Privilege Escalation with the Metasploit Framework

Presented at DerbyCon 2.0 Reunion (2012), Sept. 28, 2012, 8 p.m. (50 minutes).

As part of the State of the Framework Address at last year’s DerbyCon, I discussed Post modules, the newest module type available in the Metasploit Framework. This time around, I’ll be focusing on a fusion of Post modules and Exploit modules: Msf::Exploit::Local, for when you absolutely, positively, have to have root (and don’t mind an occasional kernel panic). This talk will cover some fun local exploits, from antiquity to modern times, including how to use and create them for the Metasploit Framework.


Presenters:

  • James Lee / Egyp7 as egyp7
    egyp7 is a software developer for Rapid7 where he is Open Source Project Manager and a core developer for the Metasploit Framework. Before coming to Rapid7 to work on Metasploit, he was a Cybersecurity researcher for Idaho National Laboratory where he discovered numerous vulnerabilities in SCADA and Industrial Control Systems and probably didn’t write Stuxnet.

Similar Presentations: