DEFCON London – Christmas meeting – Tuesday 2nd December 2008
Yes, folks, it’s that time of the year/month again…
This will be our last meeting of 2008, so we’re planning to make it a
goodun!!! All are welcome, but remember – Fight Club rules apply… If
this is your first meet, you *will* talk… :)
If your planning on going for the first time be prepared to talk!
This time we’ve got:
- Bluetooth fun & Wargames – Christer & Mr K (long talk, double slot)
- ‘hacking rogue for fun & profit (mostly profit)’ – freakyclown
- Coring BlueCore – Mark
Its a shame that Christmas has zapped all my cash. :-(
For more info click here.
Location : Glassblower, Piccadilly
Meterpreter is a Metasploit payload designed for post-exploitation tasks.
One of the steps involved in completely automating exploitation is post-exploitation automation. This is where steps are taken to automate the tasks that are performed after successfully exploiting a target host. The meterpreter implementation in Metasploit 3.0 defines a programmatic interface for the attacker that helps to facilitate this automation, such as by making it easy to interact with processes, networking, and the file system. While all of this has been present for some time, we have only recently added support for Meterpreter scripts. The purpose of meterpreter scripts are to give end-users an easy interface to write quick scripts that can be run against remote targets after successful exploitation. In the long term, we’ll make it so that these scripts can run automatically each time a Meterpreter session is created, thus making the post-exploitation process completely automated.
After playing around with it for a few hours Ive realised that its a very powerful tool for any pen tester to have. I tried in vain to record the exploitation and post exploitation process using the open source screen recorder ‘CamStudio’ however I was unsuccessfully due to it not recording some of the screen. I will try and find alternative software or have another go with CamStudio in the near future to show you all how powerful the meterpreter payload really is.
Meterpreter has been around since Metasploit version 3 however in the newest version of Metasploit it seems that the meterpreter DLL that gets uploaded to the target machine is no longer detected by anti virus software. In theory Metasploit could scan random IP ranges, exploit targets using autopwn, grab the administrator hashes and then email them to the attacker. A script kiddies wet dream.
For more info on meterpreter click here.
To view a video of meterpreter in action click here.
While looking through some old DEFCON material I came across Sam Bowne’s video presentation on teaching hacking at college. The presentation was at DEFCON 15 on August 3-5 2007. He speaks about the practicalities of teaching hacking in an academic fashion. Its a must view if your thinking of taking a career path within the security industry and thinking of starting a course in hacking.
The video can be downloaded from here.
To view the full DEFCON archives click here.
To visit Sam Bowne’s personal web site click here.
Progressive rock legends Marillion are set to perform at a benefit concert for hacker Gary McKinnon.
A concert is being organised to support the hacker, who the US is currently trying to extradite over charges that he caused $700,000 worth of damage when he allegedly hacked into US security systems at NASA and the Pentagon.
This would be an excellent way to raise awareness of Gary’s case and hopefully encourage a debate regarding the UK/US extradition treaty.
Mr Hemsworth, who is also UK director of the International UFO Congress, plans to organise a ‘Band Aid style’ song recorded at Abbey Road studios and hopes George Michael will sing Mr McKinnon’s own single, Only a Fool. All proceeds from the concert will go to the Autism Research Centre in Cambridge, after Mr McKinnon was diagnosed with Asperger’s syndrome in August.
I wonder how much the tickets would be and what the turn out would be like.
To read the full story click here.
To see Gary McKinnon’s Only a Fool single video click here.
The co founder of Apple Inc is seen in an interview with BBC Click’s Spencer Kelly admitting he loves hackers. Steve Wozniak is responsible for designing and creating the Apple I and Apple II. In the video clip ‘The Woz’ chats about the start of Apple Inc and how he set out to change the world of computing. He says he loves iPhone hacks and the fact you can unlock them.
To see the online BBC Click video click here. (5.44 seconds)