3 min
Metasploit
Weekly Metasploit Update: Back to Work!
Hey, it's the first post-Metasploit 4.3.0 update, which means that I'm back in
the blogging business. Huzzah!
We've all been heads-down for a while getting this bad boy
[http://www.metasploit.com/download/] out the door, so while there's not a ton
of new functionality to talk about this week, we do have some neat new modules,
and one API change for module developers.
Wake On LAN
"The most secure computer is the one that's not turned on," is an old computer
security adage, speaking to the compl
4 min
Metasploit
Weekly Metasploit Update: SCADA, Lab Gem, and Squid Pivoting
This week's update [http://www.metasploit.com/download/] is packed full of
awesome, and I don't use that term lightly.
SCADA Attacks, DigtialBond, and Metasploit
This week sees the addition of six new SCADA modules, targeting a variety of PLC
devices, including two new modules aimed at the Schneider Quantum programmable
logic controller (PLC). In order to give penetration testers the ability to
accurately assess SCADA infrastructure, Tod Beardsley (from Rapid7) and K. Reid
Wightman (from Digit
3 min
Metasploit
Weekly Metasploit Update: DNS Payloads, Exploit-DB, and More
This week we've got a nifty new shellcode delivery scheme, we've normalized on
Exploit-DB serial numbers, and a pile of new modules, so if you don't have
Metasploit yet, you can snag it here [http://www.metasploit.com/download/].
DNS Payloads in TXT Records
To quote RFC 1464 [http://tools.ietf.org/html/rfc1464] describing DNS TXT
records, "it would be useful to take advantage of the widespread use and
scalability of the DNS to store information that has not been previously
defined." I don't kno
3 min
Metasploit
Weekly Metasploit Update: Spiceworks, AFP, RDP, and a New HTTP Downloader
After a couple of relatively light weeks (blame SXSW, I guess), this week's
update has quite a few neat new additions. As always, if you don't already have
Metasploit, what are you waiting for
[https://www.rapid7.com/products/metasploit/download/]? For the rest of us,
here's what's new.
Importapalooza
This week's update has support for importing asset lists exported from
Spiceworks, courtesy of Rapid7's Brandon Perry. Spiceworks is a free asset
management application used by tons of IT pros and
3 min
Metasploit
Weekly Metasploit Update: Session Smarts and GitHub
It's another Metasploit update, and it's headed straight for us!
Session Smarts
This week, Metasploit session management got a whole lot smarter. Here's the
scenario: As a penetration tester, you rook a bunch of people into clicking on
your browser-embedded Flash exploit [/2012/03/08/cve-2012-0754], sit back, and
watch the sessions rolling in. However, they're all behind a single NAT point,
so all your sessions appear to be terminating at a single IP address, and you
quickly lose track of who's
2 min
Metasploit
Weekly Metasploit Update: Wmap, Console Search, and More!
In addition to the nuclear-powered exploit, we've got a new slew of updates,
fixes and modules this week for Metasploit, so let's jump right into the
highlights for this update.
Updated WMAP Plugin
Longtime community contributor Efrain Torres provided a much-anticipated update
to the Wmap plugin. Wmap automates up a bunch of web-based Metasploit modules
via the Metasploit console, from HTTP version scanning to file path bruteforcing
to blind SQL injection testing. If you're not already familiar
2 min
Metasploit
Weekly Metasploit Update: POSIX Meterpreter and New Exploits
This is a pretty modest update, since it's the first after our successful 4.2
release [https://www.rapid7.com/products/metasploit/download/] last week. Now
that 4.2 is out the door, we've been picking up on core framework development,
and of course, have a few new modules shipping out.
Meterpreter Updates
James "egyp7" Lee and community contributor mm__ have been banging on the POSIX
side of Meterpreter development this week, and have a couple of significant
enhancements to Linux Meterpreter. T
2 min
Metasploit
Metasploit 4.2 Released: IPv6, VMware, and Tons of Modules!
Since our last release in October, we've added 54 new exploits, 66 new auxiliary
modules, 43 new post-exploitation modules, and 18 new payloads -- that clocks in
at just about 1.5 new modules per day since version 4.1. Clearly, this kind of
volume is way too much to detail in a single update blog post.
