Episode 203 Show Notes
Episode 202
John & Paul get busy wit' it and do the humpty dance. Featuring Alex Lanstein from Fireeye.
Hosts: Paul "PaulDotCom" Asadoorian,John Strand
Audio Feeds: 
July 2010 Archives
While we aren't having a party this year, we are running a mini contest and offering up some tokens of appreciation for those who complete it. A badge of honor if you will...
Let's be clear. The end objective of this game is to speak a phrase to Darren or Larry so that it can be over heard by others (the louder the better!) while showing us the "official" picture of the phrase. We don't care how you show us the picture, be it print, or electronic but we will not do any computing for you, or place any storage devices in our computers.
Badges are limited so solve it early! While they get you nothing but bragging rights, shouldn't you be packing for DEFCON?
Oh, and everything you need to get started is in this blog post.
Best of luck.
Episode 202 Show Notes
Episode 202
Part 2: Come get all warm and fuzzy with the PDC crew... don't worry its soft. I was talking about WFuzz... We also discuss a few stories from the week too.
Hosts: Paul "PaulDotCom" Asadoorian,Larry "HaxorTheMatrix" Pesce, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Audio Feeds:
Episode 202 Show Notes
Episode 202 Part 1
Part 1:The folks from Command Line Kung Fu join us to celebrate episode 100, and talk a little kung fu. Who won? Who lost? Is Paul's healthy knee intact? Found out NOW!!
Hosts: Paul "PaulDotCom" Asadoorian,Larry "HaxorTheMatrix" Pesce, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Audio Feeds:
A new GUI for Metasploit has been added tonight by ScriptJunkie to the Metasploit SVN Repository. This new GUI is multi-platform and it is based on Java, the Netbeans project for it can be found in the external/source/gui/msfguijava/ directory for those who want to contribute and have Ninja Skills with Java and user interfaces. The GUI can be ran by invoking the msfgui script at the base of the Metasploit directory
./msfgui
This script simply executes the following command:
java -jar `dirname $0`/data/gui/msfgui.jar
Now to be able to run this GUI Java must be installed on the machine. Wen you run the command you should be greated by the following splash screen followed by this user interface:
Now this interface does not start since it can be used to connect to a remote msfrpcd session in another host. To start a msfrpcd session on a host so as to be able to connect remotely with msfgui the following command must be ran on that host:
./msfrpcd -S -U MetaUser -P Securepass -p 1337
we tell the msfrpcd Daemon to start with SSL disabled since there is no support for it right now, we specify the user with the –U switch, the password with the –P switch and the port to listen for inbound connection with the –p switch. The service will bind to the 0.0.0.0 address so it well listen on all interfaces, in the case you want it to bind to a specific interface you just tell it to what IP address to bind to with the –a switch and pass the IP as an option. When you run the command above the output should look something like this:
loki:msf3 cperez$ ./msfrpcd -S -U MetaUser -P Securepass -p 1337[*] XMLRPC starting on 0.0.0.0:1337 (NO SSL):Basic...[*] XMLRPC initializing...[*] XMLRPC backgrounding...
Once it is up we just use the use connect to msfrpcd option in the File menu
This will bring up the following screen
There we just enter the data we set up at our remote host, we can also start a new connection from this screen and even change the path for our Metasploit folder to another copy if we wish to using the change path button.
To start a new session with the local copy just select the Start new msfrpcd option from the File menu, this will automatically start a msfrpcd session for you using the copy of Metasploit from where you launched msfgui. Once started we can the interact with it. Lest launch a Multi handler to receive some Meterpreter connections:
Once we select the multi handler a screen will appear that will let use choose our payload, depending on the payload we will be able to set the parameters for it:
Once we have set the options needed for our shell we just hit Run Exploit to launch the job and it should appear in the jobs screen as shown below:
When the Meterpreter session is received and established it will appear in the Sessions window and we can interact with it.
To interact with our shell we can simply select it and left click on it to provide the options of what we can do. One of the thing I like about what is being done with the GUI is the way that the Meterpreter scripts where integrated as actions on the menu with easy to understand groupings as well as most common commands.
Here is the screen we would see if we selected form the System Information the Windows Enumeration, this launches the Winenum script and we can see it’s progress. We can even enter commands in the dialog box below and hit summit to send a command to the Meterpreter session once the script is finished.
