3 min
Metasploit
Weekly Metasploit Update: BrowserExploitServer (BES), IPMI, and KiTrap0D
Browser Exploit Server
This release includes the much vaunted and anticipated BrowserExploitServer
(BES) mixin
[https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/remote/browser_exploit_server.rb]
, the brainchild of Metasploit exploit developer Wei @_sinn3r
[https://twitter.com/_sinn3r] Chen. Metasploit, at its core, is designed to be
both an exploit delivery system and exploit development system, so this new
mixin should help tremendously with the latter. BES, in a
3 min
Product Updates
Weekly Update - 11/6/13
Disclosures for SuperMicro IPMI
On the heels of last week's bundle of FOSS disclosures
[/2013/10/30/seven-foss-disclosures-part-one], we've gone a totally different
direction this week with a new round of disclosures. Today, we're concentrating
on a single vendor which ships firmware for Baseboard Management Controllers
(BMCs): Supermicro, and their Supermicro IPMI firmware. You can read up on the
details on HD's blog post [/2013/11/06/supermicro-ipmi-firmware-vulnerabilities]
which covers the
5 min
Vulnerability Disclosure
Seven FOSS Tricks and Treats (Part One)
Adventures in FOSS Exploitation, Part One: Vulnerability Discovery
_This is the first of a pair of blog posts covering the disclosure of seven new
Metasploit modules exploiting seven popular free, open source software (FOSS)
projects.
Back over DEFCON, Metasploit contributor Brandon Perry decided to peek in on
SourceForge, that grand-daddy of open source software distribution sites, to see
what vulnerabilities and exposures he could shake loose from an assortment of
popular open source enterpri
4 min
Weekly Update: vBulletin's and D-Link's Backdoors, and MS13-080 revisited
Simulating the Adversary
A big part of what we do here at Metasploit is "simulating bad guys." On a good
week, we can focus on taking real exploits that are being actively used on the
Internet, clean them up to our standards for publishing, make sure they actually
work as reported, and publish a Metasploit module. This last week has been very
good indeed, at least from our point of view, since there's been loads of
exploitation going on lately that's come into public view.
vBulletin's accidenta
3 min
Exploits
Weekly Update: New Exploits for MS13-069, MS13-071
Let's Curbstomp Windows!
This week, we've got two new exploits for everyone's favorite punching bag,
Microsoft Windows. First up, we'll take on Microsoft Internet Explorer. MSIE has
a long and storied history of browser bugs, but truth be told, they're really
pretty hard to exploit reliably these days. If you don't believe me, take a look
at the hoops we had to jump through to get reliable exploits together for
MS13-069.
MS13-069 [http://technet.microsoft.com/en-us/security/bulletin/ms13-069] w
3 min
Metasploit
Weekly Update
Windows Meterpreter: Reloaded
If you've been around Metasploit for any length of time, you know that
Meterpreter is the preferred and de facto standard for manipulating a target
computer after exploit. While Meterpreter and Metasploit go hand-in-hand, we did
manage to get some code seperation between the two by breaking Windows
Meterpreter out to its own open source respository on GitHub
[https://github.com/rapid7/meterpreter].
As threatened in a previous blog post [/2013/09/05/weekly-update],
3 min
Metasploit
Weekly Update: MSIE, GE Proficy, and handling Metasploit merge conflicts
Exploiting Internet Explorer (MS13-055)
This week, we open with a new IE exploit. This is a pretty recent patch (from
July, 2013), and more notably, it appears it was silently patched without
attribution to the original discoverer, Orange Tsai. So, if you're a desktop IT
admin, you will certainly want to get your users revved up to the latest patch
level. Thanks tons to Peter WTFuzz [https://twitter.com/WTFuzz] Vreugdenhil and
of course Wei sinn3r [https://twitter.com/_sinn3r] Chen for knocking
2 min
Product Updates
Weekly Update: Apple OSX Privilege Escalation
Sudo password bypass on OSX
This week's update includes a nifty local exploit for OSX, the sudo bug
described in CVE-2013-1775. We don't have nearly enough of these Apple desktop
exploits, and it's always useful to disabuse the Apple-based cool-kids web app
developer crowd of the notion that their computing platform of choice is
bulletproof.