IPv6 Coverage
Metasploit 4.2 now ships with thirteen brand new payloads, all added to support
opening command sessions and shells on IPv6 networks. In addition, Metasploit's
existing arsenal of p
2 min
Metasploit
Weekly Metasploit Update: All Your Auth Are Belong To Us
This week, with RSA 2012 fast approaching and the final touches on Metasploit
version 4.2 getting nailed down, we've been in a code freeze for core Metasploit
functionality. However, that doesn't apply to the parade of modules, so here's
what's in store for the next -- and quite likely last -- update for Metasploit
4.1 [http://www.metasploit.com/download/].
Authentication Credential Gathering and Testing
Jon Hart (of Nexpose [http://www.rapid7.com/vulnerability-scanner.jsp] fame) has
been on fi
2 min
Metasploit
Weekly Metasploit Update: New Payloads, New Modules, and PCAnywhere, Anywhere
PCAnywhere, Anywhere
The big news this week centered around Symantec's pcAnywhere. For starters,
there's a new ZDI advisory
[http://www.zerodayinitiative.com/advisories/ZDI-12-018/] for a buffer overflow
in the username field. More notably, though, was the advice in a Symantec white
paper which advises customers to "disable or remove Access Server and use remote
sessions via secure VPN tunnels." So, while the Metasploit elves bang away at a
proper buffer overflow module, HD Moore busted out a pa
2 min
Metasploit
Weekly Metasploit Update: Subverting NATs, 64-bit LoadLibrary Support, and More!
NAT-PMP'ing is now easy
This week, we have three new modules and an accompanying Rex protocol parser for
the NAT Port-Mapping Protocol (NAT-PMP
[https://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol]), the ad-hoc router
management protocol favored by Apple. Over the weekend, Rapid7 Lead Security
Engineer and confessed protocol nerd Jon Hart forgot the password to a
little-used Airport base station, so rather than merely resetting the device, he
instead busted out a trio of Metasploit modules t
4 min
Metasploit
Metasploit Updated: Forensics, SCADA, SSH Public Keys, and More
Been a busy week here at Metasploit, so let's get to it.
Forensics-Centric Updates
New this week is Brandon Perry's offline Windows registry enhancements.
Featuring a pile of extensions to Rex (Metasploit's general purpose parsing
library) and the tools/reg.rb utility, this update builds on TheLightCosine's
ShadowCopy library and makes life a lot easier for the forensics investigator
looking to parse through Windows registry hives. Brandon goes into the technical
details over here
[https://com
2 min
Metasploit
Metasploit Framework Updated: Railgun, AIX, and More
Time for another Metasploit Update - this week we've got some new goodies for
Meterpreter's Railgun, SSH, AIX, and a few new exploit modules. Enjoy!
Railgun Updates
Metasploit open source contributors Chao-Mu and kernelsmith have been busy over
the last month or so, cranking out a pile of commits to Railgun in order to
facilitate Windows API error message handling. For you non-post module
developers, Railgun is a super-handy Meterpreter extension that "turns Ruby into
a weapon," and you can get
2 min
Metasploit
Metasploit Updated: Year in Review
Turns out, the week between Christmas and New Years was pretty slow, at least as
far as Metasploit Framework development was concerned. This release has a few
small spot fixes on Framework, and a handful of new modules.
ShadowCopy
The most significant addition to the framework was TheLightCosine's work on the
appropriately scary-sounding ShadowCopy library. Based on the research published
by Tim Tomes and Mark Baggett [https://www.scmagazine.com/security-weekly], the
modules implementing this l
2 min
Exploits
Metasploit Updated: Telnet Exploits, MSF Lab, and More
It's Wednesday, and while many of you are enjoying the week off between
Christmas and New Years, we've been cranking out another Metasploit Update.
Telnet Encrypt Option Scanner and Exploits
I won't rehash this subject too much since HD already covered these modules in
depth here
[https://community.rapid7.com/community/solutions/metasploit/blog/2011/12/27/bsd-telnet-daemon-encrypt-key-id-overflow]
and here
[https://community.rapid7.com/community/solutions/metasploit/blog/2011/12/28/more-fun-wi