Students delve into Metasploit: Swiss army knife used by hackers

On May 4, 2011, students of Prof. Xinwen Fuís 91.661.201 Advanced Topics on Network Security successfully presented term projects. There were approximately 40 students and one professor, Prof. Levkowitz, in attendance. Presenters received many good questions from the audience.
Two groups of students introduced their work on the Swiss army knife used by hackers: Metasploit. The presentations were an excellent chance for the UML-CS community to understand this advanced tool, used for designing exploits and conducting attacks. Metasploit  is also be used for open testing of networks and computers. Presenting students also discussed countermeasures to the attacks they introduced.
In the first presentation, entitled Metasploit, Anthony Gabrielson and Adam Helbling presented an overview of Metasploit, showcasing both how to develop for and use Metasploit. The presentation included the usage of more obscure Metasploit capabilities in conjunction with the powerful OllyDbg debugger. Helbling went through the MiniShare Remote Buffer Overflow Exploit (C source) with detailed instruction on finding the magic number through OllyDbg. A correct patch will prevent this attack.
In the second presentation, entitled Embedded PDF Exploit, Jesse Lucas presented the Metasploit exploit that involves embedding a payload in a PDF file that will be executed by a victim. Lucas presented two different payloads.

The first payload was Metasploit's Meterpreter, which is short for ďMeta-Interpreter.Ē Meterpreter is ďan advanced payload that is included in the Metasploit Framework. Its purpose is to provide complex and advanced features that would otherwise be tedious to implement purely in assembly. Meterpreter allows the attacker to execute many useful commands that are executed without the user's knowledge.Ē 

Lucasís second payload was vncinject, which gives the attacker a VNC session into the victimís machine so the attacker can view and execute commands on the victimís machine. To prevent the attack, Lucas concluded:

  • DO NOT open files from people you donít know
  • DO NOT allow firewall exceptions for applications you donít know
  • KEEP popular programs up to date
  • DISABLE File and Printer Sharing if you arenít using it
A video of the two presentations can be found at the UMass Lowell Echo360 lecture capture site.

About this Entry

This page contains a single entry by Martin, Fred published on May 16, 2011 10:45 AM.

Engaging Computing Group attends Google I/O 2011 was the previous entry in this blog.

Daniels and Ye present at 10th International Symposium on Experimental Algorithms is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed