Sunday, March 25, 2012

RaiderSec Meeting 03/20/2012

Hey everyone!

I want to thank everyone who came to the meeting on Tuesday. I hope everyone enjoyed the introduction to memory corruption (specifically buffer overflow vulnerabilities), and next meeting we will cover how a buffer overflow vulnerability can be leveraged to by an attacker to execute code of his/her choice (our example being to create a shell on the system). As a reminder, our next meeting will be on Tuesday April 3rd, 2012.

Until then, you can find the slides from the last meeting here. I look forward to seeing everyone at the next meeting!


Thursday, March 22, 2012

How to setup and configure snort for a Linux (Ubuntu spec.) System


Note: This guide is not very stable, use at your own risk, do not go into this without some understanding of *nix, and the ability to solve problems and google and stuff. Also snort was not designed for wireless, this configuration will not work with wireless at all. There are hacky patches you could maybe apply to get snort to work with kismet or something (I didn't look too far into it) but honestly at that point it would much easier to choose a more light weight IDS

This is a post Jordan and myself had been talking about writing since the last meeting. Snort is a wonderful open source Intrusion Detection System (IDS) which is very effective as a first response system when your machine is being attacked, or as a line of defense in computer security related games like Capture the Flag (CTF)

I decided to set it up on my local machine for fun (since it's not very necessary on a machine not running services, but fun to have) as well as give me the ability to step through the process. I'm setting up the Snort IDS utilizing the postgres SQL database (because I already have it setup for metasploit interaction).

Monday, March 5, 2012

Introduction to Metasploit

The Need for Metasploit

As we saw in our first meeting, successful exploitation of a service requires three "parts":
  • Vulnerability - A flaw in a system which can be utilized as an avenue of attack.
  • Exploit - A program specifically designed to leverage a vulnerability.
  • Payload - Code to be run on the system after the vulnerability has been exploited.
Usually, when a vulnerability is found in a service, an exploit is developed that directly contains a payload. For example, it is common that a shell may be produced from the exploited service. This means that when an exploit is used, the penetration tester would have no choice but to use the provided payload, unless he/she wanted to take the time necessary to create their own. This not only takes a substantial amount of time, but also quite a bit of skill. Also, one must consider that both exploits and payloads can be (and usually are) architecture specific, so a payload that works on a Windows machine will most likely not work on a Linux machine.

So, what security testers needed was a centralized framework to mix and match exploits with available payloads. Also, there was a strong need for a central repository of exploits and payloads that can be pre-loaded for quick use. This results in a flexible security testing environment, in which the desired results can be easily achieved.

Metasploit offers this functionality, and much, much more.