We saw that there was a lack of security in modern networked devices that was prone to disclosures of privileged information and put privacy under risk. We thus decided to built a framework to show that this has real life consequences and impacts, and highlight awareness for these vulnerabilities in modern day server-side and cloud computing. Utilizing some of the best technologies such as nmap and paramiko, we were able to create an easy to use python program that allows you to exploit attack vectors such as ssh, smtp, http, while conducting reconnaissance on the networks.
What it does
This framework aims to exploit and attack some common every-day vulnerabilities, whether it is a misconfiguration of a SSH server, or even the utilization of apache2 as a web server, which could be subjected to malicious Slowloris DoS attacks.
The framework comprises of several modules, and within each module will be attack vectors.
How we built it
We used python and bash for the executable.
Challenges we ran into
We ran into flow control problems where conflicts involving loops and try-except blocks threatened the integrity of our executable. Typecasting also was a minor issue, but we were able to overcome it. Gmail and other email providers were also a little mean in the fact that they blocked some of our requests.
Accomplishments that we're proud of
The program is very stable and easy-to-use. This utilizes several attack vectors and exploitation methods that we had previously not had much experience with.
What we learned
We learned that building a program thats easy-to-use may seem simple in principle, but in reality, is much harder to apply in real-world scenarios. Our flow control took steps back during several steps of our procedure, and we had to visually whiteboard the process to get back on track.
What's next for dedsploit
There is still a lot in store for the development of dedsploit. This includes, but is not limited to:
- IoT attack vectors such as vulnerable smart drones, etc.
- Injecting arbitrary code into human interface devices such as Arduino Teensys
- GUI/TUI adaptation for those inclined to have a different interface
- Better support and integrity on platforms such as GitHub