Announcement

Collapse
No announcement yet.

DC407 March 26th 2010

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • DC407 March 26th 2010

    As I've promised since the last meeting, I'm going to give a demo/talk about Metasploit. I'm not a pro, but I feel comfortable enough to work in the shell.

    A lot of people keep asking me "why an exploit platform? Why not just exploit things?" One thing I learned from the forensics work I did for the sheriff's office is that you need to have something that you can legitimately show your work. If you want to be a legitimate penetration tester and get clients and do work, you'll need to be able to go back and say "Ok, this is what I did, and this is how it happened" Metasploit isn't commercial software, but it will get you used to a certain workflow. So this is why I Metasploit.

    <strong>What is Metasploit?</strong>

    Metasploit is a exploitation framework. It comes with pre-canned exploits, and an awesome environment in which you can script your own exploits. While I'm not to the point where I'm discovering my own 0days and knowing how to exploit them, it's there and something to look at.

    You can download Metasploit for free from: http://metasploit.com

    If you want to read up on how things work in MSF, a good course from the AMAZING folks over at Offensive Security (the guys that made Backtrack) is: http://www.offensive-security.com/metasploit-unleashed/ I highly recommend it.

    As for the demo, if you would like to participate, I am bringing a VMWare server with a bunch of Windows XP installs so that the group can mess with MSF and vulnerable boxes.

    What I recommend you bring is a laptop with Backtrack 4 installed and updated. If you don't have a full install of BT4, you can do a persistent install on a USB key. The USB key will get you more mileage than a livecd imho. You can find Backtrack 4 at: http://backtrack-linux.org

    Thats it so far. If you have any questions, you can email me at g3k@disillusion.us, or you can reply here. I'll be posting my slides (if any) after the demo.

    edit: as a last minute thought, if you want to bring a Windows laptop and don't want to fuck around with backtrack, you can install MSF on Windows and it works really well. The only advice I can give if you chose this is to turn of AV programs, as a lot of tools that come with MSF get messed around with and it can't function properly.

    ALSO: as a shoutout to ANYONE in Orlando, we're kind of in need of someone with a decent chunk of experience to help us. if anyone knows anyone who lives in Orlando is is slightly above script kiddie level, please tell them about us. We need an Obi Wan Kenobi. srs.
    "As Arthur C Clarke puts it, "Any sufficiently advanced technology is indistinguishable from magic". Here is my corollary: "Any sufficiently technical expert is indistinguishable from a witch"."

  • #2
    Re: DC407 March 26th 2010

    Date: March 26th, 2010
    Location: familab (http://familab.org)
    Time: 7pm

    If you get lost or need the gate opened, just give me a call on my gvoice: (407) 536-8705

    The lab will be between units on Friday, but we can meet at 134 and walk to wherever. 134 is in the middle of the complex, just look for all the cars and the open door.

    Comment

    Working...
    X