3 min
Metasploit
Metasploit Wrapup: Dec. 22, 2017
Even with the year winding down to a close, activity around Metasploit has been
decidedly “hustle and bustle”. Some cool new things to talk about this week, so
sit back and dig in!
For Your iOS Only
If you’ve been wanting to run Meterpreter under iOS, then this bit is for you!
While Mettle has technically worked on iOS
[https://github.com/rapid7/mettle/pull/54] since February, @timwr
[https://github.com/timwr] has added official Metasploit Framework support
[https://github.com/rapid7/metasploit
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Nov. 17, 2017
This is a time of year when many folks in the U.S. reflect on things in their
lives that they are thankful for. There’s also usually a turkey involved, but we
figured we’d pardon the bird
[https://en.wikipedia.org/wiki/National_Thanksgiving_Turkey_Presentation] this
wrapup and just focus on things we Metasploit folks here at Rapid7 are thankful
for.
Community Contributors
We are SUPER THANKFUL for our community contributors
[https://github.com/rapid7/metasploit-framework/graphs/contributors] an
5 min
Metasploit
Testing Developer Security with Metasploit Pro Task Chains
In this modern age, technology continues to make inroads into all sorts of
industries. Everything from smartphones to late-model automobiles to
internet-connected toasters requires software to operate, and this proliferation
of software has brought along gaggles of software developers with their
tools-of-the-trade. All this technology —not to mention the people utilizing it—
can result in an increased attack surface for organizations doing software
development.
In this blog post, we’ll explore
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Sep. 22, 2017
To celebrate this first day of Autumn[1], we've got a potpourri of "things
Metasploit" for you this week. And it might smell a bit like "pumpkin spice"...
Or it might not. Who knows?
Winter is Coming
If you're looking to finish filling your storehouse before the cold sets in,
we've got a couple of new gatherer modules to help. This new Linux post module
[https://www.rapid7.com/db/modules/post/linux/gather/tor_hiddenservices] can
locate and pull TOR hostname and private key files for TOR hidden
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Sept. 15, 2017
It's been a hot minute since the last Metasploit Wrapup. So why not take in our
snazzy new Rapid7 blog makeover and catch up on what's been goin' down!
You can't spell 'Struts' without 'trust'
Or perhaps you can! With the all the current news coverage around an Apache
Struts vulnerability from earlier this year
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638] (thanks to its
involvement in a consumer credit reporting agency data breach), there's a new
Struts vuln [https://lgtm.com/
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: August 11, 2017
Slowloris: SMB edition
Taking a page from the Slowloris HTTP DoS attack
[https://web.archive.org/web/20090822001255/http://ha.ckers.org/slowloris/], the
aptly named SMBLoris DoS attack [/2017/08/03/smbloris-what-you-need-to-know]
exploits a vuln contained in many Windows releases (back to Windows 2000) and
also affects Samba (a popular open source SMB implementation). Through creation
of many connections to a target's SMB port, an attacker can exhaust all
available memory on the target by sendi
2 min
Metasploit Wrapup 8/4/17
With Hacker Summer Camp 2017 wrapped up and folks now recovering from it, why
not grab a drink and read up on what's new with Metasploit?
Where there's smoke...
At least a few versions
[https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/linux/http/ipfire_oinkcode_exec.md]
of open source firewall IPFire contain a post-auth RCE vulnerability, and we
(well, you!) now have a module to help exploit that
[https://www.rapid7.com/db/modules/exploit/linux/http/ipfi
2 min
Metasploit Weekly Wrapup
Weekly Metasploit Wrapup: 2/23/17
I gave at the office
The office can be a popular place when it comes to giving. From selling kids'
cookies/candy to raising awareness for a charity, the opportunity to 'give at
the office' is definitely a thing. And now, thanks to Office macros, Metasploit
offers a new way to give (and receive!) at 'the Office'.
These days, using malicious macros in office productivity programs is still a
common attack vector. Designed with a handful of word-processing programs in
mind (including some open sour