3 min
Metasploit
Weekly Metasploit Update: Reasonable Disclosure, PHP EXE Wrappers, and More!
ZENWorks' Accidental Backdoor
This week, we saw the release of Metasploit exploit developer Juan Vazquez's
freshly discovered vulnerability in Novell ZENWorks. You can read all about it
in Juan's great technical blog post, but the short version for the
attention-deprived is: Novell ZENWorks ships with hard-coded credentials, which
allow for SYSTEM-level file system read access.
That seems like kind of a big deal for ZENWorks users -- namely because there's
no reasonable way to change these cred
3 min
Ghost - an introduction
Rapid7 has announced today that the Ghost USB honeypot
will be one of the projects
sponsored in their Magnificent7 program. In this blog post, I'm going to give an
overview of what Ghost is all about, and I'll motivate our plans for the next
year.
Our goal is to protect you from the threats of using USB devices. Despite being
indisputably useful, USB devices in general and storage devices in particular
bear a great risk: Malware can use them as a t
7 min
Exploits
New 0day Exploit: Novell ZENworks CVE-2012-4933 Vulnerability
Today, we present to you a flashy new vulnerability with a color-matching
exploit straight from our super secret R&D safe house here in Metasploit
Country. Known as CVE-2012-4933
, it applies to
Novell ZENworks Asset Management 7.5, which "integrates asset inventory,
software usage, software management and contract management to provide the most
complete software asset management tool available". Following our standard
disclosure polic
4 min
Metasploit
Weekly Metasploit Update: RopDB, Local Exploits, Better Samples, and More!
Introducing RopDB
This week, Metasploit exploit devs Wei "sinn3r" Chen
and Juan Vazquez
finished up Metasploit RopDB
. This advancement allows for drop-in ROP chains in new exploits, without all
that mucking around with copying and pasting mysterious binary blobs from one
exploit to the next. For the details on how to use it and what to expect in the
2 min
IT Ops
Cooking up Engine Yard logs with Chef
Opscode’s Chef is an open-source automation framework for the cloud, involving
‘recipes’ that can be triggered by events such as servers booting or restarting.
Chef scripts are written in Ruby, but will often use OS-specific system calls to
manipulate server instances. Chef is a great way to automate your cloud, and in
particular it’s useful as your environment grows! On Engine Yard, Chef recipes
can also be used to configure add-ons (like Logentries) on your servers, as we
will explain…
Each s
2 min
Nexpose
Multi-tenant User Provisioning
Introduction
Performing bulk operations can be time consuming in Nexpose. A good example is
user provisioning, which can take a long time. To save time, using the Nexpose
APIs is an effective way to save you time and eliminate the error-prone process
of doing everything manually. For this blog post, I want to demonstrate how you
can manage users using the Nexpose API. I will be using an open source Java API
client, which is available on clee-r7/nexpose_java_api · GitHub
3 min
Metasploit
Weekly Metasploit Update: Stealing Print Jobs, Exploiting Samba, and More!
This update has something for everyone -- new exploits, new auxiliary modules,
new post modules, and even new payloads. If quadfecta is a word, we totally hit
it this week!
More Mac OSX 64-Bit Payloads
The parade of OSX 64-bit payloads continues, with five new 64-bit payloads added
this week:
* modules/payloads/singles/osx/x64/say.rb
* modules/payloads/singles/osx/x64/shell_find_tag.rb
* modules/payloads/stagers/osx/x64/bind_tcp.rb
* modules/payloads/stagers/osx/x64/reverse_tcp.rb
* modul
4 min
Defeat the Hard and Strong with the Soft and Gentle Metasploit RopDB
Data Execution Prevention (DEP) has
always been a hot topic in modern software exploitation. This is a security
feature implemented in most popular operating systems, designed to prevent a
program from executing in a non-executable memory location. So when a malicious
code tries to inject payload in memory, it should fail during execution, and
then simply crashes. But here's the thing, although DEP plays an important role
to your computer's countermeas
1 min
Nexpose
Moving from HML (High, Medium, Low) Hell to Security Heaven – Whiteboard Wednesdays
At last check there are about 22 new vulnerabilities being published and
categorized every single day (see National Vulnerability Database web site -
http://nvd.nist.gov/). In total, the National Vulnerability Database now
contains more than 53,000 vulnerabilities. No wonder security professionals are
overwhelmed with the sheer volume of vulnerabilities in their daily practices.
At the same time, the prioritization schema that many organizations use are
quite basic and are either proprietary or
2 min
API
How to generate reports through the API
Nexpose provides a number of api methods for report management. Through the API
you can create/update a report configuration, generate a report on the fly, and
view the status of the generation requests.
A report configuration, in particular, is a configuration for a type of report.
With a configuration, a user can specify the template, format, and content for a
report. In order to create a configuration via the API a user must generate a
ReportSaveRequest.
ReportSaveRequest - The report save
0 min
Nexpose
Nexpose Reporting with the Java API Client
Nexpose reporting just got easier!
Now you can manage and generate Nexpose reports though an interactive
application that leverages the Nexpose Java API client.
Here is a list of the options that are currently supported.
1. List Reports
2. Generate Reports
3. Delete Reports
4. Delete Report Configurations (and all associated reports)
5. View Report Configuration
6. View Report History
Attached is a copy of the application and the source code so you can easily
modify and extend its func
5 min
Javascript
Creating a bunch of users at once using the Nexpose API
I would like to take the time to share an example of how you can use the Nexpose
API to create a batch of users at one time with the use of a CSV file. Sounds
too good to be true right?
I swear to you that this is not a mirage. In fact I am prepared to put my money
where my mouth is and post a code example with Rapid7's very own Open Source
Java API client. This will allow you to do the following:
* Interactively specify a CSV file to Create Update and even remove existing
users * Please s
0 min
IT Ops
Focus on the first input element in jQuery
Just in case you want to focus on the first element in a form, here is how to do
it through one simple jQuery sector:
$('#form-id :input:enabled:visible:first').focus();
Once you select the right form (#form-id), it’s time to specify any input
elements including text areas (:input) which are editable (:enabled), visible
(:visible), and first in the form (:first).
4 min
IT Ops
How do I know if my Heroku app is slow?
So you’ve written a nice new Heroku app and have tested it thoroughly – it seems
really fast – yay!!! And what do I mean by thoroughly… so you tried out all the
functionality, everything works as you’ve expected, and the response time seems
A-ok!
Well at least it seems ok when there’s one request at a time…. but you wonder
what happens when you go live and the floodgates open… what is the response time
going to be like then and how will you know what your users are experiencing?
Thanks for Swe
2 min
Authentication
Free Scanner for MySQL Authentication Bypass CVE-2012-2122
The MySQL authentication bypass vulnerability (CVE-2012-2122) - explained in
detail in HD Moore's blog post
- was
the cause for much concern when it was first discovered. In response, we've
created a new vulnerability scanner for CVE-2012-2122 called ScanNow
, which enables you to check your network for vulnerability to thi