The presentation discusses the Master of Servers tool, which automates the process of exploiting vulnerabilities in configuration management systems (CMS) such as Chef, Puppet, and SaltStack.
- The Master of Servers tool automates the process of exploiting vulnerabilities in CMS such as Chef, Puppet, and SaltStack.
- The tool generates rogue SSH keys and inserts them into the authorized keys files of the target systems.
- The tool leverages the CMS server to ensure that the rogue SSH keys are reinserted even if they are removed.
- The tool provides test labs for all CMS systems to facilitate testing and feedback.
- The presenter encourages contributions and feedback from testers to improve the tool.
The presenter demonstrates how the tool can be used to exploit vulnerabilities in CMS systems by generating rogue SSH keys and inserting them into the authorized keys files of the target systems. The tool leverages the CMS server to ensure that the rogue SSH keys are reinserted even if they are removed. The presenter also provides test labs for all CMS systems to facilitate testing and feedback.
Configuration Management (CM) tools are used to provision systems in a uniform manner. CM servers are prime targets for exploitation because they are connected with key machines. The tools themselves are powerful from a security standpoint: they allow an attacker to run commands on any and every connected system. Unfortunately, many security professionals do not have CM experience, which prevents them from using these tools effectively. MOSE empowers the user to weaponize an organization’s CM tools without having to worry about implementation-specific details.
MOSE first creates a binary based on user input. Once transferred to the CM server and run, this binary dynamically generates code that carries out the desired malicious behavior on specified systems. This behavior can include running arbitrary system commands, creating or deleting files, and introducing backdoors. MOSE puts the generated code in the proper place so that all targeted systems will run it on their next check-in with the server, removing the need for the user to integrate it manually.
CM tools are a powerful resource, but they have a barrier to entry. MOSE aims to remove this barrier and make post exploitation more approachable by providing a tool to translate the attacker's desired task into commands executable by the CM infrastructure.