4 min
Exploits
Exploit Trends: New Microsoft and MySQL Exploits Make the Top 10
The new Metasploit exploit trends are out, where we give you a list of the top
10 most searched Metasploit exploit and auxiliary modules from our exploit
database (DB) . These stats are collected by
analyzing searches on metasploit.com in our webserver logs, not through usage of
Metasploit, which we do not track for privacy reasons.
In June 2012, we also have three new entries on the list, and seven existing
contenders. Here they are, annotated with Tod Bea
2 min
Tutorial: How to Scan Exploit Metasploitable-2 using Metasploit, Nexpose, nessus, Nmap, and John-the-Ripper
This video tutorial covers exploiting Metasploitable-2 to get a root shell and
eventually a terminal via a valid "sudo-able" login over SSH.
Two machines; a test host (Backtrack 5-R2) and a target host (Metasploitable-2)
are set up on a VirtualBox host-only network. With this lab network set up, the
demonstration walks through a practice pen-test using the phases of recon,
scanning, exploitation, post-exploitation, and maintaining access. (Covering
tracks and reporting are not covered. Recon is
2 min
Metasploit
Weekly Metasploit Update: Sniffing with Meterpreter, Egg Hunting, and More!
This week's udpate has seven new modules, a much-anticipated Meterpreter
enhancement, and more, so let's jump into it.
Egg Hunting and Stack Smashing
This week's update features a spiffy new module for HP Data Protector from Juan
Vazquez and Wei 'sinn3r' Chen. It uises an egg hunting technique to reconstruct
the exploit's payload -- and both Wei and Juan have a detailed blog posts in the
works that go into detail on the whys and wherefores of egghunter shellcode and
troubleshooting payload de
24 min
Metasploit
Metasploit Exploit Development - The Series Part 1.
So you wanna be a Metasploit exploit
developer huh?
Well you are in luck because I have been working on an an "in-depth" exploit
development tutorial series that takes users behind the scenes on the process
of exploit development and metasploit module creation. This series has been
specifically designed with you "the community" in mind. It will cover step by
step detail and explanation. This post is meant to be
5 min
Compliance
5 NON-TECHNICAL REASONS ORGANIZATION GET BREACHED
For every data breach that makes the headlines, there are tens to hundreds that
go unreported by the media, unreported by companies, or even worse, go
unnoticed.
The rash of negative publicity around organizations that have experienced data
breaches would appear to be a sufficient motivator to whip corporate leaders
into bolstering their security programs in order to prevent from being the next
major headline. If that is not reason enough, the litany of regulations imposed
on certain industries
2 min
Mentoring Junior Red Team Members with Metasploit Pro
Penetration testers are not born, they're made, and we all had to start
somewhere. So how do you bring new team members up to speed, mentoring them into
a new role? Metasploit users in red teams and consulting organizations often
tell me that they like to leverage the Metasploit Pro team collaboration feature
for this purpose.
Metasploit Pro is accessed through a web interface that is available not only on
the local host but also across the network (personal firewall rules permitting).
As a r
3 min
Exploits
Press F5 for root shell
As HD mentioned ,
F5 has been inadvertently shipping a static ssh key that can be used to
authenticate as root on many of their BigIP devices. Shortly after the advisory,
an anonymous contributor hooked us up with the private key.
Getting down to business, here it is in action:
18:42:35 0 exploit(f5_bigip_known_privkey) > exploit
Successful login
Found shell.
Command shell session 3 opened (
1 min
IT Ops
Direct downloads
We are happy to announce a publicly available beta of direct downloads. Now you
can download any part of your log stream with literally one click!
We have provided a new button which you can see on the right side of the Log
screen. Click on the download icon to start the download immediately.
You can configure different download options also. Specify whether you want to
download log entries in plain text or if they should be compressed first. You
2 min
Metasploit
Creating a PCI 11.3 Penetration Testing Report in Metasploit
PCI DSS Requirement 11.3 requires that you "perform penetration testing at least
once a year, and after any significant infrastructure or application upgrade or
modification". You can either conduct this PCI penetration test in-house
or hire a third-party security assessment. Metasploit Pro offers a PCI reporting
template, which helps you in both of those cases. If you are conducting the
penetration test in
3 min
Metasploit
New Critical Microsoft IE Zero-Day Exploits in Metasploit
We've been noticing a lot of exploit activities against Microsoft
vulnerabilities lately. We decided to look into some of these attacks, and
released two modules for CVE-2012-1889
and CVE-2012-1875
within a week of
the vulnerabilities' publication for our users to test their systems. Please
note that both are very important to any organization using Windows, because one
of
3 min
Metasploit
Weekly Metasploit Update: Encrypted Java Meterpreter, MS98-004, and New Modules!
When it rains, it pours. We released Metasploitable Version 2
, published a technique for scanning
vulnerable F5 gear
, and put out a
module to exploit MySQL's tragically comic authentication bypass problem
, all in
addition to cooking up this week's update. So, kind of a busy week around here.
You're welcome. (:
Encryp
1 min
Metasploit
Introducing Metasploitable 2!
Some folks may already be aware of Metasploitable, an intentionally vulnerable
virtual machine designed for training, exploit testing, and general target
practice. Unlike other vulnerable virtual machines, Metasploitable focuses on
vulnerabilities at the operating system and network services layer instead of
custom, vulnerable applications. I am happy to announce the release of
Metasploitable 2, an even better punching bag for security tools like Metasploit
, an
4 min
Metasploit
How to Create Custom Reports in Metasploit
Metasploit Pro has a powerful reporting engine with many standard reports but
also great ways to build your own reports. Custom reports can help you if in a
couple of different ways:
* Add your logo and corporate design to reports
* Change the way reports display the information
* Translate a reporting template to your local language
* Create new reports for regional compliance needs
A custom report is a report that you use template to generate. You can generate
a custom report with a te
2 min
Metasploit
Scanning for Vulnerable F5 BigIPs with Metasploit
This morning Matta Consulting posted an advisory
for the F5 BigIP
equipment. The advisory states that certain BigIP devices contain a SSH private
key on its filesystem that is trusted for remote root access on every other
BigIP appliance. Although Matta did not provide the private key, they did
provide the public key itself:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAvIhC5skTzxyHif/7iy3yhxuK6/OB13hjPqrskogkYFrcW8OK4VJ T+5+Fx7wd4sQCnVn8rNqahw/x
5 min
Vulnerability Disclosure
CVE-2012-2122: A Tragically Comedic Security Flaw in MySQL
Introduction
On Saturday afternoon Sergei Golubchik posted to the oss-sec mailing list about
a recently patched security flaw CVE-2012-2122in the MySQL and MariaDB database
servers. This flaw was rooted in an assumption that the memcmp() function would
always return a value within the range -128 to 127 (signed character). On some
platforms and with certain optimizations enabled, this routine can return values
outside of this range, eventually causing the code that compares a hashed
password to s