Joe Vennix [https://github.com/jvennix-r7], the principle author of this module,
is, in fact, of that very same Apple-based developer crowd, and usually bu
3 min
Product Updates
Weekly Update: Cooperative Disclosure and Assessing Joomla
Cooperative Disclosure
I'm in attendance this year at Rapid7's UNITED Security Summit, and the
conversations I'm finding myself in are tending to revolve around vulnerability
disclosure. While Metasploit doesn't traffic in zero-day vulnerabilities every
day, it happens often enough that we have a disclosure policy that we stick to
when we get a hold of newly uncovered vulnerabilities.
What's not talked about in that disclosure policy is the Metasploit exploit dev
community's willingness to help
2 min
Metasploit
Metasploit Design Contest: So Much Win!
You may recall that back in May, we announced a Metasploit design contest
[/2013/05/03/metasploits-10th-anniversary-laptop-decal-design-competition] to
commemorate 10 years of Metasploit -- and now, it's time to announce the (many)
winners! Once again, the open source security community has blown me away with
your creativity, dedication, and subversive humor. We had a total of 118 designs
(most of which did not suck!) from 55 designers. Not bad for a nearly completely
hashtag-driven contest! In
3 min
Metasploit
Metasploit Update: Those Sneaky IPMI Devices
IPMI, in my network?
This week's update features a set of tools for auditing your IPMI
infrastructure. "Phew, I'm glad I'm not one of those suckers," you might be
thinking to yourself. Well, the thing about IPMI (aka, the Intelligent Platform
Management Interface) is that it's just a skootch more esoteric than most
protocols, and even experienced server administrators may not be aware of it. Do
you use server hardware from IBM, Dell, or HP? Have you ever had to use IBM's
Remote Supervisor adapte
3 min
Product Updates
Weekly Update: The Nginx Exploit and Continuous Testing
Nginx Exploit for CVE-2013-2028
The most exciting element of this week's update is the new exploit for Nginx
which exercises the vulnerability described by CVE-2013-2028
[http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html]. The
Metasploit module was written by Metasploit community contributors hal and
saelo, and exploits Greg McManus's bug across a bunch of versions on a few
pre-compiled Linux targets. We don't often come across remote, server-side stack
buffer overflows in popul
3 min
Metasploit
Weekly Update: 4.6.1, ColdFusion Exploit, and SVN Lockdown
Metasploit 4.6.1 Released
This week's update bumps the patch version of Metasploit to 4.6.1 (for installed
versions of Metasploit). The major change here is the ability to install
Metasploit on Windows 8 and Windows Server 2012. That meant we had to fiddle
with the installer and a few of Metasploit Pro's dependencies to get that all
working correctly, and that led to skipping last week's release so we could be
sure all the moving parts lined up correctly.
This release also fixes a few minor iss
3 min
Metasploit
Git Clone Metasploit; Don't SVN Checkout
TL;DR: Please stop using SVN with
svn co https://www.metasploit.com/svn/framework3/trunk
and start using the GitHub repo with
git clone git://github.com/rapid7/metasploit-framework
As of today, a few of you may notice that an attempt to update Metasploit
Framework over SVN (instead of git or msfupdate) results in an authentication
request. If you try to SVN checkout on Windows, using TortoiseSVN, you will see
a pop up much like this:
For command line people, if you try to 'svn co' or 'svn
1 min
Metasploit
Metasploit's 10th Anniversary: Laptop Decal Design Competition
When I wrote up the Metasploit Hits 1000 Exploits post back in December, I had
to perform a little open source forensic work to get something resembling an
accurate history of the Metasploit project -- after all, it's difficult for me
to remember a time on the Internet without Metasploit. I traced the first
mention of 1.0 back to this mailing list post
[http://marc.info/?l=pen-test&m=106548308908767&w=2] in 2003. You know what that
means, right? This year marks the 10th year of the Metasploit Fr