3 min
Metasploit
Weekly Metasploit Update: Reasonable Disclosure, PHP EXE Wrappers, and More!
ZENWorks' Accidental Backdoor
This week, we saw the release of Metasploit exploit developer Juan Vazquez's
freshly discovered vulnerability in Novell ZENWorks. You can read all about it
in Juan's great technical blog post, but the short version for the
attention-deprived is: Novell ZENWorks ships with hard-coded credentials, which
allow for SYSTEM-level file system read access.
That seems like kind of a big deal for ZENWorks users -- namely because there's
no reasonable way to change these cred
4 min
Metasploit
Weekly Metasploit Update: RopDB, Local Exploits, Better Samples, and More!
Introducing RopDB
This week, Metasploit exploit devs Wei "sinn3r" Chen
[https://github.com/wchen-r7] and Juan Vazquez [https://github.com/jvazquez-r7]
finished up Metasploit RopDB
[/2012/10/03/defeat-the-hard-and-strong-with-the-soft-and-gentle-metasploit-ropdb]
. This advancement allows for drop-in ROP chains in new exploits, without all
that mucking around with copying and pasting mysterious binary blobs from one
exploit to the next. For the details on how to use it and what to expect in the
3 min
Metasploit
Weekly Metasploit Update: Stealing Print Jobs, Exploiting Samba, and More!
This update has something for everyone -- new exploits, new auxiliary modules,
new post modules, and even new payloads. If quadfecta is a word, we totally hit
it this week!
More Mac OSX 64-Bit Payloads
The parade of OSX 64-bit payloads continues, with five new 64-bit payloads added
this week:
* modules/payloads/singles/osx/x64/say.rb
* modules/payloads/singles/osx/x64/shell_find_tag.rb
* modules/payloads/stagers/osx/x64/bind_tcp.rb
* modules/payloads/stagers/osx/x64/reverse_tcp.rb
* modul
2 min
Metasploit
Weekly Metasploit Update: HP, PHP, and More!
Stupid PHP Tricks
This week's Metasloit update is a cautionary tale about running unaudited PHP
applications as part of your infrastructure. Metasploit community contributor
Brendan Coles [https://github.com/bcoles] has discovered and written Metasploit
modules for two similar root-level vulnerabilities one for OpenFiler
[http://www.metasploit.com/modules/exploit/linux/http/openfiler_networkcard_exec]
and one for WAN Emulator
[http://www.metasploit.com/modules/exploit/linux/http/wanem_exec] (a
3 min
Networking
Weekly Metasploit Update: SAP, MSSQL, DNS, and More!
Zone Transfers for All
This week, Metasploit community contributor bonsaiviking
[https://github.com/bonsaiviking] fixed up the DNS library that Metasploit uses
so we won't choke on some types of zone transfer responses. Turns out, this is a
two-year old bug, but DNS servers that actually offer zone transfers are so rare
any more that this this bug didn't manifest enough to get squashed.
This brings me to a larger point -- with older vulnerabilities like these,
sometimes the hardest part for us
3 min
Metasploit
Weekly Metasploit Update: Trusted Path Switcheroo, Stack Cookie Bypass, and More!
Another week, another fifteen new modules for Metasploit. I continue to be
amazed by the productivity of our open source exploit developer community.
Thanks so much for your hard work and effort, folks!
New Module for Trusted Path Switcheroo
As I was going over this week's new modules, one that jumped out at me was Wei
"sinn3r" Chen's implementation of a general Trusted Path insertion attack,
Windows Service Trusted Path Privilege Escalation
[http://www.metasploit.com/modules/exploit/windows/l
4 min
Product Updates
Weekly Metasploit Update: Two Dozen New Modules
The Vegas and vacation season is behind us, so it's time to release our first
post-4.4.0 update. Here we go!
Exploit Tsunami
A few factors conspired to make this update more module-heavy than usual. We
released Metasploit 4.4 in mid-July. Historically, a dot version release of
Metasploit means that we spend a little post-release time closing out bugs,
performing some internal housekeeping that we'd been putting off, and other
boring software engineering tasks. Right after this exercise, it was
3 min
Metasploit
Weekly Metasploit Update: RATs, WPAD, and More!
