2 min
Metasploit Now Supports Plan 9, the Evolution of Unix
Unix, Evolved
Today, we are delighted to announce the next phase of Metaploit's
[https://www.metasploit.com/download/] expanded support for more diverse host
operating systems. On the heels of our integration work with Kali Linux, we've
been heads-down on putting the finishing touches on our support for the future
of Unix, Plan 9 from Bell Labs.
This renewed commitment to Plan 9 will come as a welcome relief for those of you
who have, until now, been stuck on hobby operating systems such as L
2 min
Weekly Update: Introducing Metasploit 4.5.3
Version bump to Metasploit 4.5.3
This week, we've incremented the Metasploit version number by one trivial point
to 4.5.3 -- this was mainly done to ensure that new users get the fixes for the
four
[https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8]
most
[https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI]
recent
[https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI]
vulnerabilities
[https
3 min
Metasploit
Weekly Update: Splitting DNS Modules and a D-Link Auth Bypass
DNS Module Split up
This week, we appear to have a whole bunch of new DNS-based enumeration and
information gathering modules. In fact, this was actually more of a housekeeping
chore, largely by longtime Metasploit contributor Carlos @darkoperator Perez.
Darkoperator wrote most of the original enum_dns module as well.
enum_dns became a bit of a junk drawer of DNS functionality -- it did a whole
bunch of everything for DNS. So, instead of just tacking on more and more over
time, it's been split
2 min
Metasploit
Weekly Update: Corelan, MSFTidy, and UNC Path Injection
28 Hours Later
This week, much of the Metasploit Framework and Metasploit Pro teams here at
Rapid7 had the opportunity to get some intense, in-person training on exploit
development from long-time Metapsloit contributor, Peter corelanc0d3r
[https://twitter.com/corelanc0d3r] Van Eeckhoutte and local Corelan Teammates
@_sinn3r [https://twitter.com/_sinn3r] and TheLightCosine
[https://twitter.com/thelightcosine]. I'm the first to admit that my memory
corruption skills are pretty light (I hang arou
2 min
Weekly Update: Metasploit 4.5.1, MSFUpdate, and More Wordpress Hijinks
MSFUpdate
This week, we've addressed the changes introduced by Metasploit 4.5 on the
command line updater, msfupdate. You can read about it over here
[/2013/01/17/metasploit-updates-and-msfupdate], but the gist of it is, if you
want to continue using msfupdate, you will want to take a few tens of seconds to
activate your Metasploit installation, or get yourself moved over to a fully
functional git clone of the Metasploit Framework. And speaking of updates...
Update to 4.5.1
Lately, Metasploit u
5 min
Product Updates
Update to the Metasploit Updates and msfupdate
The Short Story
In order to use the binary installer's msfupdate, you need to first register
your Metasploit installation. In nearly all cases, this means visiting
https://localhost:3790 [https://localhost:3790/] and filling out the form. No
money, no dense acceptable use policy, just register and go. Want more detail
and alternatives? Read on.
Background
A little over a year ago, Metasploit primary development switched to Git as a
source control platform and GitHub as our primary source hos
2 min
Metasploit
Weekly Metasploit Update: Rails Scanning, ZDI, and Exploit Dev
Rails Injection Bug
The big news this week turned out to be the new Rails injection bug, aka,
CVE-2013-0156, which you can read about in detail over on HD Moore's blog post.
Soon after the vulnerability was disclosed, @hdmoore
[https://twitter.com/hdmoore] had a functional auxiliary scanner module
[http://www.metasploit.com/modules/auxiliary/scanner/http/rails_xml_yaml_scanner]
put together, so as of this moment, you're encouraged to scan the heck out of
your environment, repeatedly, for vulner
2 min
Metasploit
Weekly Metasploit Update: CrystalReports and Testing Discipline
Dissecting CrystalPrintControl
This week's update is, by all accounts, pretty light. This may be the first
update we've shipped that has exactly one new module. To make up for the lack
of quantity, though, we've got some quality for you, oh boy.
If it's snowy and blustery where you live, grab yourself a cup of hot cocoa,
gather the kids, and watch their little eyes twinkle in the firelight as you
regale them with the classic fable of how Metasploit Exploitation Elf Juan
@_juan_vazquez [https:
3 min
Metasploit
Weekly Metasploit Update: Exploit Dev How-to and InfoSec Targets
Metasploit 4.5 has been out for a few days, so it's high time for an update.
