Privilege Escalation with the Metasploit Framework

Presented at DerbyCon 2.0 Reunion (2012), Sept. 28, 2012, 8 p.m. (50 minutes)

As part of the State of the Framework Address at last year’s DerbyCon, I discussed Post modules, the newest module type available in the Metasploit Framework. This time around, I’ll be focusing on a fusion of Post modules and Exploit modules: Msf::Exploit::Local, for when you absolutely, positively, have to have root (and don’t mind an occasional kernel panic). This talk will cover some fun local exploits, from antiquity to modern times, including how to use and create them for the Metasploit Framework.

Presenters:

• James Lee / Egyp7   as egyp7
  egyp7 is a software developer for Rapid7 where he is Open Source Project Manager and a core developer for the Metasploit Framework. Before coming to Rapid7 to work on Metasploit, he was a Cybersecurity researcher for Idaho National Laboratory where he discovered numerous vulnerabilities in SCADA and Industrial Control Systems and probably didn’t write Stuxnet.

Similar Presentations:

• BSides Austin 2018 / Metasploit Minus Metasploit
• DerbyCon 2.0 Reunion (2012) / Introduction to Metasploit Post Exploitation Modules
• DEF CON 12 (2004) / Bubonic Buffer Overflow