2 min
What would Trinity do with Kingcope's SSH 0day?
Citizens of the Matrix,
Today, I'd like to inform you that there is a Tectia SSH 0day vulnerability
discovered by security researcher "Kingcope [http://twitter.com/kingcope]"... or
really, we suspect his real name is Mr. Thomas Anderson
[http://en.wikipedia.org/wiki/Neo_(The_Matrix)]. The vulnerability itself
allows any remote user to bypass login if a USERAUTH CHANGE REQUEST is sent
before password authentication, and then gain access as root. Please note as of
now, there is no official patc
4 min
Defeat the Hard and Strong with the Soft and Gentle Metasploit RopDB
Data Execution Prevention [http://support.microsoft.com/kb/875352] (DEP) has
always been a hot topic in modern software exploitation. This is a security
feature implemented in most popular operating systems, designed to prevent a
program from executing in a non-executable memory location. So when a malicious
code tries to inject payload in memory, it should fail during execution, and
then simply crashes. But here's the thing, although DEP plays an important role
to your computer's countermeas
7 min
Adobe Flash Player Exploit CVE-2012-1535 Now Available for Metasploit
Edit: Aug 26 2012.
Recently, a new Adobe Flash vulnerability (CVE-2012-1535
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1535]) was being
exploited in the wild as a zero-day in limited targeted attacks, in the form of
a Word document. The Metasploit team managed to get our hands on the malware
sample, and began our voodoo ritual in order to make this exploit available in
the Metasploit Framework. Although Adobe officially has already released a
patch (APSB12-18
[http://www.adobe.co
3 min
Metasploit
New Critical Microsoft IE Zero-Day Exploits in Metasploit
We've been noticing a lot of exploit activities against Microsoft
vulnerabilities lately. We decided to look into some of these attacks, and
released two modules for CVE-2012-1889
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1889] and CVE-2012-1875
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1875] within a week of
the vulnerabilities' publication for our users to test their systems. Please
note that both are very important to any organization using Windows, because one
of
1 min
CVE-2012-0507 - Java Strikes Again
Recently, Microsoft published a blog post regarding a Java exploit that's being
used in the wild. The vulnerability is more of a logical flaw that results in
unsafe operations, which allows any attacker to run arbitrary code under the
context of the user. You may see the blog here:
http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sa
ndbox-breach-cve-2012-0507.aspx
About two days ago, Metasploit obtained a partial sample of that malware thanks
to an anonymous cont
3 min
URI Parsing: It's harder than you think... or is it?
I have to admit, parsing a URI is tricky. Most Metasploit modules try to do it
with some kind of crazy custom regex-fu, but unfortunately most of them are kind
of buggy. Because of this, I've committed a new patch to HttpClient -- a
target_uri function that can automatically parse the URI for you. It's only a
4-line change, but should change the way we code HTTP-related modules.
Before I demonstrate how you can take advantage of target_uri, I should briefly
explain why you should avoid doing
2 min
Exploits
Metasploit Bounty: Code, Sweat, and Tears
After more than 30 days of hardcore and intense exploit hunting, the Metasploit
Bounty program has finally come to an end. First off, we'd like to say that even
though the Metasploit Framework has made exploit development much easier, the
process is not always an easy task. We're absolutely amazed how hard our
participants tried to make magic happen.
Often, the challenge begins with finding the vulnerable software. If you're
lucky, you can find what you need from 3rd-party websites that mirror