2 min
Exploiting Microsoft IIS with Metasploit
As of this afternoon, the msfencode command has the ability to emit ASP scripts
that execute Metasploit payloads. This can be used to exploit the
currently-unpatched file name parsing bug feature in Microsoft IIS. This flaw
allows a user who can upload a "safe" file extension (jpg, png, etc) to upload
an ASP script and force it to execute on the web server. The bug occurs when a
file name is specified in the form of "evil.asp;.jpg" – the application checks
the file extension and sees "jpg", but
3 min
Metasploit
Metasploit Framework 3.3.3 Exploit Rankings
This morning we released version 3.3.3
[http://www.metasploit.com/framework/download/] of the Metasploit Framework -
this release focuses on exploit rankings
[https://community.rapid7.com/docs/DOC-1034], session automation, and bug fixes.
The exploit rank indicates how reliable the exploit is and how likely it is for
the exploit to have a negative impact on the target system. This ranking can be
used to prevent exploits below a certain rank from being used and limit the
impact to a particular t
1 min
Metasploit PSEXEC Scanner (via Perl)
Metasploit's pexec module is one of my favorite modules. It does exactly what I
need and it does it really well. One thing I wish that Metasploit had, is a
scanner version of the psexec exploit module. So I decided to build my own with
Perl.
Okay, assume we have the following networks: 192.168.1.0/24, 192.168.2.0/24 etc
etc... We know the local admin account is Administrator and the hash for the
account is ADMINISTRATOR:HASH.
First, we build a small Perl script to generate a configuration file
4 min
Patch Tuesday
December Microsoft Patch Tuesday Roundup
Time once again for this month's summary of the latest Microsoft Security
updates. NeXpose (including the free NeXpose Community Edition) users will have
coverage within 24 hours or less. Metasploit already had a module for the IE
exposure. Here's the breakdown ...
6 updates, with 12 vulnerabilities covered. Here's the breakdown:
MS09-069: Rated Critical. Potential Denial of Service via ISAKMP through IPsec
affecting LSASS, covering 1 vulnerability: CVE-2009-3675. Important to note that
W
2 min
Patch Tuesday
December Microsoft Patch Tuesday Preview
Sheldon here with a preview of what's coming out in next week's Microsoft Patch
Tuesday …
6 updates in total, covering 12 vulnerabilities. Windows, IE, and Office are
affected.
Bulletin 1: Remote Code Execution affects all supported Windows versions, rated
Important on most, Moderate on XP, and Critical on Server 2008. This will be
the second highest priority out of the Critical updates – particularly if you
have deployed Windows Server 2008.
Bulletin 2: Remote Code Execution doesn't aff
2 min
NeXpose Community Edition/Metasploit Integration: Responding to the Needs of Users
When we released NeXpose Community Edition and Metasploit 3.3.1 two days ago, we
received a lot of interest from members of the community. As people have
downloaded the new releases and started using them, we've had a lot of great
feedback. Your response has been exceptionally positive and people are finding a
lot of value in the NeXpose/Metasploit integration. Sincere thanks to everyone
who has provided feedback so far.
As with any free product version, there are some enterprise features that
0 min
Metasploit v3.3 Released!
HD Moore and the entire Metasploit team have released Metasploit v3.3! I'm
really excited to start using this new release as it provides tons of new
features including: 123 new exploits, 117 new auxiliary modules, support for
Vista and Windows 7, improved stability of Meterpreter, all applicable exploits
now have OSVDB references, Meterpreter with colors and much much more! More
details be be found within the Release Notes. [https://metasploit.com/]
Download Metasploit v3.3 here [https://githu
6 min
Metasploit Framework 3.3 Released!
We are excited to announce the immediate availability
[http://www.metasploit.com/framework/download/] of version 3.3 of the Metasploit
Framework. This release includes 446 exploits
[http://www.metasploit.com/modules/exploit/], 216 auxiliary modules
[http://www.metasploit.com/modules/auxiliary/], and hundreds of payloads
[http://www.metasploit.com/modules/payload/], including an in-memory VNC service
and the Meterpreter. In addition, the Windows payloads now support NX, DEP,
IPv6, and the Windo
3 min
Microsoft
November Microsoft Patch Tuesday Roundup
Time once again for this month's summary of the latest Microsoft Security
updates …
6 updates, with 15 vulnerabilities covered. Here's the breakdown:
MS09-063: Rated Critical. Potential Remote Code Execution via Memory Corruption
in Web Services on Devices API, covering 1 vulnerability: CVE-2009-2512.
Important to note that this one only affects Windows Vista and Server 2008. Also
important to note that attackers must be on the local subnet to exploit this
vulnerability, so it would either b
3 min
Metasploit Rising
I created the Metasploit Project over six years ago as way to publish security
information to those who needed it most, the security professionals in the
field. The project has evolved from a personal web site, to a collaborative
effort with a small group of friends, and finally to the robust community-driven
project that we know today. This progress came at the cost of the evenings,
lunch hours, early mornings, and weekends of countless contributors who donate
their time for the benefit of the
4 min
Microsoft
October Microsoft Patch Tuesday Roundup
Time for this month's summary of the latest Microsoft Security updates …
13 advisories, with 34 vulnerabilities covered. Here's the breakdown:
MS09-050: Rated Critical. Potential Remote Code Execution and Denial of Service
in SMBv2, covering 3 vulnerabilities: CVE-2009-2526 (Infinite Loop DoS),
CVE-2009-2532 (Command Value Remote Code Exec), and CVE-2009-3103 (Negotiation
Remote Code Exec). Important to note that this one was listed as a DoS on NVD
while Metasploit and others were insisting
1 min
Microsoft
October Microsoft Patch Tuesday Preview
Wow, because the number of bulletins affecting the number of Windows versions is
pretty staggering. Windows is taking the most lumps this month.
Wow, because Windows7 makes its debut in the monthly dance with 5 updates
(although only the IE update is critical)
Wow, because Bulletin 13 alone affects the following products across the
Microsoft universe:
- Windows 2000 SP4
- Windows XP (SP2 and SP3)
- Windows Server 2003 SP2
- Windows Vista & Vista SP1
- Windows 2008
- Office XP
-
3 min
Metasploit 3.3 Development Updates
The last 48 hours has been a whirlwind [http://trac.metasploit.com/timeline] of
development at the Metasploit Project as we prepare for the 3.3 stable release.
Efrain Torres completed the screenshot feature of the espia Metepreter module.
This command only works when the process meterpreter is executing inside has
access to the active desktop (like explorer.exe). You can see an example of this
below:
meterpreter > ps
Process list
============
PID Name Path
--- ---- ----
204 iexp
3 min
Forcing Payloads Through Restrictive Firewalls
I was reading a fun blog post
[http://clinicallyawesome.com/post/196352889/blind-connect-back-through-restrictive-firewall]
by Jason Mansfield about different ways to brute force a connection through a
restrictive outbound firewall and realized that this would be trivial to
implement in Metasploit and would go nicely with another feature implemented
earlier today.
The general idea is that many networks block some or all outbound TCP ports from
their network. This is a great way to avoid entire
4 min
NSS Labs Endpoint Protection Test Results
On Monday, NSS Labs [http://www.nsslabs.com/] released the results of their
anti-malware Endpoint Protection Product [http://www.nsslabs.com/anti-malware]
tests. The test results are separated into consumer and corporate product lines,
with the consumer report available for download from their web site after free
registration.
The test put each product through a 17-day rolling assessment, where each day
the latest updates to the product were applied and a fresh list of
malware-serving URLs w