sysop/github_it-security-kassel-nordhessen_meetup.git

parent: b6c80a16 | patch | commit | ignore whitespace

secf00tprint

14.48.2019 33f37a406423a0130c4cc05f09991f7079216e8d

add metasploit debugging demo

5 files added

	2019_11_13_43rd/metasploit_debugging/Dockerfile	7 ●●●●● patch \| view \| raw \| blame \| history
	2019_11_13_43rd/metasploit_debugging/README.md	15 ●●●●● patch \| view \| raw \| blame \| history
	2019_11_13_43rd/metasploit_debugging/TALK.md	43 ●●●●● patch \| view \| raw \| blame \| history
	2019_11_13_43rd/metasploit_debugging/metasploit_gem_file/Gemfile	47 ●●●●● patch \| view \| raw \| blame \| history
	2019_11_13_43rd/metasploit_debugging/pryrc/.pryrc	12 ●●●●● patch \| view \| raw \| blame \| history

 2019_11_13_43rd/metasploit_debugging/Dockerfile

New file
@@ -0,0 +1,7 @@
FROM ruby:latest
RUN apt-get update && apt-get install -y git autoconf build-essential libpcap-dev libpq-dev zlib1g-dev libsqlite3-dev vim openssh-server net-tools lsof netcat-openbsd
RUN useradd -ms /bin/bash msf
RUN gem install bundler pry rake
COPY pryrc/.pryrc /root/.pryrc 
COPY metasploit_gem_file/Gemfile /home/msf/Gemfile
WORKDIR /home/msf

 2019_11_13_43rd/metasploit_debugging/README.md

New file
@@ -0,0 +1,15 @@
# docker build . -t msf
# docker run -ti -v `pwd`/metasploit-framework:/home/msf msf bash
# or
# docker run -ti -v `pwd`/metasploit-framework:/home/msf --network=<NETWORK> msf bash 
# to add it to a specific network (use docker network list to get a list of all networks)
# bundle install

# Added gem 'pry-byebug', 'pry-doc'
# Debug Viewing (pry), Debug Stepping (pry-byebug), Debug with Documentation (pry-doc)

# Alternative way to add container to a network:
# after start of metasploit container:
# docker network connect <network_name> <container_name> 
# docker network disconnect 
# respectively

 2019_11_13_43rd/metasploit_debugging/TALK.md

New file
@@ -0,0 +1,43 @@
# Motivation
- Metasploit oft schwer zu verstehen, was passiert hinter den Kulissen

# Grundlegende Debug Komponenten

## Gem Pry

Allgemeine Debug-Grundlage.
Zum Erstellen von Code im Speicher.

## Gem Pry-Byebug

Zum Steppen im Debug-Modus

## Gem Pry-Doc

Zur Einsicht der Dokumentation von Methoden, Klassen usw.

# Demo

## Opfer-Beispiel

Referenzprojekt: [https://github.com/secf00tprint/payloadtester_lfi_rfi](https://github.com/secf00tprint/payloadtester_lfi_rfi)

Klonen und starten mit `./start_linux_network`

## Metasploit bauen und dem Netzwerk hinzufügen

Metasploit-Docker-Container erstellen und im Container zum Laufen bekommen: `README.md`

Setze das Kommado `binding.pry` in der Methode check in `modules/exploits/unix/webapp/php_include.rb`

Metasploit-Modul: 

`use exploit/unix/webapp/php_include`

Setze RHOST auf interne Docker-IP PHP angreifbarer Server (zB 172.18.0.4).
Setze RPORT auf Port PHP angreifbarer Server (80)
Setze PHPURI auf /lfi.php?page=XXpathXX

Eingabe von `check` und Metasploit springt in den Debugger Pry.

Aufruf von `help` um sich ein Bild der Kommandos zu machen.

 2019_11_13_43rd/metasploit_debugging/metasploit_gem_file/Gemfile

New file
@@ -0,0 +1,47 @@
source 'https://rubygems.org'
# Add default group gems to `metasploit-framework.gemspec`:
#   spec.add_runtime_dependency '<name>', [<version requirements>]
gemspec name: 'metasploit-framework'

gem 'sqlite3', '~>1.3.0'
gem 'pry-doc'
gem 'pry-byebug'

# separate from test as simplecov is not run on travis-ci
group :coverage do
  # code coverage for tests
  gem 'simplecov'
end

group :development do
  # Markdown formatting for yard
  gem 'redcarpet'
  # generating documentation
  gem 'yard'
  # for development and testing purposes
  gem 'pry'
  # module documentation
  gem 'octokit'
  # Metasploit::Aggregator external session proxy
  # disabled during 2.5 transition until aggregator is available
  #gem 'metasploit-aggregator'
end

group :development, :test do
  # automatically include factories from spec/factories
  gem 'factory_bot_rails'
  # Make rspec output shorter and more useful
  gem 'fivemat'
  # running documentation generation tasks and rspec tasks
  gem 'rake'
  # Define `rake spec`.  Must be in development AND test so that its available by default as a rake test when the
  # environment is development
  gem 'rspec-rails'
  gem 'rspec-rerun'
  gem 'swagger-blocks'
end

group :test do
  # Manipulate Time.now in specs
  gem 'timecop'
end

 2019_11_13_43rd/metasploit_debugging/pryrc/.pryrc

New file
@@ -0,0 +1,12 @@
# shortcuts
if defined?(PryByebug)
  Pry.commands.alias_command 'c', 'continue'
  Pry.commands.alias_command 's', 'step'
  Pry.commands.alias_command 'n', 'next'
  Pry.commands.alias_command 'f', 'finish'
end

