TORONTO -- Hacking into systems (albeit for testing purposes) is apparently getting easier with the upcoming open source Metasploit 3.2 framework, according to its creator.
During a packed presentation at that SecTor conference here yesterday, Metasploit creator H. D. Moore detailed some of the new features in the upcoming Metasploit 3.2 release. They include names such as Browser AutoPwn, Metasploit in the Middle and the Evil Wireless Access Point.
"For http we do a whole bunch of evil things to a browser," Moore said, addressing an audience of security and networking professionals from sectors such as government and leading corporations. Many attend the conference in order to stay up to date on vulnerability assessments and how hackers exploit networks.
Metasploit is an open source attack framework first developed by Moore in 2003. With the Metasploit 3.0 release, the project has moved to an all Ruby programming base, which Moore credits with quickening development and exploits.
[...]
It also provides improved support for exploiting multi-core CPU machines, which had been more difficult to attack with previous versions of Metasploit.
[...]If that wasn't enough, Metasploit 3.2 will include a new super weapon that will make exploiting browsers a trivial matter. The new Browser Autopwn feature is a client side auto attack system that will fire up exploits automatically against a user's browser with the goal of providing a shell into the browser.
Man in the middle attacks are also addressed in the package features. Moore explained that Metasploit in the Middle Feature puts the attack framework in between the users and their intended location. The man in the middle approach could be used to spoof DNS (define) or to create a fake access point.
"It will abuse the HTTP security model, stealing cookies and saved form data," Moore said.
And if that's not enough to give security researchers a taste of the latest developments in security vulnerabilities, there is the Evil Wireless Access Point feature. Moore said it can create an access point that consumes all other access points around it. Adding insult to evil, it has the ability to spoof any access point that is already on a user's preferred access point list. Browsers beware.
Last but certainly not least in this testing culture, Moore announced that Metasploit 3.2 now has full IPv6 support.
"The US Government has a mandate for IPv6 support, so there is at least one target there for you," Moore said.
------------------------------------------
HD cleared up some incorrect information in the original article on FD recently:
The "Evil Deeds" article is mostly correct, but some of the specific items were mangled in translation. The new EXE template does not allow you to turn a metasploit exploit into an EXE, it lets you take a metasploit payload+encoder into an EXE, big difference :-)Browse Moore's SecTor PDFs - http://www.metasploit.com/research/conferences/
HD has presented several of these new features to our local community here in ATX and I have to say...this stuff is crazy dangerous and stupid killer rad all at the same time.
Any company with laptops should be scared out of their f'in mind. It doesn't matter if you have a corporate wireless network or not....your employees are using wireless...somewhere.
Client-side security controls for wireless are essential in today's world. On the flip side, employees should be trained on how to use wireless and how to do it securely. Education is key..
Funny side note - HD is his real name...no dots required ;)
No comments:
Post a Comment