All Posts

4 min Exploits

Exploit Trends: New Microsoft and MySQL Exploits Make the Top 10

The new Metasploit exploit trends are out, where we give you a list of the top 10 most searched Metasploit exploit and auxiliary modules from our exploit database (DB) . These stats are collected by analyzing searches on metasploit.com in our webserver logs, not through usage of Metasploit, which we do not track for privacy reasons. In June 2012, we also have three new entries on the list, and seven existing contenders. Here they are, annotated with Tod Bea
2 min

Tutorial: How to Scan Exploit Metasploitable-2 using Metasploit, Nexpose, nessus, Nmap, and John-the-Ripper

This video tutorial covers exploiting Metasploitable-2 to get a root shell and eventually a terminal via a valid "sudo-able" login over SSH. Two machines; a test host (Backtrack 5-R2) and a target host (Metasploitable-2) are set up on a VirtualBox host-only network. With this lab network set up, the demonstration walks through a practice pen-test using the phases of recon, scanning, exploitation, post-exploitation, and maintaining access. (Covering tracks and reporting are not covered. Recon is
2 min Metasploit

Weekly Metasploit Update: Sniffing with Meterpreter, Egg Hunting, and More!

This week's udpate has seven new modules, a much-anticipated Meterpreter enhancement, and more, so let's jump into it. Egg Hunting and Stack Smashing This week's update features a spiffy new module for HP Data Protector from Juan Vazquez and Wei 'sinn3r' Chen. It uises an egg hunting technique to reconstruct the exploit's payload -- and both Wei and Juan have a detailed blog posts in the works that go into detail on the whys and wherefores of egghunter shellcode and troubleshooting payload de
24 min Metasploit

Metasploit Exploit Development - The Series Part 1.

So you wanna be a Metasploit exploit developer huh? Well you are in luck because I have been working on an an "in-depth" exploit development tutorial series  that takes users behind the scenes on the process of exploit development and metasploit module creation. This series has been specifically designed with you "the community" in mind. It will cover step by step detail and explanation. This post is meant to be
5 min Compliance

5 NON-TECHNICAL REASONS ORGANIZATION GET BREACHED

For every data breach that makes the headlines, there are tens to hundreds that go unreported by the media, unreported by companies, or even worse, go unnoticed. The rash of negative publicity around organizations that have experienced data breaches would appear to be a sufficient motivator to whip corporate leaders into bolstering their security programs in order to prevent from being the next major headline. If that is not reason enough, the litany of regulations imposed on certain industries
2 min

Mentoring Junior Red Team Members with Metasploit Pro

Penetration testers are not born, they're made, and we all had to start somewhere. So how do you bring new team members up to speed, mentoring them into a new role? Metasploit users in red teams and consulting organizations often tell me that they like to leverage the Metasploit Pro team collaboration feature for this purpose. Metasploit Pro is accessed through a web interface that is available not only on the local host but also across the network (personal firewall rules permitting). As a r
3 min Exploits

Press F5 for root shell

As HD mentioned , F5 has been inadvertently shipping a static ssh key that can be used to authenticate as root on many of their BigIP devices. Shortly after the advisory, an anonymous contributor hooked us up with the private key. Getting down to business, here it is in action:     18:42:35 0 exploit(f5_bigip_known_privkey) > exploit     Successful login     Found shell.     Command shell session 3 opened (
1 min IT Ops

Direct downloads

We are happy to announce a publicly available beta of direct downloads. Now you can download any part of your log stream with literally one click! We have provided a new button which you can see on the right side of the Log screen. Click on the download icon to start the download immediately. You can configure different download options also. Specify whether you want to download log entries in plain text or if they should be compressed first. You
2 min Metasploit

Creating a PCI 11.3 Penetration Testing Report in Metasploit

PCI DSS Requirement 11.3 requires that you "perform penetration testing at least once a year, and after any significant infrastructure or application upgrade or modification". You can either conduct this PCI penetration test in-house or hire a third-party security assessment. Metasploit Pro offers a PCI reporting template, which helps you in both of those cases. If you are conducting the penetration test in
3 min Metasploit

New Critical Microsoft IE Zero-Day Exploits in Metasploit

We've been noticing a lot of exploit activities against Microsoft vulnerabilities lately. We decided to look into some of these attacks, and released two modules for CVE-2012-1889 and CVE-2012-1875 within a week of the vulnerabilities' publication for our users to test their systems. Please note that both are very important to any organization using Windows, because one of

3 min Metasploit

Weekly Metasploit Update: Encrypted Java Meterpreter, MS98-004, and New Modules!

When it rains, it pours. We released Metasploitable Version 2 , published a technique for scanning vulnerable F5 gear , and put out a module to exploit MySQL's tragically comic authentication bypass problem , all in addition to cooking up this week's update. So, kind of a busy week around here. You're welcome. (: Encryp
1 min Metasploit

Introducing Metasploitable 2!

Some folks may already be aware of Metasploitable, an intentionally vulnerable virtual machine designed for training, exploit testing, and general target practice. Unlike other vulnerable virtual machines, Metasploitable focuses on vulnerabilities at the operating system and network services layer instead of custom, vulnerable applications. I am happy to announce the release of Metasploitable 2, an even better punching bag for security tools like Metasploit , an
4 min Metasploit

How to Create Custom Reports in Metasploit

Metasploit Pro has a powerful reporting engine with many standard reports but also great ways to build your own reports. Custom reports can help you if in a couple of different ways: * Add your logo and corporate design to reports * Change the way reports display the information * Translate a reporting template to your local language * Create new reports for regional compliance needs A custom report is a report that you use template to generate. You can generate a custom report with a te
2 min Metasploit

Scanning for Vulnerable F5 BigIPs with Metasploit

This morning Matta Consulting posted an advisory for the F5 BigIP equipment. The advisory states that certain BigIP devices contain a SSH private key on its filesystem that is trusted for remote root access on every other BigIP appliance. Although Matta did not provide the private key, they did provide the public key itself: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAvIhC5skTzxyHif/7iy3yhxuK6/OB13hjPqrskogkYFrcW8OK4VJ T+5+Fx7wd4sQCnVn8rNqahw/x
5 min Vulnerability Disclosure

CVE-2012-2122: A Tragically Comedic Security Flaw in MySQL

Introduction On Saturday afternoon Sergei Golubchik posted to the oss-sec mailing list about a recently patched security flaw CVE-2012-2122in the MySQL and MariaDB database servers. This flaw was rooted in an assumption that the memcmp() function would always return a value within the range -128 to 127 (signed character). On some platforms and with certain optimizations enabled, this routine can return values outside of this range, eventually causing the code that compares a hashed password to s

Popular Topics

Tags