2 min
Exploits
Metasploit Updated: Telnet Exploits, MSF Lab, and More
It's Wednesday, and while many of you are enjoying the week off between
Christmas and New Years, we've been cranking out another Metasploit Update.
Telnet Encrypt Option Scanner and Exploits
I won't rehash this subject too much since HD already covered these modules in
depth here
and here
2 min
Metasploit
More Fun with BSD-derived Telnet Daemons
In my last post , I
discussed the recent BSD telnetd vulnerability and demonstrated the scanner
module added to the Metasploit Framework. Since then, two new exploit modules
have been released; one for FreeBSD versions 5.3 - 8.2
and another for Red Hat Enterprise Linux 3
3 min
Metasploit
Fun with BSD-derived Telnet Daemons
On December 23rd, the FreeBSD security team published an advisory
stating
that a previously unknown vulnerability in the Telnet daemon was being exploited
in the wild and that a patch had been issued. This vulnerability was interesting
for three major reasons:
1. The code in question may be over 20 years old and affects most BSD-derived
telnetd services
2. The overflow occurs in a structure with a function pointer store
2 min
Metasploit
Metasploit Updated: Trivial Access to TFTP
The Metasploit Update is out, and it's a little smaller than you might expect.
We've recently rejiggered our development to QA to release workflow here at
Rapid7, and that means that this week, we cut the release a couple days earlier
than usual in order to ensure the work flow all makes sense and that the
releases get the post-commit QA attention that they deserve. The end result is
that we'll have a pretty light release this week (due to the shortened
development cycle), but going forward, wee
3 min
Metasploit
Installing Metasploit Community Edition on BackTrack 5 R1
Update: I just published a new blog post for using Metasploit on BackTrack 5 R2
.
BackTrack 5 R1 comes pre-installed with Metasploit Framework 4.0. Unfortunately,
Metasploit Community, which brings a great new Web UI and other functionality,
was introduced in version 4.1, so it's not included by default. Updating
Metasploit Framework using the msfupdate command will not install the Web UI. In
addition, BT5 only makes
2 min
Metasploit
Metasploit Framework Updated: What's your Favorite Resource Script?
Sample Resource Scripts
About a week ago, munky9001 posted on Reddit the headline, DB_Autopwn
Deprecated! About time . Shortly after, HD wrote up a blog
post, Six Ways to Automate Metasploit
, with the moral of the story
being, "don't cry for db_autopwn, there are already much better methods to get
your automated pwnage on." Of these, the easiest and most straightforward way to
automate things is to write a resource script.
Thi
2 min
Release Notes
Metasploit Framework Updated: FastLib and More
Metasploit development moves fast. Blindingly fast, fueled by tons of open
source contributors -- which is one of the reasons why we moved away from our
tried and true SVN repository and on to GitHub. Now that we're on a more modern,
more social development platform, we have all new ways to get overwhelmed with
the pace of change on the Framework, especially since contributor code is that
much easier to integrate now. So, in order to ensure that the more notable
week-over-week changes get their
4 min
Metasploit
Six Ways to Automate Metasploit
Onward
Over the last few weeks the Metasploit team at Rapid7 has engaged in an overhaul
of our development process. Our primary goals were to accelerate community
collaboration and better define the scopes of our open source projects. The
first step was to migrate all open source development to GitHub. This has
resulted in a flood of contributors and lots of greatnew features and content.
One controversial change involved removing old, buggy automation tools that
simply didn't meet the quality
4 min
Vendor Security
I'd like to share our experiences with vendor security since I'm sure it's
something that impacts all of us. Like every company, Rapid7 relies on a number
of technology vendors for a huge range of products and services to run the
business. I'm sure no one will be surprised to hear that as a security company
we have a policy specifying the security requirements that our vendors need to
meet before we'll do business with them. Our view is that their security
directly impacts any of our internal or
8 min
Metasploit
Recon, Wireless, and Password Cracking
The Metasploit Framework continues to grow and expand with the support of the
community. There have been many new features added to the Metasploit Framework
over the past month. I am very excited to be able to share some of these new
developments with you.
Mubix's Recon Modules
Mubix's post-exploitation modules form his Derbycon talk are now in the
repository. The resolve_hostname module, originally called 'Dig', will take a
given hostname and resolve the IP address for that host from the windo
1 min
Metasploit
Adding Custom Wordlists in Metasploit for Brute Force Password Audits
In any penetration test that involves brute forcing passwords, you may want to
increase your chances of a successful password audit by adding custom wordlists
specific to the organization that hired you. Some examples:
* If you are security testing a hospital, you may want to add a dictionary with
medical terms.
* If you're testing a German organization, users are likely to use German
passwords, so you should add a German wordlist.
* Another good idea is to build a custom wordlist b
0 min
Metasploit
Metasploit and PTES
One of our Metasploit contributers, Brandon Perry
, has put together a document detailing the
recently released Penetration Testing Execution Standard
(PTES) with the modules and
functionality in the Framework. PTES is a push from a group of testers fed up
with the lack of guidance and the disparate sources of basic penetration testing
information. Brandon's document does a great job detailing disparate par
3 min
Release Notes
Exploit for critical Java vulnerability added to Metasploit
@_sinn3r and Juan Vasquez
recently released a module which
exploits the Java vulnerability detailed here
by mihi and by Brian
Krebs here
.
This is a big one. To quote Krebs: "A new exploit that takes advantage of a
recently-patched critical security flaw in Java is making the rounds in the
cri
2 min
Metasploit
Three Great New Metasploit Books
I've seen three great Metasploit books published lately. The one that most
people are probably already familiar with is Metasploit: The Penetration
Tester's Guide by David Kennedy, Jim O'Gorman, Devon Kearns and Mati Aharoni.
The book is very comprehensive, and packed full of great advice. David Kennedy
is Chief Information Security Officer at Diebold Incorporated and creator of the
Social-Engineer Toolkit (SET), Fast-Track, and other open source tools, so he
really knows his stuff. By the way,
2 min
Microsoft
Microsoft Patch Tuesday - November 2011
November's Microsoft Patch Tuesday contains four bulletins: one “critical”, two
“importants”, and one “moderate”. The majority of these bulletins relate to
Microsoft's later versions of the OS, implying that the flaws they address were
possibly introduced with Windows Vista. Generally more vulnerabilities are found
in earlier versions of the OS, so this month is unusual.
The critical bulletin – MS11-083 – is a TCP/IP based, specifically UDP,
vulnerability which affects Vista, Windows 7, Server