShinyShiny
Shinyegypt
 
already-0wned
already-0wnedalready-0wned
already-0wnedegypt
 
Post Metasploitation
Post MetasploitationPost Metasploitation
Post Metasploitationegypt
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Frameworkegypt
 
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...egypt
 

Más de egypt (12)

Privilege Escalation with Metasploit
Privilege Escalation with MetasploitPrivilege Escalation with Metasploit
Privilege Escalation with Metasploit
 
The State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdfThe State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdf
 
New Shiny in the Metasploit Framework
New Shiny in the Metasploit FrameworkNew Shiny in the Metasploit Framework
New Shiny in the Metasploit Framework
 
Open Source, Security, and Open Source Security.pdf
Open Source, Security, and Open Source Security.pdfOpen Source, Security, and Open Source Security.pdf
Open Source, Security, and Open Source Security.pdf
 
Authenticated Code Execution by Design.pptx
Authenticated Code Execution by Design.pptxAuthenticated Code Execution by Design.pptx
Authenticated Code Execution by Design.pptx
 
One-Liners to Rule Them All
One-Liners to Rule Them AllOne-Liners to Rule Them All
One-Liners to Rule Them All
 
Offensive Security with Metasploit
Offensive Security with MetasploitOffensive Security with Metasploit
Offensive Security with Metasploit
 
Shiny
ShinyShiny
Shiny
 
already-0wned
already-0wnedalready-0wned
already-0wned
 
Post Metasploitation
Post MetasploitationPost Metasploitation
Post Metasploitation
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
 
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
 

Último

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 

Último (20)

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 

The State of the Metasploit Framework

  • 1.
  • 2. We interrupt your regularly scheduled programming to bring you…
  • 3. The State of the Framework
  • 5. We must know where we came from to know where we are going
  • 6.
  • 7.
  • 8.
  • 9. 4.0 3.0 3.6 3.1 3.2 3.4 BSD 2003 … 2007 2008 2009 2010 2011 2012
  • 10. Modules by type and release 1400 1200 1000 800 Post 600 Auxiliary Exploit 400 200 0 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 4.0
  • 11. Auxiliary Exploit Post 1-Jul-2011 Modules Over Time 1-Mar-2011 1-Nov-2010 1-Jul-2010 1-Mar-2010 1-Nov-2009 1-Jul-2009 1-Mar-2009 1-Nov-2008 1-Jul-2008 1-Mar-2008 1-Nov-2007 1-Jul-2007 1-Mar-2007 0 800 700 600 500 400 300 200 100
  • 12. Module Format • Originally tied to directory structure – Now more flexible • Module broke if you mv'd it
  • 13. Uses for Metasploit • Running exploits, getting shells • Creating exploits
  • 14.
  • 16.
  • 17. Focuses for 4.0 • Usability • Scalability • Passwords • Better payloads • Post exploitation
  • 18. Usability • Installers that make everything easy • Help for most commands • Database command improvements • Msfvenom
  • 19. Everything Works Out of the Box • Ruby 1.9.2 • Postgres • Java (for msfgui, armitage) • Option to automatically update • pcaprub
  • 20. The Database • Auto configured by installer • Now a core feature used by lots of modules – Almost all auxiliaries, many posts • Scales much better than before • Better search capabilities • Workspaces for logical separation
  • 22. Recent Focus on Passwords • Authenticated code execution by design is better than an exploit • Obvious: SSH, Telnet, RDP, VNC • Less obvious: – MySQL/MSSQL/PostgreSQL – Tomcat/Axis2/JBOSS/Glassfish – ManageEngine
  • 23. Payloads • Dozens of formats and architectures – PHP; Java (jar, war, jsp); Win32, 64; BSD; OSX – x86, PPC, ARM, MIPS, cmd exec, … • Reverse HTTP(s) stagers for Win32, Java meterpreters • Railgun
  • 24. Post Modules • Biggest change in a long time • Replaces meterpreter scripts • More comprehensive Post-exploitation API – OMG Railgun – Shell sessions, too – You should have been in Rob and Chris' talk • My utopian ideal: post mods work on all kinds of sessions on all supported platforms
  • 26. Uses for Metasploit • Running exploits, getting shells • Creating exploits • Auxiliary modules, discovery, systems admin • Post exploitation, looting pwned boxes • Data collection and correlation
  • 28. Future of Exploits • Continued focus on Authenticated Code Exec – Oracle, various CMSes • Hack all the things
  • 29. Future of Payloads • Linux meterpreter – Yes, I know I've been saying this for 3 years • Java meterpreter to keep pace with Win32 – Thanks to mihi • Meterpreter needs to only load stuff that makes sense for the platform • IPv6 support for more stuff – Mostly works, 32-bit Windows and Linux payloads – Toredo
  • 30. Future of Post Exploitation • Huge amount of community dev going into Post modules • Password stealers for every conceivable application that stores them – Thanks TheLightCosine! • More local privesc exploits
  • 31. More Post Exploitation • More and better APIs – Cross-platform pilfering • Easier
  • 32. Future of Modules in General • Some form of exploit abstraction • Transport should be a user option – Not a whole different module with the same exploit code – Example: PDF exploits over HTTP, FTP, SMB, email
  • 35. Contribution Workflow Ask about it in Find a bug Submit a ticket IRC Get tired of Tell me I forgot waiting, fix it Submit a patch about it yourself Remind me Give up again
  • 36.
  • 37. Documentation • Two main sources of documentation right now – Reading 500k lines of ruby source – Asking me in IRC • It was hard to write, it should be hard to read, dammit!
  • 38. Documentation • Updated users' guide • Updated developers' guide • Clean up rdoc
  • 39. Installation Should be Easier • Everything should *really* work out of the box • Everything should be configurable from the commandline • Install Express/Pro without another big download of mostly the same stuff – I know, shameless plug, but hey it pays for all the rest of this
  • 40. Uses for Metasploit • Running exploits, getting shells • Creating exploits • Auxiliary modules, discovery, systems admin • Post exploitation, looting pwned boxes • Data collection and correlation • And….
  • 41.
  • 42. Why? • Metasploit should be the first and the last tool you need • Anything that gets you access – Proof positive tool – Not just exploits, identities • Maintain that access • Use your access to achieve your goals • Store all of the above in a manageable way
  • 43. Questions? • If I have ever kickbanned you in #metasploit, I'm sorry – But not that sorry, you should have googled more