# Hit Enter to repeat last command
Pry::Commands.command /^$/, "repeat last command" do
  _pry_.run_command Pry.history.to_a.last
end

New file
			@@ -0,0 +1,7 @@
			FROM ruby:latest
			RUN apt-get update && apt-get install -y git autoconf build-essential libpcap-dev libpq-dev zlib1g-dev libsqlite3-dev vim openssh-server net-tools lsof netcat-openbsd
			RUN useradd -ms /bin/bash msf
			RUN gem install bundler pry rake
			COPY pryrc/.pryrc /root/.pryrc
			COPY metasploit_gem_file/Gemfile /home/msf/Gemfile
			WORKDIR /home/msf

New file
			@@ -0,0 +1,15 @@
			# docker build . -t msf
			# docker run -ti -v `pwd`/metasploit-framework:/home/msf msf bash
			# or
			# docker run -ti -v `pwd`/metasploit-framework:/home/msf --network=<NETWORK> msf bash
			# to add it to a specific network (use docker network list to get a list of all networks)
			# bundle install

			# Added gem 'pry-byebug', 'pry-doc'
			# Debug Viewing (pry), Debug Stepping (pry-byebug), Debug with Documentation (pry-doc)

			# Alternative way to add container to a network:
			# after start of metasploit container:
			# docker network connect <network_name> <container_name>
			# docker network disconnect
			# respectively

New file
			@@ -0,0 +1,43 @@
			# Motivation
			- Metasploit oft schwer zu verstehen, was passiert hinter den Kulissen

			# Grundlegende Debug Komponenten

			## Gem Pry

			Allgemeine Debug-Grundlage.
			Zum Erstellen von Code im Speicher.

			## Gem Pry-Byebug

			Zum Steppen im Debug-Modus

			## Gem Pry-Doc

			Zur Einsicht der Dokumentation von Methoden, Klassen usw.

			# Demo

			## Opfer-Beispiel

			Referenzprojekt: [https://github.com/secf00tprint/payloadtester_lfi_rfi](https://github.com/secf00tprint/payloadtester_lfi_rfi)

			Klonen und starten mit `./start_linux_network`

			## Metasploit bauen und dem Netzwerk hinzufügen

			Metasploit-Docker-Container erstellen und im Container zum Laufen bekommen: `README.md`

			Setze das Kommado `binding.pry` in der Methode check in `modules/exploits/unix/webapp/php_include.rb`

			Metasploit-Modul:

			`use exploit/unix/webapp/php_include`

			Setze RHOST auf interne Docker-IP PHP angreifbarer Server (zB 172.18.0.4).
			Setze RPORT auf Port PHP angreifbarer Server (80)
			Setze PHPURI auf /lfi.php?page=XXpathXX

			Eingabe von `check` und Metasploit springt in den Debugger Pry.

			Aufruf von `help` um sich ein Bild der Kommandos zu machen.

New file
			@@ -0,0 +1,47 @@
			source 'https://rubygems.org'
			# Add default group gems to `metasploit-framework.gemspec`:
			# spec.add_runtime_dependency '<name>', [<version requirements>]
			gemspec name: 'metasploit-framework'

			gem 'sqlite3', '~>1.3.0'
			gem 'pry-doc'
			gem 'pry-byebug'

			# separate from test as simplecov is not run on travis-ci
			group :coverage do
			# code coverage for tests
			gem 'simplecov'
			end

			group :development do
			# Markdown formatting for yard
			gem 'redcarpet'
			# generating documentation
			gem 'yard'
			# for development and testing purposes
			gem 'pry'
			# module documentation
			gem 'octokit'
			# Metasploit::Aggregator external session proxy
			# disabled during 2.5 transition until aggregator is available
			#gem 'metasploit-aggregator'
			end

			group :development, :test do
			# automatically include factories from spec/factories
			gem 'factory_bot_rails'
			# Make rspec output shorter and more useful
			gem 'fivemat'
			# running documentation generation tasks and rspec tasks
			gem 'rake'
			# Define `rake spec`. Must be in development AND test so that its available by default as a rake test when the
			# environment is development
			gem 'rspec-rails'
			gem 'rspec-rerun'
			gem 'swagger-blocks'
			end

			group :test do
			# Manipulate Time.now in specs
			gem 'timecop'
			end

New file
			@@ -0,0 +1,12 @@
			# shortcuts
			if defined?(PryByebug)
			Pry.commands.alias_command 'c', 'continue'
			Pry.commands.alias_command 's', 'step'
			Pry.commands.alias_command 'n', 'next'
			Pry.commands.alias_command 'f', 'finish'
			end

			# Hit Enter to repeat last command
			Pry::Commands.command /^$/, "repeat last command" do
			_pry_.run_command Pry.history.to_a.last
			end