Options

Metasploit question

exampasserexampasser Member Posts: 718 ■■■□□□□□□□
in Off-Topic
For my security class, one of my assignments was working with Metasploit. I decided to mess around with it more and tried several IE exploit attacks but they didn't work (got to the point where the buffer overflow attack was sent to a Vista VM but was not able to get a console).

If I'm understanding this correctly, most exploits in Metasploit use buffer overflow attacks, and since the school VMware server runs a recent processor that has DEP almost all buffer overflow attacks would fail? I guess in that case I should use an old p4 box I have lying around (with XP installed) as a target, and just use the BT VM I have on my main machine.
· Share on FacebookShare on Twitter

Comments

  • Options
    tierstentiersten Member Posts: 4,505
    exampasser wrote: »
    If I'm understanding this correctly, most exploits in Metasploit use buffer overflow attacks, and since the school VMware server runs a recent processor that has DEP almost all buffer overflow attacks would fail?
    DEP isn't a magic fix that will prevent all buffer overflow attacks. It makes it harder to do but its still possible to do depending on what the target is. Same again with ASLR.
    · Share on FacebookShare on Twitter
  • Options
    Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    tiersten wrote: »
    DEP isn't a magic fix that will prevent all buffer overflow attacks. It makes it harder to do but its still possible to do depending on what the target is. Same again with ASLR.

    We have had more problems with DEP than a little bit. How much is it really used in the field?
    · Share on FacebookShare on Twitter
  • Options
    tierstentiersten Member Posts: 4,505
    The default for DEP is opt in anyway and only the services that come with Windows have it enabled. You need to turn it on for anything else.

    Look at the recent exploits for Adobe Acrobat and Flash to see attacks which worked even if you had DEP and ASLR enabled. The fault being caused by Adobe screwing up.
    · Share on FacebookShare on Twitter
  • Options
    exampasserexampasser Member Posts: 718 ■■■□□□□□□□
    tiersten wrote: »
    The default for DEP is opt in anyway and only the services that come with Windows have it enabled. You need to turn it on for anything else.

    *smacks self

    Thanks for all the info, I believe that it had a few flash exploits available that I''ll have to try.
    · Share on FacebookShare on Twitter
  • Options
    exampasserexampasser Member Posts: 718 ■■■□□□□□□□
    Well I tried and IE exploit today, and it worked. It's kinda scary how easily one can gain control of a remote system if you can get a user to click on a link.
    · Share on FacebookShare on Twitter
  • Options
    myedjo24myedjo24 Member Posts: 92 ■■□□□□□□□□
    There's a lot of amazing stuff out there that people don't realize. One of my favorite things to 'experiment' with is to have my one of my wireless nics on my server to act like an access point that doesn't have any encryption so any one can log on it. Then, have that nic point to my other nic that actually has the internet connection on it. When 'I' connect to my fake wireless connection I can read what ever traffic 'I' go to. Including getting rid of website's ssl so I can view the information 'I' type into websites.

    Makes you thing how many people do the same setup with a laptop that is connected to the internet using a 3g dongle and leave it in a parked car near a popular hang around spot and have the network be called "Free Wifi".
    · Share on FacebookShare on Twitter
Sign In or Register to comment.