1 min
Metasploit
Metasploit Wrap-Up 11/1/19
This week's Metasploit wrap-up ships a new exploit module against Nostromo, a
directory traversal vulnerability that allows system commands to be executed
remotely. Also, improvements have been made for the grub_creds module for better
post exploitation experience against Unix-like machines. Plus a few bugs that
have been addressed, including the -s option for NOPs generation, the
meterpreter prompt, and reverse_tcp hanging due to newer Ruby versions.
New modules (1)
* Nostromo Directory Trave
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/2/19
A new feature, better `set payload` options, and new modules. Plus, open-source office hours in Vegas during hacker summer camp.
18 min
Windows
Heap Overflow Exploitation on Windows 10 Explained
Heap corruption can be a scary topic. In this post, we go through a basic example of a heap overflow on Windows 10.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 4/26/19
Faster tab completion for `set PAYLOAD` and faster output for `show payloads`. Plus, four new exploits, including unauthenticated template injection for Atlassian Confluence and Ruby on Rails DoubleTap directory traversal.
2 min
Metasploit
Metasploit Wrapup 1/25/19
Hi everyone! For those in the US, hope you all had a great MLK weekend. We have a pretty light release due to the holiday, but we still have some cool stuff in the house. Check it out!
1 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 10/19/18
A brand new Solaris module, improved Struts module, and the latest improvements.
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup 8/3/18
Meterpreter on Axis
Everyone loves shells, but Meterpreter sessions are always better. Thanks to
William Vu, the axis_srv_parhand_rce
[https://github.com/rapid7/metasploit-framework/pull/10409] module is now
capable of giving you a Meterpreter session instead of a regular shell with
netcat.
DLL Injection for POP/MOV SS
Another awesome improvement is Brendan Watters' work on the POP/MOV SS exploit
[https://github.com/rapid7/metasploit-framework/pull/10387] against Windows
(CVE-2018-8897), also k
7 min
Metasploit
Hiding Metasploit Shellcode to Evade Windows Defender
Being on the offensive side in the security field, I personally have a lot of
respect for the researchers and engineers in the antivirus industry, and the
companies dedicated to investing so much in them. If malware development is a
cat-and-mouse game, then I would say that the industry creates some of the most
terrifying hunters. Penetration testers and red teamers suffer the most from
this while using Metasploit [https://www.rapid7.com/products/metasploit/], which
forced me to look into how to
6 min
Metasploit
Testing SMB Security with Metasploit Pro Task Chains: Part 2
This is part two of our blog series on testing SMB security with Metasploit Pro.
In the previous post, we explained how to use Metasploit Pro’s Task Chains
feature to audit SMB passwords automatically. Read it here
[/2017/10/31/testing-smb-server-security-with-metasploit-pro-task-chains-part-1/]
if you haven’t already.
In today’s blog post, we will talk about how to use a custom resource script in
a Task Chain to automatically find some publicly-known high-profile
vulnerabilities in SMB. Publi
6 min
Metasploit
Testing SMB Server Security with Metasploit Pro Task Chains: Part 1
A step-by-step guide to testing SMB server security using Metasploit Pro Task Chains.
4 min
Microsoft
Attacking Microsoft Office - OpenOffice with Metasploit Macro Exploits
It is fair to say that Microsoft Office and OpenOffice are some of the most
popular applications in the world. We use them for writing papers, making slides
for presentations, analyzing sales or financial data, and more. This software is
so important to businesses that, even in developing countries, workers that are
proficient in an Office suite can make a decent living based on this skill
alone.
Unfortunately, high popularity for software also means more high-value targets
in the eyes of an
4 min
Metasploit
Metasploitable3: An Intentionally Vulnerable Machine for Exploit Testing
Test Your Might With The Shiny New Metasploitable3
Today I am excited to announce the debut of our shiny new toy - Metasploitable3
[https://github.com/rapid7/metasploitable3].
Metasploitable3 is a free virtual machine that allows you to simulate attacks
largely using Metasploit [https://www.rapid7.com/products/metasploit/?CS=blog].
It has been used by people in the security industry for a variety of reasons:
such as training for network exploitation, exploit development, software
testing, techn
4 min
Metasploit
New Metasploit Tools to Collect Microsoft Patches
Patch testing and analysis are important parts in vulnerability research and
exploit development. One popular reason is people would try this technique to
rediscover patched bugs, or find ways to keep an 0day alive in case the fix in
place is inadequate. The same process is also used to find the range of builds
affected by a vulnerability, which tends to be useful to predict the value of
the exploit, improving target coverage and reliability.
Going through Microsoft patches is no easy task, tho
6 min
The New Metasploit Browser Autopwn: Strikes Faster and Smarter - Part 2
Hello again,
Welcome back! So yesterday we did an introduction about the brand new Browser
Autopwn 2, if you have not read that, make sure to check it out
[https://www.rapid7.com/blog/post/2015/07/15/the-new-metasploit-browser-autopwn-strikes-faster-and-smarter-part-1/]
. And today, let's talk about how to use it, what you can do with it for better
vulnerability validation and penetration testing.
As we explained in the previous blog post, Browser Autopwn 2 is a complete
redesign from the firs
4 min
The New Metasploit Browser Autopwn: Strikes Faster and Smarter - Part 1
Hi everyone,
Today, I'd like to debut a completely rewritten new cool toy for Metasploit:
Browser Autopwn 2. Browser Autopwn is the easiest and quickest way to explicitly
test browser vulnerabilities without having the user to painfully learn
everything there is about each exploit and the remote target before deployment.
In this blog post, I will provide an introduction on the tool. And then in my
next one, I will explain how you can take advantage of it to maximize your vuln
validation or pen