When a Tool Becomes a Weapon

Wednesday, February 01, 2012

Alan Woodward


As with so many tools, security vulnerability detectors can be misused to exploit rather than defend. 

The Metasploit Project is an extremely valuable tool and many of us in cyber security use it to research and probe for potential problems.

However, a recent development which was revealed by Security Labs in India demonstrates just how easily the Metasploit Framework can be used to develop malicious payloads that avoid detection by the usual Anti-Virus and Firewall software.

imageBy installing a few extras with BackTrack 5 (another tool-set that penetration testers know well) it is possible to run a script based upon Metasploit that generates a "reverse TCP payload".   

In essence, all of your Internet data is carried using a protocol called TCP/IP, where the IP part gives the "addresses" of the sender and receiver, and the TCP part ensures that the entirety of the data is reconstructed correctly once received as it is chopped up into small "packets" for transmission across the Internet.   

This "reverse payload" method means that you receive the unwanted data without realising it.  Hence, it will bypass detection by the types of traps to are usually employed to capture unwanted code.

What could you do with this?  Well, imagine you could use the technique to deliver a "backdoor" to a machine. Actually, you don't need to imagine as that is exactly what was done. 

All of a sudden you have the means to take over machine remotely without the user knowing, and in such a way that most users would stand very little chance of detecting the attack: certainly not using routine Anti-Virus and Firewalls software.

It's such a shame that these tools are used in this way. Or is it? Perhaps that's the very reason they exist. 

After all this has shown a vulnerability and a form of attack vector that may not have been thought about by the AV and Firewall vendors.

Follow me on Twitter!

Cross-posted from Professor Alan Woodward

Possibly Related Articles:
Firewalls Antivirus malware Tools Backtrack Metasploit Attacks Network Security hackers backdoor TCP cyber weapon Payloads Alan Woodward Metasploit Project
Post Rating I Like this!
Michael Thibodeaux So the interesting thing on this is...how to detect and protect against such attacksa?????

I see this article as a warning to all on method to gain access. The next question is which systems are most vulnerable????

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked