As I've promised since the last meeting, I'm going to give a demo/talk about Metasploit. I'm not a pro, but I feel comfortable enough to work in the shell.
A lot of people keep asking me "why an exploit platform? Why not just exploit things?" One thing I learned from the forensics work I did for the sheriff's office is that you need to have something that you can legitimately show your work. If you want to be a legitimate penetration tester and get clients and do work, you'll need to be able to go back and say "Ok, this is what I did, and this is how it happened" Metasploit isn't commercial software, but it will get you used to a certain workflow. So this is why I Metasploit.
<strong>What is Metasploit?</strong>
Metasploit is a exploitation framework. It comes with pre-canned exploits, and an awesome environment in which you can script your own exploits. While I'm not to the point where I'm discovering my own 0days and knowing how to exploit them, it's there and something to look at.
You can download Metasploit for free from: http://metasploit.com
If you want to read up on how things work in MSF, a good course from the AMAZING folks over at Offensive Security (the guys that made Backtrack) is: http://www.offensive-security.com/metasploit-unleashed/ I highly recommend it.
As for the demo, if you would like to participate, I am bringing a VMWare server with a bunch of Windows XP installs so that the group can mess with MSF and vulnerable boxes.
What I recommend you bring is a laptop with Backtrack 4 installed and updated. If you don't have a full install of BT4, you can do a persistent install on a USB key. The USB key will get you more mileage than a livecd imho. You can find Backtrack 4 at: http://backtrack-linux.org
Thats it so far. If you have any questions, you can email me at g3k@disillusion.us, or you can reply here. I'll be posting my slides (if any) after the demo.
edit: as a last minute thought, if you want to bring a Windows laptop and don't want to fuck around with backtrack, you can install MSF on Windows and it works really well. The only advice I can give if you chose this is to turn of AV programs, as a lot of tools that come with MSF get messed around with and it can't function properly.
ALSO: as a shoutout to ANYONE in Orlando, we're kind of in need of someone with a decent chunk of experience to help us. if anyone knows anyone who lives in Orlando is is slightly above script kiddie level, please tell them about us. We need an Obi Wan Kenobi. srs.
A lot of people keep asking me "why an exploit platform? Why not just exploit things?" One thing I learned from the forensics work I did for the sheriff's office is that you need to have something that you can legitimately show your work. If you want to be a legitimate penetration tester and get clients and do work, you'll need to be able to go back and say "Ok, this is what I did, and this is how it happened" Metasploit isn't commercial software, but it will get you used to a certain workflow. So this is why I Metasploit.
<strong>What is Metasploit?</strong>
Metasploit is a exploitation framework. It comes with pre-canned exploits, and an awesome environment in which you can script your own exploits. While I'm not to the point where I'm discovering my own 0days and knowing how to exploit them, it's there and something to look at.
You can download Metasploit for free from: http://metasploit.com
If you want to read up on how things work in MSF, a good course from the AMAZING folks over at Offensive Security (the guys that made Backtrack) is: http://www.offensive-security.com/metasploit-unleashed/ I highly recommend it.
As for the demo, if you would like to participate, I am bringing a VMWare server with a bunch of Windows XP installs so that the group can mess with MSF and vulnerable boxes.
What I recommend you bring is a laptop with Backtrack 4 installed and updated. If you don't have a full install of BT4, you can do a persistent install on a USB key. The USB key will get you more mileage than a livecd imho. You can find Backtrack 4 at: http://backtrack-linux.org
Thats it so far. If you have any questions, you can email me at g3k@disillusion.us, or you can reply here. I'll be posting my slides (if any) after the demo.
edit: as a last minute thought, if you want to bring a Windows laptop and don't want to fuck around with backtrack, you can install MSF on Windows and it works really well. The only advice I can give if you chose this is to turn of AV programs, as a lot of tools that come with MSF get messed around with and it can't function properly.
ALSO: as a shoutout to ANYONE in Orlando, we're kind of in need of someone with a decent chunk of experience to help us. if anyone knows anyone who lives in Orlando is is slightly above script kiddie level, please tell them about us. We need an Obi Wan Kenobi. srs.
Comment