"'Sploiting with Ruby" ~ Aaron Bedra
RubyConf 2007Aaron works at a travel industry startup. “What is secure?” There’s no such thing. Security is a state of risk tolerance. The acceptable and tolerable levels of risk are determined by your domain.
The beauty of an attack.
“Let’s just sprinkle some crack on him and get out of here.” ~ One virus to another standing over the dead body of a PC (cartoon)
Ruby tools and libraries. metasploit, ruby-lorcon, ruby-pcapx, rex, pcaprub, RFuzz.
metasploit. Code an exploit, code a payload, use the results to get what you desire.
H.D. Moore, Breakpoint Systems, originally written in Perl.
Ported to Ruby to solve a number of problems (platform independent threading, clean and consistent OO model).
Two different types of attacks … an exploit and an auxiliary. They’ll take over a system and deliver the payload. Scanning tools on a network, fingerprinting mechanisms, attack vector on a machine. Payloads are delivered on encoders and Nops (pronounced “no-ops”)
Exploits trigger the vulnerability. Take over the memory addresses you need. Buffer overflow.
Encoders help do this in a stealthy way. Intrusion detection system (IDS) are becoming very advanced on networks. Signatures of attacks, viruses. Encoders avoid restricted characters and use Ruby to encode, assembler to decode.
Payload examples on every operating system. Staging system allows for any size.
The meterpreter is the coolest use of Ruby in metasploit. Migrate processes, hide yourself, change timestamps on files. It is the DSL for ‘sploitin’.
Once uploaded, you can drop into irb on the exploited machine and perform all kinds of hacks. Without having to re-exploit the system. You can exploit the system and immediately patch it if exploiting succeeded. Execute other processes and trade PIDs for stealthiness. The AntiVirus program will notice timestamp changes, so metasploit can change the timestamp back to the original after you’re done.
msfweb (Rails app)
The most practical use of metasploit is security research, such as giving feedback to Apple to fix security holes on the iPhone.
Set up a virtual machine to exploit the system so you don’t break the law in the first place. People then contact the vendor to let them know about it.
nmap allows you to see the open ports on a system.
You can transmit files, take over processes (and lock them so the user can’t kill them).
Make sure you hide from antivirus software.
metasploit helps you write exploits by allowing you to skip over writing C and assembler.
Mac OS X is not as safe as you think it is, but it is based on more secure principles from BSD.
Everyone is looking for really good Ruby hackers with the project. You’ll learn about security in the process.
http://www.owasp.org/index.php/Main_Page
http://www.remote-exploit.org/
http://rorsecurity.info/
He runs everything on OpenBSD and believes it to be the most secure out-of-the-box operating system.