Nsploit (Popping Boxes With Nmap) Sector 2009
Description:
In this talk Ryan Linn (Information Security Engineer at SAS) talks about a new tool called Nsploit which is a series of Lua scripts that that allow Nmap to talk to Metasploit.
Nsploit consists of 3 parts-
1)Library- It facilitates all the communication
2)Triggers-Triggers fire when something is detected .
3)Config-Helps us set the options for the attack.
Basically it helps us to launch targeted attacks against a range of Ip address (remember metasploit autopwn?) But how do we communicate Between Nmap (port scanner) and Metasploit(Exploitation Framework). Ryan Linn talks about XMLRPC(@root>> load xmlrpc secretkey) which helps us to communicate between Nmap and metasploit using a secret Key( having a 15minute timeout).Ryan linn then shows a demo. He starts metasploit , loads the xmlrpc plugin to create a listener and then uses Nmap with the --script option to carry out the scan . Nsploit then takes the Information (file is in /nmap/mselib directory) and sends it to Metasploit which does the rest.In the demo Ryan linn also talks a lot about the Meterpreter Payload and the Recently developing Nmap modules.
You can download Nsploit from
here. Ryan Linn's blog can be found
here. You can download the pdf from
here.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments: