Yesterday, the local chapter of the BCS organised a talk on Ethical Hacking, given by Tony Cawte from Domicilium. Was a pretty good event, with lots of interest from the public. Tony gave a good,? fluent talk, managing to get over his initial trepidation (it was his first public speaking engagement) and getting his comfort out of his technical knowledge and passion for the subject.
I was familiar with most of the tools he discussed and demoed, particularly the usual fingerprinting techniques and WEP cracking tools. However, I did pick up some good tips, particularly in the area of exploit usage. Tony used a tool called Metasploit to open a VNC console on a vulnerable box. It was incredibly easy, consisting of simply selecting a couple of options from a webpage and specifying the IP address of the victim server. If you’re interested in having a play, there’s a three part article on using the Metasploit Framework on SecurityFocus: here, here and here
I don’t know what I’m more worried about .. whether it’s that he described it as “a script kiddie‘s wet dream” .. or that I went straight home and tried it out ….