Let's hop to it!
1000th Exploit: Freefloat FTP WMI
I often hear the question, "How do I get started on writing exploits?" Well, I'd
like to point you to Metasploit's 1000th exploit (future Hacker Jeopardy
contestants, take note): On December 7, 2012, Wei "sinn3r" Chen and Juan Vazquez
committed FreeFloat FTP Server Arbitrary File Upload
[http://www.metasploit.com/modules/exploit/windows/ftp/freefloatftp_wbem]. Now,
as
2 min
Metasploit Hits 1000 Exploits
Along with today's 4.5 release
[/2012/12/07/go-phishing-how-to-manage-phishing-exposure-with-metasploit],
Metasploit hit a thousand exploits.
So, what does that mean? Well, let's take a look, historically.
When Metasploit 1.0 was released on October 6, 2003, it boasted all of 11
exploits, according to this mailing list post
[http://marc.info/?l=pen-test&m=106548308908767&w=2]. Now, this is 9 years ago,
so an announcement on a mailing list of more than one exploit was pretty novel,
and "a ton
2 min
Metasploit
Weekly Metasploit Update: OpenVAS, SAP, NetIQ, and More!
Now that I've consumed a significant percentage of my own weight in turkey
(seriously, it was something like five percent), it's time to shake off the
tryptophan and get this week's update out the door.
Attacking Security Infrastructure: OpenVAS
This week's update features three new module for bruteforcing three different
OpenVAS authentication mechanisms, all provided by community contributor Vlatko
@k0st [https://twitter.com/k0st] Kosturjak. OpenVAS is an open source security
management stac
2 min
Metasploit
Weekly Metasploit Update: Web Libs, SAP, ZDI, and More!
Fresh Web Libs
As we head into the holiday season here in the U.S., Metasploit core developers
Tasos @Zap0tek [https://twitter.com/Zap0tek] Laskos and James @Egyp7
[https://twitter.com/egyp7] Lee finished up a refresh of the Metasploit fork of
the Anemone libraries, which is what we use for basic web spidering. You can
read up on it here [http://anemone.rubyforge.org/]. The Metasploit fork isn't
too far off of Chris Kite's mainline distribution, but does account for
Metasploit's Rex sockets, ad
4 min
Metasploit
Weekly Metasploit Update: WinRM x2, ADDP, RealPort, CI and BDD
WinRM, Part Two
In the last Metasploit update blog post, we talked about the work from
Metasploit core contributors @TheLightCosine [http://twitter.com/thelightcosine]
, @mubix [http://twitter.com/mubix] and @_sinn3r [http://twitter.com/_sinn3r] on
leveraging WinRM / WinRS. As of this update, Metasploit users can now execute
WQL queries
[http://www.metasploit.com/modules/auxiliary/scanner/winrm/winrm_wql], execute
commands [http://www.metasploit.com/modules/auxiliary/scanner/winrm/winrm_cmd],
an
3 min
Metasploit
Weekly Metasploit Update: WinRM Part One, Exploiting Metasploit, and More!
WinRM Exploit Library
For the last couple weeks, Metasploit core contributor David @TheLightCosine
[http://twitter.com/thelightcosine] Maloney has been diving into Microsoft's
WinRM services with @mubix [http://twitter.com/mubix] and @_sinn3r
[http://twitter.com/_sinn3r]. Until these guys started talking about it, I'd
never heard WinRM. If you're also not in the Windows support world day-to-day,
you can read up on it at Microsoft
[http://msdn.microsoft.com/en-us/library/windows/desktop/aa384426(
2 min
Metasploit
Weekly Metasploit Update: Microsoft Windows and SQL, TurboFTP, and More!
AppSecUSA 2012
Last week was AppSecUSA 2012 here in Austin, which may explain the curious
absence of a weekly Metasploit Update blog post. The hilights of Appsec for me,
were (in no particular order): Meeting Raphael @ArmitageHacker
[https://twitter.com/armitagehacker] Mudge in person for the first time, meeting
Scott @_nullbind [https://twitter.com/_nullbind]Sutherland, author of a bunch of
recent Microsoft SQL post modules, and both of whom happened to contribute to
last week's Metasploit upda