Metasploit question

For my security class, one of my assignments was working with Metasploit. I decided to mess around with it more and tried several IE exploit attacks but they didn't work (got to the point where the buffer overflow attack was sent to a Vista VM but was not able to get a console).

If I'm understanding this correctly, most exploits in Metasploit use buffer overflow attacks, and since the school VMware server runs a recent processor that has DEP almost all buffer overflow attacks would fail? I guess in that case I should use an old p4 box I have lying around (with XP installed) as a target, and just use the BT VM I have on my main machine.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

tiersten

exampasser wrote: »

If I'm understanding this correctly, most exploits in Metasploit use buffer overflow attacks, and since the school VMware server runs a recent processor that has DEP almost all buffer overflow attacks would fail?

DEP isn't a magic fix that will prevent all buffer overflow attacks. It makes it harder to do but its still possible to do depending on what the target is. Same again with ASLR.

Bl8ckr0uter

tiersten wrote: »

DEP isn't a magic fix that will prevent all buffer overflow attacks. It makes it harder to do but its still possible to do depending on what the target is. Same again with ASLR.

We have had more problems with DEP than a little bit. How much is it really used in the field?

tiersten

The default for DEP is opt in anyway and only the services that come with Windows have it enabled. You need to turn it on for anything else.

Look at the recent exploits for Adobe Acrobat and Flash to see attacks which worked even if you had DEP and ASLR enabled. The fault being caused by Adobe screwing up.

exampasser

tiersten wrote: »

The default for DEP is opt in anyway and only the services that come with Windows have it enabled. You need to turn it on for anything else.

*smacks self

Thanks for all the info, I believe that it had a few flash exploits available that I''ll have to try.

exampasser

Well I tried and IE exploit today, and it worked. It's kinda scary how easily one can gain control of a remote system if you can get a user to click on a link.

myedjo24

There's a lot of amazing stuff out there that people don't realize. One of my favorite things to 'experiment' with is to have my one of my wireless nics on my server to act like an access point that doesn't have any encryption so any one can log on it. Then, have that nic point to my other nic that actually has the internet connection on it. When 'I' connect to my fake wireless connection I can read what ever traffic 'I' go to. Including getting rid of website's ssl so I can view the information 'I' type into websites.

Makes you thing how many people do the same setup with a laptop that is connected to the internet using a 3g dongle and leave it in a parked car near a popular hang around spot and have the network be called "Free Wifi".