bacon a penetration and auditing framework hernan gips [email protected]
TRANSCRIPT
BaconBacon
A Penetration and Auditing A Penetration and Auditing FrameworkFramework
Hernan [email protected]
Common problems…Common problems…
A lot of independent tools uses same A lot of independent tools uses same inputinput
Most tools are developed in c/c++ Most tools are developed in c/c++ Tools run in certain platformsTools run in certain platforms Tools need to be modifiedTools need to be modified Others…Others…
Solution: BaconSolution: Bacon
A flexible and extendible Framework A flexible and extendible Framework oriented to the security community.oriented to the security community.
OverviewOverview
Based on .NET FrameworkBased on .NET Framework Modular ArchitectureModular Architecture Multi language supportMulti language support OpensourceOpensource MultiplatformMultiplatform Fully OO DesignFully OO Design
What Bacon is not…What Bacon is not…
An automatic penetration toolAn automatic penetration tool hack-in-a-minute toolhack-in-a-minute tool A static toolA static tool
FrameworkFramework
Ability to load modulesAbility to load modules Keeps session informationKeeps session information Provides entities to store specific Provides entities to store specific
information like: targets, ports, information like: targets, ports, services, etcservices, etc
Provides libraries for proxing, Provides libraries for proxing, sniffing, etc.sniffing, etc.
FrameworkFramework
Bacon is multiplatform.Bacon is multiplatform.
Runs with:Runs with:– .NET Framework.NET Framework– MonoMono– Any ECMA VM implementationAny ECMA VM implementation
Internal ContextInternal Context
The framework provides information The framework provides information entities oriented to security and entities oriented to security and networking.networking.
Network
ServiceCollection
TargetCollection
Service
GenericList
Target
Internal ContextInternal Context
Each module has RW access to the Each module has RW access to the context. context.
Internal implementation uses XMLInternal implementation uses XML Developer can use the entities or Developer can use the entities or
directly access via generic XPath directly access via generic XPath queries.queries.
Internal ContextInternal Context
Context
Mail Addresses
Users
Session data…
Google Mails Finder
POP3 Brute force Attack
SMTP VRFY Dictionary
Attack
Target
ModulesModules
Each module is a DLL compiled Each module is a DLL compiled in .NETin .NET
Framework loads modules using Framework loads modules using reflection. reflection.
Modules are multithreadingModules are multithreading Each module runs on an different Each module runs on an different
Application DomainApplication Domain
Modules: ReflectionModules: Reflection
A developer may creates its own A developer may creates its own plugin in any language that plugin in any language that generates .NET assembly.generates .NET assembly.
ModulesModules
Well known languagesWell known languages C#C# VB.NETVB.NET C++.NETC++.NET
Not so well knownNot so well known IronPythonIronPython BooBoo
ModulesModules
Every modules inherits from Every modules inherits from Bacon.PluginBacon.Plugin abstract class abstract class
This class provides two methods:This class provides two methods:– Start()Start()– Stop()Stop()
Module has facilities toModule has facilities to– Access the contextAccess the context– Log debug informationLog debug information
ModulesModulesExample module source code in C#Example module source code in C#
[Plugin("Test", "plugin for testing purposes")]public class TestPlugin : Bacon.Plugin{
[Command("listdump", "command to test something")]….….
[Command(“listusers", "command to test something")]……
}
ModulesModules
Modules has commands defined on itModules has commands defined on it Each command has different parametersEach command has different parameters
[Command("hack", "hacks something")]class HackCommand : Bacon.Command{
public override void Execute(){
…….}
}
ModulesModules
How loader worksHow loader works
TestPlugin : Bacon.Plugin
MSILAssembly
Plugins Loader
Plugins Manager
Modules: Module chainingModules: Module chaining
Network Scan ICMP
Targets
TCP port scanner
[connect()]
Services
Web directory
finder
Web file finder
Dirs
Files
Dictionary
input: 192.168.0.0/24
Report Generato
r
XML
RemotingRemoting
The Framework exposes its own The Framework exposes its own interface like a remote service.interface like a remote service.
This is useful to create distributed This is useful to create distributed attacks.attacks.
Framework InterfaceFramework Interface
Integrated Command Line ConsoleIntegrated Command Line Console
Framework InterfaceFramework Interface Uses WinformsUses Winforms Each module may provide its own Each module may provide its own
GUIGUI
Framework InterfaceFramework Interface
You may create your own interface. You may create your own interface.
(i.e. a web interface)(i.e. a web interface) You may also create a common GUI You may also create a common GUI
generator for each modulegenerator for each module
Framework ServicesFramework Services
ProxyLib ServiceProxyLib Service SniffLib ServiceSniffLib Service FuzzLib ServiceFuzzLib Service OtherOther
Framework: ProxyLibFramework: ProxyLib
Creates simple proxiesCreates simple proxies HTTP, Sockets, etcHTTP, Sockets, etc Hook to eventsHook to events
State of DevState of Dev
Bacon got sponsored!Bacon got sponsored! The framework architecture is mostly The framework architecture is mostly
closedclosed We are working on creating new We are working on creating new
modules and a nice GUI.modules and a nice GUI.
FutureFuture
Module creation process Module creation process Now Now Opensource official release Opensource official release 3 3
MonthsMonths Community site release Community site release 1 Month 1 Month
ConclusionConclusion
We want to create a standard We want to create a standard framework for pentesting and framework for pentesting and auditing networks and applications. auditing networks and applications.
We want the security community We want the security community uses it and develops module for the uses it and develops module for the frameworkframework