A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Gone in 60 minutes _ Practical Approach to Hacking an Enterprise with Yasuo - Saurabh Harit, Stephen Hall Hack3rcon 5 (Hacking Illustrated Series InfoSec Tutorial Videos)

Gone in 60 minutes _ Practical Approach to Hacking an Enterprise with Yasuo
Saurabh Harit, Stephen Hall
Hack3rcon 5

This talk is going to be centered around Yasuo, an open-source vulnerable application scanner purely written in Ruby. We plan to release an updated version of the framework at the conference. If you search through Exploit-db, there are over 10,000 remotely exploitable vulnerabilities that exist in tons of web applications and could allow an attacker to completely compromise the back-end server. These vulnerabilities range from RCE to malicious file uploads to SQL injection to LFI and so on. We often talk about exploiting JBoss jmx-console, Apache tomcat manager but that’s just scratching the surface.

A random wise man once said – “It’s not about what, it’s about where”. With all the modern network protections these days, a smart hacker, good or bad, is always looking for that one IP, one port, one application that could be exploited to penetrate through the network. Yasuo is built to quickly scan the network for such vulnerable applications thus serving pwnable targets on a silver platter.

During this talk, we will elaborate on the development of Yasuo, the problem, the challenges and how it can be effective in hacking an organization in the real-world scenario.

Some more description (much free time):

Be it a red-team assessment or an outsider attempting to hack an organization after bypassing the physical security, both scenarios require an attacker to break-in, find exploitable targets, pwn them and get-out. The catch is to do all this in a short amount of time and while being stealth. On such engagements, where you have limited time-window and being stealthy is a necessity, running a generic-vulnerability scanner like Nessus may not be the best and most effective approach.

This talk will elaborate on some of the practical tactics that one can adhere to, in order to be successful. The main focus of this talk would be our open-source ruby framework, Yasuo, that we will demo at the conference. Yasuo is a vulnerable application scanner, which scans the network for vulnerable applications that are listed in exploit database – Exploit-db and could allow server compromise through remote code execution, command injection, sql injection, malicious file uploads, remote/local file include and many more.

We will demonstrate how Yasuo can be stealthy, quick & effective in finding exploitable targets, most of which are not picked up by a generic-vulnerability scanners. Below is a rough outline of our talk:

- Bypassing physical security
o Effective ways of beating physical security protections and gaining access to the office premises.
- Bypassing network protection
o Various practical ways of bypassing network protections such as NAC (network access control)
- The problem
o Why running a generic vulnerability scanner is a bad idea
o How to quickly find targets that can be pwned on the internal network. For once, Google is NOT your friend
- The typical lengthy process – World without automation
- Yasuo
o What is Yasuo?
o What can it do?
o How does it do it?
o Exploring the framework
o Benefits of Yasuo over a generic vulnerability scanner
o Be stealth & Be Quick – Because you broke into someone’s office
o Demo
o Future development plans
- Questions

>

Back to Hack3rcon 5 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast