Put Up OR Shut Up (PUORSU) Conference
* I'm calling it PUORSU rather than PUOSU because I find it easier to read as *pursue*, as in to pursue knowledge =) *
The conference was held on Nov. 20, 2008 in a cafe located near East Ave, QC. The discussion regarding the final date and venue was moved off the PLUG list since drexx wanted to keep the number of attendees to a minimum. Confirmation as to whether the event would push through was rather sketchy since the event was so informal that the general attitude seemed to be "just go there and we'll see". Not that big a deal if you were not planning on skipping work and travelling quite a distance to go there =)
I got to the venue around 10:20 AM. Philip and Joebert were there ahead of me. Both had their laptops open and were apparently already playing with Metasploit. We basically just talked a bit while we waited for the others. After about 30 minutes we started getting apprehensive that the others were either not going to come or had gotten lost (the number on the address emailed to us was wrong). We debated whether to go to Robinson's for some free wi-fi or to setup an ad-hoc network so we can practice on the VM's Philip had brought. We settled going for the ad-hoc network. We had a bit of delay trying to setup philip's laptop as the host for the network. I made the discovery that wicd doesn't correctly configure ad-hoc on my laptop. I was going for the manual setup when Jumbz arrived.
He brought some needed hardware, a wifi AP, network cables, power cords, and the big racktype-like server. Jumbz btw is the sponsor for the venue, one of his siblings own the place. He sponsored for the food of which there were lots and quite tasty. He was still setting up his equipment when Drexx arrived. Drexx brought the server he promised and on which we later ran the VM's we brought. He came in talking about some forensics case he was working on and it sparked our interest.
After finalizing the equipment setup we started the main part of the conference. I learned a very cool trick on how to make a switch behave like a hub. I still can't believe that switches have a fundamental flaw like that, I asked drexx if it was vendor specific and he said no, it affected all switches.
Drexx gave an overview of Nmap, the various switches and how they affected the scan. Oh, and you could tell he was a network engineer the way he insisted on counting packet sizes to prove a point =)
Lunch Break. Like I said lots of food, more than we could eat. Jumbz and I talked a bit outside during a yosi break. He has a beowulf cluster built and he said that the server he brought was built with COTS stuff. He's also the type of guy who compiles common software from source =)
Moving on, we loaded a VM, the Win 2k image I had brought with me. It basically got hammered as we all tried to exploit it. We just used metasploit since joebert and philip were still learning how to use it. Joebert picks up real fast and even improvised a script on the fly which throws all available exploits against a target. We got a kick out of the vnc payloads, myself more so since I have'nt played with that payload before.
We also loaded up some more VM's. The 2 solaris images didn't work out, one of them didn't boot properly while the other had its root password forgotten so that we were unable to configure its network interface. Drexx had an XP SP2 image which I got shell access to. He had some honeypot software running on it =) There was also the "Nagios" VM. I claimed I could get root acces to it and I did. Not by using an exploit but by using the overheard password =) Isn't that part of network security, protect your passwords? =) Jumbz apparently has win2k3 installed on his server but I didn't attack it because I didn't know it was declared as a target.
Snack time. More food. There was so much food that we were unable to eat all of it =)
There were a number of interesting discussions that took place during the day. The topics included RNG's causing weak tokens, pentest rates, sql injection, a joomla vuln which affected philip's server, virtualization with all its present forms, vmware, virtualbox, openvz, using DEBUG to write an exe to disk, that well-known pentest team using nessus and charging an unbelievable amount for it, chinese hacking the US, drexx hacking a spammers' email account, etc.
*Misc stuff * I found out that banks here doesn't have a central body approved set of compliance and regulations which is probably why a lot of them use obsolete win2k's in their internal network. I have a feeling audits and pentest will be a moneymaker if they ever get one =) I got to try out smbshell the precompiled nasl script while the others were practising with metasploit. I brought an eee which ran all my sofware and scripts perfectly, except for nessus which I didn't even try out once during the con since I know it's such a memory hog. I found out that an open flame food warmer will get people to sniff their hardware =)
That was basically it. Not bad for an introductory meetup =). I got picked to present about w3af, of which I know nothing about, next meeting. Future sessions would involve wardriving, OWASP stuff, more metasploit stuff, and more food =)
The conference was held on Nov. 20, 2008 in a cafe located near East Ave, QC. The discussion regarding the final date and venue was moved off the PLUG list since drexx wanted to keep the number of attendees to a minimum. Confirmation as to whether the event would push through was rather sketchy since the event was so informal that the general attitude seemed to be "just go there and we'll see". Not that big a deal if you were not planning on skipping work and travelling quite a distance to go there =)
I got to the venue around 10:20 AM. Philip and Joebert were there ahead of me. Both had their laptops open and were apparently already playing with Metasploit. We basically just talked a bit while we waited for the others. After about 30 minutes we started getting apprehensive that the others were either not going to come or had gotten lost (the number on the address emailed to us was wrong). We debated whether to go to Robinson's for some free wi-fi or to setup an ad-hoc network so we can practice on the VM's Philip had brought. We settled going for the ad-hoc network. We had a bit of delay trying to setup philip's laptop as the host for the network. I made the discovery that wicd doesn't correctly configure ad-hoc on my laptop. I was going for the manual setup when Jumbz arrived.
He brought some needed hardware, a wifi AP, network cables, power cords, and the big racktype-like server. Jumbz btw is the sponsor for the venue, one of his siblings own the place. He sponsored for the food of which there were lots and quite tasty. He was still setting up his equipment when Drexx arrived. Drexx brought the server he promised and on which we later ran the VM's we brought. He came in talking about some forensics case he was working on and it sparked our interest.
After finalizing the equipment setup we started the main part of the conference. I learned a very cool trick on how to make a switch behave like a hub. I still can't believe that switches have a fundamental flaw like that, I asked drexx if it was vendor specific and he said no, it affected all switches.
Drexx gave an overview of Nmap, the various switches and how they affected the scan. Oh, and you could tell he was a network engineer the way he insisted on counting packet sizes to prove a point =)
Lunch Break. Like I said lots of food, more than we could eat. Jumbz and I talked a bit outside during a yosi break. He has a beowulf cluster built and he said that the server he brought was built with COTS stuff. He's also the type of guy who compiles common software from source =)
Moving on, we loaded a VM, the Win 2k image I had brought with me. It basically got hammered as we all tried to exploit it. We just used metasploit since joebert and philip were still learning how to use it. Joebert picks up real fast and even improvised a script on the fly which throws all available exploits against a target. We got a kick out of the vnc payloads, myself more so since I have'nt played with that payload before.
We also loaded up some more VM's. The 2 solaris images didn't work out, one of them didn't boot properly while the other had its root password forgotten so that we were unable to configure its network interface. Drexx had an XP SP2 image which I got shell access to. He had some honeypot software running on it =) There was also the "Nagios" VM. I claimed I could get root acces to it and I did. Not by using an exploit but by using the overheard password =) Isn't that part of network security, protect your passwords? =) Jumbz apparently has win2k3 installed on his server but I didn't attack it because I didn't know it was declared as a target.
Snack time. More food. There was so much food that we were unable to eat all of it =)
There were a number of interesting discussions that took place during the day. The topics included RNG's causing weak tokens, pentest rates, sql injection, a joomla vuln which affected philip's server, virtualization with all its present forms, vmware, virtualbox, openvz, using DEBUG to write an exe to disk, that well-known pentest team using nessus and charging an unbelievable amount for it, chinese hacking the US, drexx hacking a spammers' email account, etc.
*Misc stuff * I found out that banks here doesn't have a central body approved set of compliance and regulations which is probably why a lot of them use obsolete win2k's in their internal network. I have a feeling audits and pentest will be a moneymaker if they ever get one =) I got to try out smbshell the precompiled nasl script while the others were practising with metasploit. I brought an eee which ran all my sofware and scripts perfectly, except for nessus which I didn't even try out once during the con since I know it's such a memory hog. I found out that an open flame food warmer will get people to sniff their hardware =)
That was basically it. Not bad for an introductory meetup =). I got picked to present about w3af, of which I know nothing about, next meeting. Future sessions would involve wardriving, OWASP stuff, more metasploit stuff, and more food =)
Post a Comment