3 min
Metasploit
Weekly Update: Splitting DNS Modules and a D-Link Auth Bypass
DNS Module Split up
This week, we appear to have a whole bunch of new DNS-based enumeration and
information gathering modules. In fact, this was actually more of a housekeeping
chore, largely by longtime Metasploit contributor Carlos @darkoperator Perez.
Darkoperator wrote most of the original enum_dns module as well.
enum_dns became a bit of a junk drawer of DNS functionality -- it did a whole
bunch of everything for DNS. So, instead of just tacking on more and more over
time, it's been split
1 min
IT Ops
Per-log retention period
Typically, you would like to keep logs from development environment (with all
debugging messages enabled) for only a limited amount of time, while production
logs far longer. Up to now you had to set the retention period for the whole
account, keeping development logs longer than needed. We are happy to announce
per-log retention configuration! It gives you the option to fine-tune your
retention policy in a more fine-grained manner than with a default per-account
setting. To set a new log retent
1 min
Vulnerability Correlation -- Enabled by Default
Vulnerability correlation is a feature of Nexpose where a vulnerable result from
one vulnerability can be overridden by an invulnerable result from another. As
an example of how this works and why it is a useful option to have enabled, take
CVE-2011-3192 , a
fun DoS vulnerability that affected Apache HTTPD back in 2011. Nexpose has one
unauthenticated vulnerability check (lets call it V1) that will run against all
discovered Apac
2 min
Metasploit
Weekly Update: Corelan, MSFTidy, and UNC Path Injection
28 Hours Later
This week, much of the Metasploit Framework and Metasploit Pro teams here at
Rapid7 had the opportunity to get some intense, in-person training on exploit
development from long-time Metapsloit contributor, Peter corelanc0d3r
Van Eeckhoutte and local Corelan Teammates
@_sinn3r and TheLightCosine
. I'm the first to admit that my memory
corruption skills are pretty light (I hang arou
3 min
Metasploit
How to Verify that the Payload Can Connect Back to Metasploit on a NATed Network
If you are running an external penetration test and are working from a NATed
network behind a wireless router, for example from home, you will need to adjust
your router's port forwarding settings so the payload can connect back to
Metasploit. The best option would be to eliminate the router and connect
directly to the Internet, but that would make me unpopular with the other folks
sharing the Internet connection, so it wasn't an option in my case. Setting up
the port forwarding is not too diffi
3 min
Patch Tuesday - February 2013 Edition!
It's another busy month of patching for Microsoft administrators with a number
of high priority fixes getting out. On the plus side, none of the issues
patched this month are known to be actively being exploited "in the wild".
The highest risk vulnerabilities, and thus the most important to patch are
MS13-009, MS13-010, MS13-011, & MS13-020.
MS13-009 is a cumulative patch addressing 12 CVEs for Internet Explorer.
MS13-010 was indicated as an Internet Explorer patch in the advance
notificati
6 min
Getting Started with the Nexpose Virtual Appliance
Rapid7 now offers a Virtual Appliance to get started quickly with Nexpose. You
can get started with the Nexpose Enterprise Virtual Appliance
or the
Nexpose Community Virtual Appliance
. If you
are an existing customer please contact Support for more
information.
The Nexpose Virtual Appliance is pre-configured with the following h
3 min
Metasploit
Security Flaws in Universal Plug and Play: Unplug, Don't Play
This morning we released a whitepaper entitled Security Flaws in Universal Plug
and Play
. This paper is the result of a research project spanning the second half of
2012 that measured the global exposure of UPnP-enabled network devices. The
results were shocking to the say the least. Over 80 million unique IPs were
identified that responded to UPnP discovery requests from the internet.
Somewhere between 40 an
3 min
Exploits
Ray Sharp CCTV DVR Password Retrieval & Remote Root
On January 22, 2013, a researcher going by the name someLuser detailed a number
of security flaws in the Ray Sharp DVR platform. These DVRs are often used for
closed-circuit TV (CCTV) systems and security cameras. In addition to Ray Sharp,
the exposures seem to affect rebranded DVR products by Swann, Lorex, URMET,
KGuard, Defender, DEAPA/DSP Cop, SVAT, Zmodo, BCS, Bolide, EyeForce, Atlantis,
Protectron, Greatek, Soyo, Hi-View, Cosmos, and J2000. The vulnerabilities allow
for unauthenticated acce
2 min
New VMware ESX/ESXi coverage is elegant in its simplicity
The Nexpose coverage team is dedicated to providing weekly updates to the
Nexpose vulnerability database so that you can have the assurance that your
assets are protected against the latest security vulnerabilities. For this
week's release, the coverage team is proud to present a complete overhaul for
our VMware ESX/ESXi content.
Why? You may ask
In our old coverage model, we connected to the ESX or ESXi server via an
authenticated SSH session to retrieve a list of installed patches on the serv
3 min
Metasploit
The Forgotten Spying Feature: Metasploit's Mic Recording Command
About two years ago, Metasploit implemented
the microphone recording feature to stdapi thanks to Matthew Weeks
. And then almost a year ago, we actually
lost that command
due to a typo. We, and apparently everyone else, never noticed that until I was
looking at th
2 min
Weekly Update: Metasploit 4.5.1, MSFUpdate, and More Wordpress Hijinks
MSFUpdate
This week, we've addressed the changes introduced by Metasploit 4.5 on the
command line updater, msfupdate. You can read about it over here
, but the gist of it is, if you
want to continue using msfupdate, you will want to take a few tens of seconds to
activate your Metasploit installation, or get yourself moved over to a fully
functional git clone of the Metasploit Framework. And speaking of updates...
Update to 4.5.1
Lately, Metasploit u
5 min
Product Updates
Update to the Metasploit Updates and msfupdate
The Short Story
In order to use the binary installer's msfupdate, you need to first register
your Metasploit installation. In nearly all cases, this means visiting
https://localhost:3790 and filling out the form. No
money, no dense acceptable use policy, just register and go. Want more detail
and alternatives? Read on.
Background
A little over a year ago, Metasploit primary development switched to Git as a
source control platform and GitHub as our primary source hos
1 min
Metasploit
Hacking like it's 1985: Rooting the Cisco Prime LAN Management Solution
On January 9th Cisco released advisory cisco-sa-20130109
to address a vulnerability in the "rsh" service running on their Cisco Prime LAN
Management Solution virtual appliance. The bug is as bad as it gets - anyone who
can access the rsh service can execute commands as the root user account without
authentication. The example below demonstrates how to exploit this flaw using
Metasploit ( free download
1 min
Video Tutorial: Introduction to Burp-Suite 1.5 Web Pen Testing Proxy
Author: webpwnized (Twitter: @webpwnized)
Tool: Burp-Suite 1.5 Free Edition
Length: ~1 hour
After installing Burp-Suite, this video covers how to configure the proxy to
intercept, pause, alter, and test requests and responses between a web browser
and a web server (web site).
Much of the basic functionality and some more advanced settings are reviewed
including the Target, Proxy, Sequencer, Repeater, Intruder, and Decoder tab.
While there are many more settings and features than can be covere