n this presentation- Josh and Victor will present “Snarf”, a tool that changes up the process for relaying SMB (and other protocols) so that the penetration tester can get more practical value out of a relayed session. Most relaying approaches require the attacker to define the payload in advance, and are one-shot wonders they either work or they fail- and you don’t get a second chance. The Snarf approach retains a relayed session when the victim releases it, allowing the attacker to jack in other tools to run multiple payloads and interact with the target service. This allows live experimentation during the penetration test (without ever knowing the credentials!), and makes real-world exploitation of relay scenarios much easier and more practical. We will also present how this approach can be generalized for other protocols, and will demonstrate a variant of Snarf weaponized for attacking MySQL database sessions.

Back to Derbycon 2014 video list