5 min
Exploits
Exploiting Ruby on Rails with Metasploit (CVE-2013-0156)
Background
Earlier this week, a critical security flaw
in Ruby on Rails (RoR) was identified that could expose an application to remote
code execution, SQL injection
, and denial of
service attacks. Ruby on Rails is a popular web application framework that is
used by both web sites and web-enabled products and this flaw is by far the
worst
2 min
Metasploit
Weekly Metasploit Update: Rails Scanning, ZDI, and Exploit Dev
Rails Injection Bug
The big news this week turned out to be the new Rails injection bug, aka,
CVE-2013-0156, which you can read about in detail over on HD Moore's blog post.
Soon after the vulnerability was disclosed, @hdmoore
had a functional auxiliary scanner module
put together, so as of this moment, you're encouraged to scan the heck out of
your environment, repeatedly, for vulner
4 min
Metasploit
Serialization Mischief in Ruby Land (CVE-2013-0156)
This afternoon a particularly scary advisory
was posted to the Ruby on Rails (RoR) security discussion list. The summary is
that the XML processor in RoR can be tricked into decoding the request as a YAML
document or as a Ruby Symbol, both of which can expose the application to remote
code execution or SQL injection. A gentleman by the name of Felix Wilhelm went
into detail
4 min
Penetration Testing
Free Metasploit Penetration Testing Lab in the Cloud
No matter whether you're taking your first steps with Metasploit or if you're
already a pro, you need to practice, practice, practice your skillz. Setting up
a penetration testing lab can be time-consuming and expensive (unless you have
the hardware already), so I was very excited to learn about a new, free service
called Hack A Server, which offers vulnerable machines for you to pwn in the
cloud. The service only required that I download and launch a VPN configuration
to connect to the vulnerab
3 min
Metasploit
Using BackTrack 5 R3 with Metasploit Community or Metasploit Pro
Update: Kali Linux now superseded BackTrack as a platform. We strongly recommend
using Kali Linux over BackTrack if you are going to run Metasploit. More info
here
.
As of version 5 R3, BackTrack comes pre-installed with Metasploit 4.4, so it's
now easier to use Metasploit Community Edition or Metasploit Pro on BackTrack.
Here is how it's done:
* After BackTrack boots, enter startx t
6 min
Guide to monitoring JVM Memory usage
This guide is designed to show a few techniques to monitor how the Java Virtual
Machine (JVM) memory is used. When Nexpose starts, it takes a 75% sized chunk of
the available memory. The memory utilization graph of your system will just
appear to flat-line.** But what does it really do with all that memory?
Hopefully by the end of this guide you will have a better idea of what goes on
under that line and be able to tweak your systems to maximum efficiency.**
How does memory usage work with the
5 min
Exploits
Security Death Match: Open Source vs. Pay-for-Play Exploit Packs
In the blue corner: an open-source exploit pack. In the red corner: a
pay-for-play incumbent. As a security professional trying to defend your
enterprise against attacks, which corner do you bet on for your penetration
tests?
What's the goal of the game?
Okay, this is a loaded question, because it really depends on what your goal is.
If you are like 99% of enterprises, you'll want to protect against the biggest
and most likely risks. If you are the 1% that comprise defense contractors and
the
3 min
Metasploit
How Metasploit's 3-Step Quality Assurance Process Gives You Peace Of Mind
Metasploit exploits undergo a rigorous 3-step quality assurance process so you
have the peace of mind that exploits will work correctly and not affect
production systems on your next assignment.
Step 1: Rapid7 Code Review
Many of the Metasploit exploits are contributed by Metasploit's community of
over 175,000 users, making Metasploit the de-facto standard for exploit
development. This is a unique ecosystem that benefits all members of the
community because every Metasploit user is a “sensor
8 min
Metasploit
New Metasploit Exploit: Crystal Reports Viewer CVE-2010-2590
In this blog post we would like to share some details about the exploit for
CVE-2010-2590 ,
which we released in the last Metasploit update
. This module exploits a heap-based buffer
overflow, discovered by Dmitriy Pletnev, in the
CrystalReports12.CrystalPrintControl.1 ActiveX control included in
PrintControl.dll. This control is shipped with the Crystal Reports Viewer, as
installed by default wi
2 min
Metasploit
Weekly Metasploit Update: CrystalReports and Testing Discipline
Dissecting CrystalPrintControl
This week's update is, by all accounts, pretty light. This may be the first
update we've shipped that has exactly one new module. To make up for the lack
of quantity, though, we've got some quality for you, oh boy.
If it's snowy and blustery where you live, grab yourself a cup of hot cocoa,
gather the kids, and watch their little eyes twinkle in the firelight as you
regale them with the classic fable of how Metasploit Exploitation Elf Juan
@_juan_vazquez
3 min
Exploits
5 Tips to Ensure Safe Penetration Tests with Metasploit
Experienced penetration testers know what to look out for when testing
production systems so they don't disrupt operations. Here's our guide to ensure
smooth sailing.
Vulnerabilities are unintentional APIs
In my warped view of the world, vulnerabilities are APIs that weren't entirely
intended by the developer. They hey are also undocumented and unsupported. Some
of these vulnerabilities are exploited more reliably than others, and there are
essentially three vectors to rank them:
* Exploit s
2 min
Metasploit
Introduction to Metasploit Hooks
Metasploit provides many ways to simplify your life as a module developer. One
of the less well-known of these is the presence of various hooks you can use for
processing things at important stages of the module's lifetime. The basic one
that anyone who has written an exploit will be familiar with is exploit, which
is called when the user types the exploit command. That method is common to all
exploit modules. Aux and post modules have an analogous run method. Common to
all the runnable modules
8 min
Metasploit
The Odd Couple: Metasploit and Antivirus Solutions
I hear a lot of questions concerning antivirus evasion with Metasploit, so I'd
like to share some the information critical to understanding this problem. This
blog post is not designed to give you surefire antivirus (AV) evasion
techniques, but rather to help you understand the fundamentals of the issue.
A Quick Glossary
Before we begin, let's define a few terms. This will be important for
understanding some of the things we will discuss.
Payload: A payload is the actual code that is being del
3 min
Metasploit
Weekly Metasploit Update: Exploit Dev How-to and InfoSec Targets
Metasploit 4.5 has been out for a few days, so it's high time for an update.
Let's hop to it!
1000th Exploit: Freefloat FTP WMI
I often hear the question, "How do I get started on writing exploits?" Well, I'd
like to point you to Metasploit's 1000th exploit (future Hacker Jeopardy
contestants, take note): On December 7, 2012, Wei "sinn3r" Chen and Juan Vazquez
committed FreeFloat FTP Server Arbitrary File Upload
. Now,
as
4 min
Exploits
November Exploit Trends: Apache Killer Exploit New to List
This month was a quiet one on the Metasploit Top Ten List. Each month we compile
a list of the most searched exploit and auxiliary modules from our exploit
database . To protect user's privacy, the
statistics come from analyzing webserver logs of searches, not from monitoring
Metasploit usage.
The only new addition to the list this month is an old Apache Killer exploit.
Read on for the rest of November's exploit and auxiliary modules with commentary
by Meta