Scalable Distributed Attack Platform

Hi all francois commented asking if I had uploaded the video. I’ve not had chance to rencode the video to a sensible size yet as I’ve been away on business and then was away at a LAN over the weekend. But anyways this is the raw version recorded using vmplayer.

SDAP Video (~170Mb) <- Big I know but server bursts at a Gigabit so should be ok.

I will rencode it to a more sensible size when I get a chance but for now if your interested give this a look.  Any questions please feel free to message me.  It’s not massively interesting but just demonstrates the minimal workings of the project and was actually originally recorded as a back up for my Demo when doing my Project for my Degree.

A number of people have asked me lately about progress on the project. So I thought I would do a post to update anyone who is interested.

• Question: Is there a working prototype?
  Answer : Yes there is a working prototype of the project which is can
  • Take a target(’s) as input
  • Carry out a distributed nmap scan using 1 to N Nodes (As a note the distributed arcitecture makes use of the Cajo framework)
  • Carry out a nessus scan
  • Take these results and pass them into Metasploit and attempt to perform exploitation.
  • If exploitation is successful and the target is a windows host hashes are retrieved and are attempted to be cracked using Rainbowcrack.
• Question: Is it going to be released?
  Answer: Most certainly yes but not in its current form. As I don’t believe it to be useful or stable enough for practical use. The project was initially intended just to be for my Third Year BSc Project but I see it to have potential uses, therefore I am planning to continue development and release it when I am a bit happier that the code is not so disgusting.  When it is released it will be free and the full source code will be available for people to do with as they please.
• I am currently working full time at the moment but am going to endeavour to get a working version that is easy to use released by the end of the year.  What I am currently planning to do is release a version which can just perform a distributed nmap scan as I think this is one of the most useful elements. Hopefully will get this done by the end of next month.
• Finally to finish up this update I will be uploading a video showing the current version carrying out an attack this should be done in the next 24hours (Just waiting for it to be re-encoded at the moment).  If anyone has any questions or comments please feel free to contact me, I would be interested to know what people would like to see from the project.

For continuous progress updates:-

search twitter for #sdap

There has been a good ammount of progress over the last few days some of the key advances are detailed below.

• XML Merging of nmap results has been completed.
• Unit tests have been written for the merging using XMLUnit.
• Discovered the db_autopwn feature in metasploit, should prove very useful.
  Using SQLite as the DBS, since neither postgres or MySQL are easily accessible on the cluster.
• Modified the autopwn feature to use the meterpreter instead of a generic command shell payload and also got it to run an auto script.
• Started to modify the scraper script written by hdm.
• Figured out running nessus from commandline.
  Although there may be issues with running Nessus on the cluster due to not being able to define the install directory and  having to run the server daemond.
• Currently running some tests with John the Ripper on the cluster, will definitly need to implement dJohn or similar.
• Have decided if time to connect to milworm to find more potential exploits.

In order to perform a merge of two XML files the following process takes place:-

1. First XML file is translated to an objective form using xstream.
2. Second XML file is translated to an objective form using xstream.
3. Using annotations that have been specified in the classes representing the XML files data structure, identifcations can be made on how the merge process takes place.
   The annotations are either specified per field or a default can be set on the class or a higher class and this will be used if no lower scoped annotation is visible.
4. New object representing the two merged files is produced.
5. Object translated back to XML using xstream.

When the system is implemented on the cluster OS fingerprinting can’t be used because of the lack of root privileges.

Error Message:

TCP/IP fingerprinting (for OS scan) requires root privileges.

Found out that by using “qhost”  (qhost – show the status of Grid Engine hosts, queues, jobs) comman it should be possible to get a lot of information out about the status of different nodes, this can then be used in the node selection process and original setup.

A To Do list has been created for SDAP see http://sdapproject.basecamphq.com/

Main priorites currently are

• Finish Nmap Intergration
• Test on Cluster
• Intergrate Nessus (Old Version)
• Intergrate Metasploit
• Intergrate distributed version of John the Ripper

Aiming for completion of Nmap and Nessus intergration by 09/03/2009

Due to lack of root privileges it will not be possible to test UDP services using the cluster.

[master ~]$ nmap -F -d2 -sU scanme.nmap.org
You requested a scan type which requires root privileges.
QUITTING!

Metasploit intergration has begun, attempting to use jRuby to allow use of Ruby in Java.