Cатсн²² (in)sесuяitу / ChrisJohnRiley

Multi-player Metasploit – Ryan Lynn

Note: The talk was cut to 30 minutes due to technical issues

There’s no easy way to record information for sharing currently built into Metasploit and other tools

The current solution is to complete a task and then upload and share through another tool (i.e Dradis or other wikis).

This isn’t real-time data and relies on people actually uploading the information.

Metasploit already offers Database support. By using the XMLRPC extension you can pass data directly to Metasploit about tasks and upload information.

This makes all information actionable and real-time. Results aren’t forgotten or outdated. They are the most recent version available.

Types of Objects

• Workspaces
• Hosts
• Services
  • maps to hosts
• Vulnerabilities
  • maps to hosts
  • maps to services
• Notes
• Events
  • List of executed tasks –> added by Metasploit
• Loots
  • Captured credentials etc…
• Clients
  • Client-side information
• Users

All of these objects contain information on what has been found and is actionable.

Demo –> Multi-player Metasploit

Importing of data directly from nmap, nikto, nessus, qualys and other tools

Nikto logs each finding directly into the Metasploit database putting each finding in as a separate section.

Interaction with BeEF allows for profiling of client systems and logs the information for clients into the database. If vulnerable client-side software is found the vulnerabilities are also entered into the database.

By importing information from all these scans and checks, it’s possible to put together a single database and report based on the findings of each tool

Links:

• Ryan Linn Twitter –> @sussurro
• Ryan Linn Blog –> http://blog.happypacket.net/