Posts by Wei Chen

1 min Metasploit

Metasploit Wrap-Up 11/1/19

This week's Metasploit wrap-up ships a new exploit module against Nostromo, a directory traversal vulnerability that allows system commands to be executed remotely. Also, improvements have been made for the grub_creds module for better post exploitation experience against Unix-like machines. Plus a few bugs that have been addressed, including the -s option for NOPs generation, the meterpreter prompt, and reverse_tcp hanging due to newer Ruby versions. New modules (1) * Nostromo Directory Trave

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 8/2/19

A new feature, better `set payload` options, and new modules. Plus, open-source office hours in Vegas during hacker summer camp.

18 min Windows

Heap Overflow Exploitation on Windows 10 Explained

Heap corruption can be a scary topic. In this post, we go through a basic example of a heap overflow on Windows 10.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 4/26/19

Faster tab completion for `set PAYLOAD` and faster output for `show payloads`. Plus, four new exploits, including unauthenticated template injection for Atlassian Confluence and Ruby on Rails DoubleTap directory traversal.

2 min Metasploit

Metasploit Wrapup 1/25/19

Hi everyone! For those in the US, hope you all had a great MLK weekend. We have a pretty light release due to the holiday, but we still have some cool stuff in the house. Check it out!

1 min Metasploit Weekly Wrapup

Metasploit Wrapup: 10/19/18

A brand new Solaris module, improved Struts module, and the latest improvements.

3 min Metasploit Weekly Wrapup

Metasploit Wrapup 8/3/18

Meterpreter on Axis Everyone loves shells, but Meterpreter sessions are always better. Thanks to William Vu, the axis_srv_parhand_rce [https://github.com/rapid7/metasploit-framework/pull/10409] module is now capable of giving you a Meterpreter session instead of a regular shell with netcat. DLL Injection for POP/MOV SS Another awesome improvement is Brendan Watters' work on the POP/MOV SS exploit [https://github.com/rapid7/metasploit-framework/pull/10387] against Windows (CVE-2018-8897), also k

7 min Metasploit

Hiding Metasploit Shellcode to Evade Windows Defender

Being on the offensive side in the security field, I personally have a lot of respect for the researchers and engineers in the antivirus industry, and the companies dedicated to investing so much in them. If malware development is a cat-and-mouse game, then I would say that the industry creates some of the most terrifying hunters. Penetration testers and red teamers suffer the most from this while using Metasploit [https://www.rapid7.com/products/metasploit/], which forced me to look into how to

6 min Metasploit

Testing SMB Security with Metasploit Pro Task Chains: Part 2

This is part two of our blog series on testing SMB security with Metasploit Pro. In the previous post, we explained how to use Metasploit Pro’s Task Chains feature to audit SMB passwords automatically. Read it here [/2017/10/31/testing-smb-server-security-with-metasploit-pro-task-chains-part-1/] if you haven’t already. In today’s blog post, we will talk about how to use a custom resource script in a Task Chain to automatically find some publicly-known high-profile vulnerabilities in SMB. Publi

6 min Metasploit

Testing SMB Server Security with Metasploit Pro Task Chains: Part 1

A step-by-step guide to testing SMB server security using Metasploit Pro Task Chains.

4 min Microsoft

Attacking Microsoft Office - OpenOffice with Metasploit Macro Exploits

It is fair to say that Microsoft Office and OpenOffice are some of the most popular applications in the world. We use them for writing papers, making slides for presentations, analyzing sales or financial data, and more. This software is so important to businesses that, even in developing countries, workers that are proficient in an Office suite can make a decent living based on this skill alone. Unfortunately, high popularity for software also means more high-value targets in the eyes of an

4 min Metasploit

Metasploitable3: An Intentionally Vulnerable Machine for Exploit Testing

Test Your Might With The Shiny New Metasploitable3 Today I am excited to announce the debut of our shiny new toy - Metasploitable3 [https://github.com/rapid7/metasploitable3]. Metasploitable3 is a free virtual machine that allows you to simulate attacks largely using Metasploit [https://www.rapid7.com/products/metasploit/?CS=blog]. It has been used by people in the security industry for a variety of reasons: such as training for network exploitation, exploit development, software testing, techn

4 min Metasploit

New Metasploit Tools to Collect Microsoft Patches

Patch testing and analysis are important parts in vulnerability research and exploit development. One popular reason is people would try this technique to rediscover patched bugs, or find ways to keep an 0day alive in case the fix in place is inadequate. The same process is also used to find the range of builds affected by a vulnerability, which tends to be useful to predict the value of the exploit, improving target coverage and reliability. Going through Microsoft patches is no easy task, tho

6 min

The New Metasploit Browser Autopwn: Strikes Faster and Smarter - Part 2

Hello again, Welcome back! So yesterday we did an introduction about the brand new Browser Autopwn 2, if you have not read that, make sure to check it out [https://www.rapid7.com/blog/post/2015/07/15/the-new-metasploit-browser-autopwn-strikes-faster-and-smarter-part-1/] . And today, let's talk about how to use it, what you can do with it for better vulnerability validation and penetration testing. As we explained in the previous blog post, Browser Autopwn 2 is a complete redesign from the firs

4 min

The New Metasploit Browser Autopwn: Strikes Faster and Smarter - Part 1

Hi everyone, Today, I'd like to debut a completely rewritten new cool toy for Metasploit: Browser Autopwn 2. Browser Autopwn is the easiest and quickest way to explicitly test browser vulnerabilities without having the user to painfully learn everything there is about each exploit and the remote target before deployment. In this blog post, I will provide an introduction on the tool. And then in my next one, I will explain how you can take advantage of it to maximize your vuln validation or pen