Powersploiting with HD Moore

Posted by Robb Beggs on 10/06 at 10:50 PM

HD Moore, lead developer of the Metasploit Project, delivered his one-day advanced "powersploiting" course to an enthusiastic audience at the Toronto Sector security conference.

How much can you pack into a single day of advanced metasploit framework training? Quite a bit, thank you!

Today, HD Moore delivered the innaugaral version of his powersploiting course to a group of devotees at the Toronto Sector security conference.

The only negative points: (1) it would probably benefit from an extra day or two of training, especially if a real target network could be used by the students, and (2) the existing documentation for Metasploit is somewhat ‘sparse’. Generally, HD’s presentations are the best publicly available documents, but there are still some gaps between what lies in his head and what exists on the paper. Maybe the project’s next move is to bring on a technical writer!

Those very minor points aside, HD introduced the Metasploit framework with an overview of its history – did you know that it started out as a text-based MUD? In the original game, your scored points for compromising systems. HD moved quickly from developing a game to delivering one of the most effective open-source tools on the market (accolades and more available at: http://www.metasploit.com.

The framework, tailored for the consistent development and implementation of exploits that can be used against a variety of operating systems and applications, has continued to evolve. The latest version is 3.2, which is not due to be released until later this week. It will introduce several new changes, including:

• A new license system, allowing contributors to retain ownership of everything they create that supports the framework;
• A built-in web vulnerability scanner, WMAP;
• Full support for IPv6[
• Scruby and PacketFu, two Ruby-based applications for the creation and manipulation of packets;
• Assembler language support that allows for conversion of C-based exploits to the lower-level language;
• Strong support for WiFi recon and exploits; and,
• Support for reflective DLL injection, which will load DLLs from memory and not the hard disk. This will allow attacks to avoid anti-virus and forensic tools

The remainder of the day was spent learning advanced Metasploit attacks from HD. We learned how to write a simple scanner, and how exploits are written. After reviewing the meteterpreter, we saw how effective it can be when used in a hostile role in wireless environments

After the class, I talked the students, and all were impressed – there’s more to Metasploit than most people really understand, and the real shortcut to gaining the necessary knowledge to effectively use it is to take a class like HD’s powersploiting. Hopefully, he will continue to extend the skills that are taught, and the supporting documentation.

HD’s training course was one of 4 that was offered at Sector. The others covered cutting-edge hacking techniques, wireless and RFID attacks and defences, and Johnny Long’s “no-tech hacking”. For most of these courses, it was the first time they’ve been offered in the Toronto area, particularly by instructors of that calibre. Based on student recommendations that I heard today, I recommend taking advantage of this training when it’s offered at next year’s SECTOR conference!