SimWitty Internship: Week 2

The task this week was to choose which tools from the Matriux arsenal are most appropriate to use for this project. Restating the goal of the project will probably aid in clarity. The objective is to simulate client side type attacks through penetration testing and determine how the SimWitty appliance handles this traffic/behavior. With this in mind, the main tasks with this project should be:

• Crafting email messages that link to a malicious website.
• Creating the proper exploits for this website to affect workstations running Windows XP professional.
• Gain control of those workstations if possible.
• Attempt to increase the foothold within the network.

With this being the goal, certain tools are ruled out immediately. I won’t be needing any tools in the Wireless class or the Bluetooth class. On the other hand, certain tools will be absolutely necessary. These are mainly the tools in the Framework class. For all the other basic classes it is more hit and miss, some will be useful and some will not. I made an Microsoft Access database that includes: the tool name, a description of the tool, whether it is necessary to the project, and a link to the tools website. I then created a report from the database, and printed the report out to pdf format (available here).

I am fairly certain that the main tool I will be using is the Metasploit Framework. MSF is a very nicely packaged system that should allow me to accomplish the project goals. In looking at the Fast-Track toolset, it also has possibilities. It is (at first glance) a scripted and simplified way of interacting with MSF, but I also believe it brings some of its own functionality to the table. Other tools that will probably be useful are those whose purpose is to explore a LAN and consolidate a foothold there. An example of this class is Ettercap. It goes without saying that Wireshark and Nmap will be needed.

There are many tools in Matriux that would be useful in a real world situation that I won’t be using in this project. This is no reflection on the tool or the Matriux arsenal, this is just a specialized case. An example of this is the Reconnaissance class. In the real world, it would be necessary to discover a lot more about the target company. For client side attacks such as spear-phishing to work, the attacker must be as familiar as possible with the target.