We can even decide to access the servers file system and interact with it.
For pentesters do check under post exploitation the report feature for HTML activity log of what was done in the shell and Meterpreter sessions. I do invite you to play with the other options, modules and menu items and provide feedback including bug reports and features request for stuff to add the GUI. If you are a Java ninja you can provide patches and code that is also welcomed, you can do this at http://www.metasploit.com/redmine/projects/framework
We'll be recording Episode 202 of PaulDotCom Security Weekly, this time, FOR REAL! The live stream should be active around 19:30 EDT (7:30 PM), Thursday night.
"ummm, I'm not sure that's what Paul had in mind when he asked for ideas on cooling off his iPad"
Come help Ed Skoudis, Hal Pomeranz & Tim Medin celebrate 100+ episodes of Command Line Kung Fu!
Join the IRC channel during the stream - we can take live comments and discussion from the channel! Find us on IRC at irc.freenode.net #pauldotcom.
When active, the live stream(s) can be found at:
PaulDotCom Live! - You can watch the live video, listen, and chat during each episode! You can access the streaming videos at any time by visiting http://pauldotcom.com/live/
PaulDotCom Icecast Radio (Audio Only)
Break out your adult beverage of choice and join us, enjoy the show live, and thanks for listening!
- Paul "Salad Shooter" Asadoorian, Larry "HaxorTheMatrix" Pesce, Carlos "Dark 0perator" Perez, Darren "The Other Guy" Wigley, John "The Father" Strand, Mick "AppleJack" Douglas, and Mark "Quiet but Deadly" Baggett.
Last minute vulnerability disclosure debate, and a bunch of fun stories including 10 things that we'd like to hack (including your blender)
Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez
Audio Feeds:
Please join us as we welcome Dave Aitel for an interview on Episode 202 of PaulDotCom Security Weekly! The live stream should be active around 19:30 EDT (7:30 PM), tomorrow night.
psst! Larry! - we've been recording for 10 minutes and all you've done is drink beer!
Join the IRC channel during the stream - we can take live comments and discussion from the channel! Find us on IRC at irc.freenode.net #pauldotcom.
When active, the live stream(s) can be found at:
PaulDotCom Live! - You can watch the live video, listen, and chat during each episode! You can access the streaming videos at any time by visiting http://pauldotcom.com/live/
PaulDotCom Icecast Radio (Audio Only)
Break out your adult beverage of choice and join us, enjoy the show live, and thanks for listening!
- Paul "Salad Shooter" Asadoorian, Larry "HaxorTheMatrix" Pesce, Carlos "Dark 0perator" Perez, Darren "The Other Guy" Wigley, John "The Father" Strand, Mick "AppleJack" Douglas, and Mark "Quiet but Deadly" Baggett.
[My comments below are in response to "Full Disclosure is Irresponsible" by Andy The IT Guy, who I still respect, just disagree with on this one]
"Full Disclosure is irresponsible and usually hurts more people than it helps and I still believe that is the case."
What evidence do you have to support the above statement? First of all, define hurt? Who does it really hurt and how? If a vendor makes a mistake and has to feel a little "hurt" in order to fix it, this is a good thing. What if the vendor never intended to fix it and the public never found out? Isn't that worth a little bit of hurt? Of course, take this on a case-by-case basis, I don't think we can treat all vulnerabilities and vendors the same as there are so many variables.
"Most vendors, especially the big ones, will work with the researcher and release a patch in a timely manner."
Lets not forget the vendors that threaten researchers with lawsuits, launch smear campaigns, and flat out ignore researchers. What about them?
"Releasing vulnerability details puts people in danger of having their lives screwed with by others in ways that can drastically impact them in negative ways."
You are completely ignoring the positive affects and trade-offs. Having more details about a vulnerability allows work-arounds to be published, IDS/IPS signatures to be developed, and even potentially more problems with the same code to be uncovered. So, there are two sides to the coin.
"Also the argument that many in IT use saying that by knowing the details prior to a patch allows them to be able to test their systems and put controls in place doesn’t hold much water either. Why? Because many if not most companies don’t do this."
I totally disagree (and wonder where you got the above information). I've personally participated in collaborative efforts (crossing multiple organizations) to develop workarounds and signatures prior to a patch.