cscamp2013 - introduction to pwncore
TRANSCRIPT
![Page 1: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/1.jpg)
Introduction to
pwnCorefor Penetration Testers
Anwar Mohamed
![Page 2: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/2.jpg)
About Me● Anwar Mohamed (@anwarelmakrahy)
● 3rd Term Computer & Communication Program, Faculty of Engineering, Alexandria University.
● Contributed to many security projects.
● The Author of:
– PwnCore “Cyber attack management tool”.
– Packetyzer “Packet analysis library”.
– Metasploit Meterpreter Android Extension.
– droidNinja “Android Exploitation Framework”.
![Page 3: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/3.jpg)
Mobile Phones● Accelerated productivity as they move to replace
many of the other devices we used to carry in a small package.
● Wi-Fi capability, cameras, mass storage capability and a persistent internet connection via 3G and 4G.
● Allow a wide number of applications and if rooted provide many of the same tools as a computer, but with more hardware and network capabilities.
● These conveniences also carry over to make them a very powerful tool to use in penetration tests, more powerful I would argue than a laptop.
● Can be easily hidden on your person, or inside of an office building.
![Page 4: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/4.jpg)
Metasploit Framework● Open source penetration testing tool used
for developing and executing exploit code against a remote target machine.
● The world's largest database of public, tested exploits.
● Used to test the Vulnerability of computer systems in order to protect them and on the other hand it can also be used to break into remote systems.
![Page 5: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/5.jpg)
Meterpreter● Advanced, dynamically extensible payload that
uses in-memory DLL injection stagers and is extended over the network at runtime.
● Resides entirely in memory and writes nothing to disk.
● No new processes are created as Meterpreter injects itself into the compromised process and can migrate to other running processes easily.
● Provides limited forensic evidence and impact on the victim machine.
![Page 6: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/6.jpg)
Feel free to ask during my talk
![Page 7: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/7.jpg)
pwnCoreWelcome to
![Page 8: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/8.jpg)
Follow Up● Introduction●App Architecture●Features●Simple Testing●Undergoing Features●Future Developments
![Page 9: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/9.jpg)
Follow Up● Introduction●App Architecture●Features●Simple Testing●Undergoing Features●Future Developments
![Page 10: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/10.jpg)
IntroductionWhat is pwnCore ?● Android Cyber Attack Management Tool for
Metasploit.● GUI package that visualizes targets, recommends
exploits, and exposes the advanced capabilities of the metasploit framework.
● Has some of the nature of Armitage project, but the advantage here that pwnCore can turn your Android device capabilities into an advanced pentesting lab within clicks.
![Page 11: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/11.jpg)
Follow Up● Introduction●App Architecture●Features●Simple Testing●Undergoing Features●Future Developments
![Page 12: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/12.jpg)
App Architecture● Developed using Java
Programming Language.● At least Android 3.0
(HONEYCOMB) , API Level: 11.● Msfrpc gui client integrated with
other features.● Allows encrypted & unencrypted
msfrpc connections.● Connections are serialized using
MessagePack.
![Page 13: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/13.jpg)
App Architecture
![Page 14: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/14.jpg)
Follow Up● Introduction●App Architecture●Features●Simple Testing●Undergoing Features●Future Developments
![Page 15: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/15.jpg)
FeaturesBasic Features:
● Listing available modules in metasploit “exploits, auxiliary, payloads, encoders, post”.
● Running modules with customized options.● Launching handlers and listeners.● Searching for modules specified by type.● Entering console mode for metasploit just like if you
were using msfconsole natively.● Interacting with meterpreter and shell sessions.● Listing jobs & sessions running.
![Page 16: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/16.jpg)
FeaturesBasic Features:
● Listing available modules in metasploit “exploits, auxiliary, payloads, encoders, post”.
![Page 17: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/17.jpg)
FeaturesBasic Features:● Running modules with
customized options.
![Page 18: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/18.jpg)
FeaturesBasic Features:● Launching handlers and
listeners.
![Page 19: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/19.jpg)
FeaturesBasic Features:● Searching for modules specified by type.
![Page 20: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/20.jpg)
FeaturesBasic Features:● Entering console mode for
metasploit just like if you were using msfconsole natively.
![Page 21: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/21.jpg)
FeaturesBasic Features:● Interacting with meterpreter and shell sessions.
![Page 22: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/22.jpg)
FeaturesBasic Features:● Listing jobs & sessions
running.
![Page 23: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/23.jpg)
FeaturesAdvanced Features:● Ability to work as a background process.● Importing remote hosts addresses from file.● Auto scanning new added hosts & enumerating their
operating system.● Resuming meterpreter & shell sessions if app was
exited.● Notifications with new sessions.● PwnHarvest Attack.● Meterpreter VisualCommander.
![Page 24: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/24.jpg)
FeaturesAdvanced Features:● Ability to work as a
background process.
![Page 25: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/25.jpg)
FeaturesAdvanced Features:● Importing remote hosts
addresses from file.
![Page 26: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/26.jpg)
FeaturesAdvanced Features:● Auto scanning new added hosts & enumerating their
operating system.
![Page 27: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/27.jpg)
FeaturesAdvanced Features:● Resuming meterpreter & shell
sessions if app was exited.
![Page 28: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/28.jpg)
FeaturesAdvanced Features:● Notifications with new sessions.
![Page 29: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/29.jpg)
FeaturesAdvanced Features:● PwnHarvest Attack.
● Smart automated vulnerability exploitation attack.
● Uses some algorithms to suggest the best exploits for a remote target and also suggests the best payload for each exploit.
● Runs in background until a new session is opened.
![Page 30: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/30.jpg)
FeaturesAdvanced Features:● Meterpreter VisualCommander.
● Better way to run post-exploitation scripts without interacting and writing the commands directly in the session console.
● Has the capability to control multi-sessions for the same remote host.
![Page 31: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/31.jpg)
Follow Up● Introduction●App Architecture●Features●Simple Testing●Undergoing Features●Future Developments
![Page 32: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/32.jpg)
Follow Up● Introduction●App Architecture●Features●Simple Testing●Undergoing Features●Future Developments
![Page 33: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/33.jpg)
Undergoing Features● Pivoting.● Web Interface running on an internal web server.
● File Browser for meterpreter sessions.● Plugins Architecture.
![Page 34: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/34.jpg)
Follow Up● Introduction●App Architecture●Features●Simple Testing●Undergoing Features●Future Developments
![Page 35: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/35.jpg)
Future Features● Adding support to import remote hosts from pentesting tools' reports like Nessus.
● Porting ruby to android-devices to allow the running of metasploit natively and also recompiling needed gem files for the framework.
● Integrating pwnCore with other pentesting tools.
![Page 36: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/36.jpg)
And BTW ...
![Page 37: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/37.jpg)
pwnCore can also work on
![Page 38: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/38.jpg)
Any Questions ?
![Page 39: CSCAMP2013 - Introduction to pwnCore](https://reader034.vdocuments.mx/reader034/viewer/2022051708/588b2f211a28abed688b7189/html5/thumbnails/39.jpg)
Hack the Gibson!
Thank you for attending today
Github: AnwarMohamed
Twitter: @anwarelmakrahy
Gmail: anwarelmakrahy
Outlook: anwarelmakrahy