Metasploit Unleashed Week 3 didn’t get recorded since I was away at the Mid Atlantic CCDC unleashing some Metasploit on some blue team boxes. The module covered was fuzzing. The class worked through fuzzing the 3com TFTP Service in Python and with Metasploit. The python file is tftpfuzzer below and the Metasploit file is available at the course website.
This week for Week 4 we covered exploit development. There is plenty in the course module that was not covered. This lecture is suitable for beginning exploit development. We exploited the 3com TFTP service we fuzzed last week. Porting the exploit to Metasploit was left for an exercise. In Week 5 in addition to client side exploitation we will go over porting the 3com TFTP exploit into Metasploit as well as some additional Metasploit exploit development features.
Additionally, Chris Gates from Rapid7 was our guest lecturer this week. He spoke to the class on Metasploit Auxiliary Modules. His slides and video can be found below as well.
See you all next week. As a reminder Metasploit Unleashed is held at Reverse Space each Thursday at 8pm and Saturday at 3pm. A GoToMeeting is available for those who are not local.
Metasploit Unleashed Week 4 from Georgia Weidman on Vimeo.
Metasploit Unleashed Week 4 Part 2 from Georgia Weidman on Vimeo.
Metasploit Week 4 Exploit Dev Screencast from Georgia Weidman on Vimeo.
Chris Gates Metasploit at Reverse Space from Georgia Weidman on Vimeo.
Chris Gates Metasploit at Reverse Space Part 2 from Georgia Weidman on Vimeo.