Just a quick update this week for some new Metasploit modules. We're holding off
on the usual Framework and Pro enhancements as we button up the next point
release for Metasploit Pro, Express, and Community Editions. That said, we do
have a few neat new modules that I wanted to hilight, so let's take a look.
Hacking the Hackers
This week's haul includes something a little unusual -- an exploit for Poison
Ivy, a blackhat-favored Remote Administration Tool (RAT). Community contributor
Gal Badishi
2 min
Metasploit
Weekly Metasploit Update: Sniffing with Meterpreter, Egg Hunting, and More!
This week's udpate has seven new modules, a much-anticipated Meterpreter
enhancement, and more, so let's jump into it.
Egg Hunting and Stack Smashing
This week's update features a spiffy new module for HP Data Protector from Juan
Vazquez and Wei 'sinn3r' Chen. It uises an egg hunting technique to reconstruct
the exploit's payload -- and both Wei and Juan have a detailed blog posts in the
works that go into detail on the whys and wherefores of egghunter shellcode and
troubleshooting payload de
3 min
Metasploit
Weekly Metasploit Update: Encrypted Java Meterpreter, MS98-004, and New Modules!
When it rains, it pours. We released Metasploitable Version 2
[/2012/06/13/introducing-metasploitable-2] , published a technique for scanning
vulnerable F5 gear
[/2012/06/11/scanning-for-vulnerable-f5-bigips-with-metasploit] , and put out a
module to exploit MySQL's tragically comic authentication bypass problem
[/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql], all in
addition to cooking up this week's update. So, kind of a busy week around here.
You're welcome. (:
Encryp
5 min
Metasploit
Weekly Metasploit Update: Citrix Opcodes, Hash Collisions, and More!
This week's update has a nice new asymmetric DoS condition module, a bunch of
churn in Metasploit's Rails components, and some new Citrix attacks, so let's
get right into it.
Fuzzing for Citrix Opcodes
This week's update includes three new exploits for Citrix Provisioning Services,
the solution by Citrix "to stream a single desktop image to create multiple
virtual desktops on one or more servers in a data center" (vendor quote
[https://docs.citrix.com/en-us/categories/legacy-archive]). These mo
2 min
Metasploit
Weekly Metasploit Update: Dev Docs and More!
This week in the U.S. is the unofficial start of summer, so that probably
explains why it's been a bit of a slow week in the Metasploit community,
hacking-wise. We have a few new modules
[http://www.rapid7.com/downloads/metasploit.jsp] for this week's update, but in
addition to those, I'd like to mention a few new resources we've put together
for the Metasploit development community.
Docs and Videos
Over the last few weeks, we've been working up some more comprehensive
documentation on how to g
2 min
Product Updates
Weekly Metasploit Update: Post Modules!
This week, let's talk about post-modules, since we have two new fun ones to
discuss.
Windows PowerShell
Windows PowerShell is a scripting language and shell for Windows platforms, used
primarily by system administrators. While untrusted scripts are not allowed to
run by default, many users will be tempted to set their execution environments
to be pretty permissive. This, in turn, can provide a rich (and almost
completely overlooked) post-exploitation playground.
To that end, this update featur
2 min
Metasploit
Weekly Metasploit Update: CCTV, SCADA, and More!
This week's update highlights Metasploit modules for embedded operating systems
(as opposed to the usual client or server targets), so let's hop to it.
Security Camera Hackers
On Tuesday, guest blogger Justin Cacak of Gotham Digital Science talked about
his module, cctv_dvr_login
[http://metasploit.com/modules/auxiliary/scanner/misc/cctv_dvr_login]. The
latest update [http://www.rapid7.com/downloads/metasploit.jsp] for Metasploit
has it now, so if you happen to run into some of these devices
2 min
Metasploit
Weekly Metasploit Update: Armitage, Psnuffle, and More!
This week's update features a great big pile of Java source code, a makeover for
a perennial favorite feature, and a handful of new exploits. Read on, or just
skip all the yadda yadda and download Metasploit
[http://www.rapid7.com/downloads/metasploit.jsp] here.
Armitage Source
This week's biggest change in terms of LOC (lines of code) is the inclusion of
the Armitage source code, in external/source/armitage. For a while now, we've
been distributing Raphael Mudge's Armitage front-end for the Me