5 min
Nexpose
Nexpose Community Edition Lab | Scanning & Reports
In the previous blog post , we walked
through creating a virtual machine and installing Nexpose Community for use in a
small lab environment. In this post, we'll highlight key features of Nexpose,
run Discovery and Vulnerability scans and finally generate a report to assist
with remediating those pesky vulnerabilities.
To log into your Nexpose Console, open your browser and navigate to:
https://localhost:3780 , then input th
1 min
Metasploit
Webcast: Decrease Your Risk of a Data Breach - Effective Security Programs with Metasploit
Thanks for the many CISOs and security engineers who attended our recent
webcast, in which I presented some practical advice on how to leverage
Metasploit to conduct regular security reviews that address current attack
vectors. While Metasploit is often used for penetration testing projects, this
presentation focuses on leveraging Metasploit for ongoing security assessments
that can be achieved with a small security team to reduce the risk of a data
breach.
This webcast is now available for o
2 min
Metasploit
Weekly Metasploit Update: HP, PHP, and More!
Stupid PHP Tricks
This week's Metasloit update is a cautionary tale about running unaudited PHP
applications as part of your infrastructure. Metasploit community contributor
Brendan Coles has discovered and written Metasploit
modules for two similar root-level vulnerabilities one for OpenFiler
and one for WAN Emulator
(a
1 min
Metasploit
Current User psexec
At DEF CON this year I talked about some of the post exploitation capabilities
within Metasploit and demo'd a cool technique I developed with Jabra on a
pentest a year or so ago (I later found out that Mubix had come up with
basically the same idea - great minds think alike). It is essentially this: use
a session's current token to create a remote service on a victim machine.
It takes advantage of a feature in Windows that most people take completely for
granted. Given that you are already logg
3 min
Networking
Weekly Metasploit Update: SAP, MSSQL, DNS, and More!
Zone Transfers for All
This week, Metasploit community contributor bonsaiviking
fixed up the DNS library that Metasploit uses
so we won't choke on some types of zone transfer responses. Turns out, this is a
two-year old bug, but DNS servers that actually offer zone transfers are so rare
any more that this this bug didn't manifest enough to get squashed.
This brings me to a larger point -- with older vulnerabilities like these,
sometimes the hardest part for us
3 min
Metasploit
Mobile Pwning: Using Metasploit on iOS
Have you ever wanted to run an exploit but found yourself away from your desk?
Wouldn't it be awesome if you could launch a full version of the Metasploit
Framework from your phone or tablet? As you might have guessed, now you can.
With an adventurous spirit and a few commands, you can be running the Metasploit
Framework on your iPad or iPhone in just a few short minutes.
Warning: To install Metasploit, you'll need root access to your device – which
is accomplished by following your favorite ja
7 min
Adobe Flash Player Exploit CVE-2012-1535 Now Available for Metasploit
Edit: Aug 26 2012.
Recently, a new Adobe Flash vulnerability (CVE-2012-1535
) was being
exploited in the wild as a zero-day in limited targeted attacks, in the form of
a Word document. The Metasploit team managed to get our hands on the malware
sample, and began our voodoo ritual in order to make this exploit available in
the Metasploit Framework. Although Adobe officially has already released a
patch (APSB12-18
3 min
Metasploit
Weekly Metasploit Update: Trusted Path Switcheroo, Stack Cookie Bypass, and More!
Another week, another fifteen new modules for Metasploit. I continue to be
amazed by the productivity of our open source exploit developer community.
Thanks so much for your hard work and effort, folks!
New Module for Trusted Path Switcheroo
As I was going over this week's new modules, one that jumped out at me was Wei
"sinn3r" Chen's implementation of a general Trusted Path insertion attack,
Windows Service Trusted Path Privilege Escalation
5 min
The Stack Cookies Bypass on CVE-2012-0549
In this blog post we would like to share some details about the Oracle AutoVue
exploit for CVE-2012-0549
which we've
recently added to the Metasploit Framework. This module exploits a buffer
overflow flaw, discovered by Brian Gorenc.
The problem arises when you call the SetMarkupMode function from the AutoVue
control (clsid B6FCC215-D303-11D1-BC6C-0000C078797F) with a long sMarkup
parameter. The buffer overflow, even when triggered
4 min
Product Updates
Weekly Metasploit Update: Two Dozen New Modules
The Vegas and vacation season is behind us, so it's time to release our first
post-4.4.0 update. Here we go!
Exploit Tsunami
A few factors conspired to make this update more module-heavy than usual. We
released Metasploit 4.4 in mid-July. Historically, a dot version release of
Metasploit means that we spend a little post-release time closing out bugs,
performing some internal housekeeping that we'd been putting off, and other
boring software engineering tasks. Right after this exercise, it was
13 min
Malware
Analysis of the FinFisher Lawful Interception Malware
It's all over the news once again: lawful interception malware discovered in the
wild being used by government organizations for intelligence and surveillance
activities. We saw it last year when the Chaos Computer Club unveiled a trojan
being used by the federal government in Germany, WikiLeaks released a collection
of related documents in the Spy Files, we read about an alleged offer from Gamma
Group to provide the toolkit FinFisher to the Egyptian government, and we are
reading once again now
4 min
Malware
Cuckoo Sandbox 0.4 Simplifies Malware Analysis with KVM support, Signatures and Extended Modularity
That's right, the much anticipated and long awaited 0.4 release is finally here!
Just like divas arrive late at the gala, we took some more time than expected,
but are now worthy of a triumphant entrance.
If you're not familiar with Cuckoo Sandbox, it's an open source solution for
automating malware analysis.
What does that mean? Simply that you can throw any suspicious file at it and
after a few seconds it will give you back detailed information on what that file
does when executed inside a
1 min
Tutorial: Using web command injection vulnerability to gain administrative shell on Windows web server
In this video, a Windows web server is hosting Mutillidae web application which
contains a command injection vulnerability.
Using command injection to exploit the Mutillidae web application, we gain a
root shell (Administrative Windows cmd shell). The server is fully patched with
anti-virus running and a firewall blocking port 23. Additionally the telnet
service is disabled. With the command injection vulnerability, this video
demonstrates how misconfiguring web services can have serious conseq
1 min
Video: Introduction to basic host and service discovery scanning
During the early portion of the scanning phase of pen testing, locating active
hosts and identifying the services on open ports is critical in order to
determine exposed systems.
The video was recorded at the May ISSA Kentuckiana monthly workshop in
Louisville and covers basic host discovery scanning. Port scanning and service
discovery are covered as well as reporting results. Some of the tools used are
nmap, xprobe2, hping3, tcpdump and amap.
The speaker is Jeremy Druin (@webpwnized) and was
3 min
Metasploit
Weekly Metasploit Update: RATs, WPAD, and More!
Just a quick update this week for some new Metasploit modules. We're holding off
on the usual Framework and Pro enhancements as we button up the next point
release for Metasploit Pro, Express, and Community Editions. That said, we do
have a few neat new modules that I wanted to hilight, so let's take a look.
Hacking the Hackers
This week's haul includes something a little unusual -- an exploit for Poison
Ivy, a blackhat-favored Remote Administration Tool (RAT). Community contributor
Gal Badishi