2 min
Product Updates
Weekly Metasploit Update: Post Modules!
This week, let's talk about post-modules, since we have two new fun ones to
discuss.
Windows PowerShell
Windows PowerShell is a scripting language and shell for Windows platforms, used
primarily by system administrators. While untrusted scripts are not allowed to
run by default, many users will be tempted to set their execution environments
to be pretty permissive. This, in turn, can provide a rich (and almost
completely overlooked) post-exploitation playground.
To that end, this update featur
4 min
Exploits
My First Week at Metasploit
Hi all. I would like to take a minute to share some of my feelings about my
first week here as a full-time Metasploit exploit developer, and share some
exploit modules.
First of all, I would like to thank everyone on the the Metasploit team for
being so nice to me from the first week, and for helping me with anything I
need. They are definitely going easy on me during my first days! Their support
allowed me to build two exploits for the team during my first week here:
* batic_svg_java exploit
4 min
Metasploit
Top 10 Most Searched Metasploit Exploit and Auxiliary Modules
At Rapid7, we often get asked what the top 10 Metasploit modules are. This is a
hard question to answer: What does "top" mean anyway? Is it a personal opinion,
or what is being used in the industry? Because many Metasploit users work in
highly sensitive environments, and because we respect our users' privacy, the
product doesn't report any usage reports back to us.
We may have found a way to answer your questions: We looked at our
metasploit.com web server stats, specifically the Metasploit A
3 min
Metasploit
Hacking CCTV Security Video Surveillance Systems with Metasploit
From our guest blogger and Metasploit community contributor Justin Cacak at
Gotham Digital Science.
A new module for the Metasploit Framework, cctv_dvr_login
[http://metasploit.com/modules/auxiliary/scanner/misc/cctv_dvr_login], discovers
and tests the security of standalone CCTV (Closed Circuit Television) video
surveillance systems. Such systems are frequently deployed in retail stores,
living communities, personal residences, and business environments as part of
their physical security pro
3 min
Metasploit
The Art of Keylogging with Metasploit & Javascript
Rarely does a week go by without a friend or family member getting their login
credentials compromised, then reused for malicious purposes. My wife is always
on the lookout on Facebook, warning relatives and friends to change their
passwords. Many people don't understand how their credentials get compromised.
Password reuse on several websites is usually the culprit. Password reuse is a
problem even if the website encrypts the passwords in their databases. An
attacker only needs to insert some
4 min
Nexpose
"Pass the hash" with Nexpose and Metasploit
I am proud to announce that Nexpose 5.1.0 now supports "pass the hash"
[http://en.wikipedia.org/wiki/Pass_the_hash], a technique to remotely
authenticate against a Windows machine (or any SMB/CIFS server) with the mere
possession of LM/NTLM password hashes, without needing to crack or brute force
them. Nexpose is able to use the hashes to perform credentialed scans to produce
very detailed scan results of all sorts of local and remote vulnerabilities that
may otherwise not be detectable.
And pe
2 min
Exploits
Metasploit Updated: Telnet Exploits, MSF Lab, and More
It's Wednesday, and while many of you are enjoying the week off between
Christmas and New Years, we've been cranking out another Metasploit Update.
Telnet Encrypt Option Scanner and Exploits
I won't rehash this subject too much since HD already covered these modules in
depth here
[https://community.rapid7.com/community/solutions/metasploit/blog/2011/12/27/bsd-telnet-daemon-encrypt-key-id-overflow]
and here
[https://community.rapid7.com/community/solutions/metasploit/blog/2011/12/28/more-fun-wi
3 min
Metasploit
Fun with BSD-Derived Telnet Daemons
On December 23rd, the FreeBSD security team published an advisory
[http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc] stating
that a previously unknown vulnerability in the Telnet daemon was being exploited
in the wild and that a patch had been issued. This vulnerability was interesting
for three major reasons:
1. The code in question may be over 20 years old and affects most BSD-derived
telnetd services
2. The overflow occurs in a structure with a function pointer store
3 min
Release Notes
Exploit for Critical Java Vulnerability Added to Metasploit
@_sinn3r [http://twitter.com/_sinn3r] and Juan Vasquez
[https://twitter.com/#!/_juan_vazquez_] recently released a module which
exploits the Java vulnerability detailed here
[http://schierlm.users.sourceforge.net/CVE-2011-3544.html] by mihi and by Brian
Krebs here
[http://krebsonsecurity.com/2011/11/new-java-attack-rolled-into-exploit-kits].
This is a big one. To quote Krebs: "A new exploit that takes advantage of a
recently-patched critical security flaw in Java is making the rounds in the
cri
2 min
Microsoft
Microsoft Patch Tuesday - November 2011
November's Microsoft Patch Tuesday contains four bulletins: one “critical”, two
“importants”, and one “moderate”. The majority of these bulletins relate to
Microsoft's later versions of the OS, implying that the flaws they address were
possibly introduced with Windows Vista. Generally more vulnerabilities are found
in earlier versions of the OS, so this month is unusual.
The critical bulletin – MS11-083 – is a TCP/IP based, specifically UDP,
vulnerability which affects Vista, Windows 7, Server
2 min
Exploits
Metasploit Bounty: Code, Sweat, and Tears
After more than 30 days of hardcore and intense exploit hunting, the Metasploit
Bounty program has finally come to an end. First off, we'd like to say that even
though the Metasploit Framework has made exploit development much easier, the
process is not always an easy task. We're absolutely amazed how hard our
participants tried to make magic happen.
Often, the challenge begins with finding the vulnerable software. If you're
lucky, you can find what you need from 3rd-party websites that mirror
11 min
Metasploit
MS11-030: Exploitable or Not?
If you weren't already aware, Rapid7 is offering a bounty
[/2011/06/14/metasploit-exploit-bounty-30-exploits-500000-in-5-weeks] for
exploits that target a bunch of hand-selected, patched vulnerabilities. There
are two lists to choose from, the Top 5 and the Top 25
[https://community.rapid7.com/docs/DOC-1467] . An exploit for an issue in the
Top 5 list will receive a $500 bounty and one from the Top 25 list will fetch a
$100 bounty. In addition to a monetary reward, a successful participant also
4 min
Exploits
Recent Developments in Java Signed Applets
The best exploits are often not exploits at all -- they are code execution by
design. One of my favorite examples of this is a signed java applet. If an
applet is signed, the jvm allows it to run outside the normal security sandbox,
giving it full access to do anything the user can do.
Metasploit has supported using signed applets as a browser exploit for quite
awhile, but over the last week there have been a couple of improvements that
might help you get more shells. The first of these improve
4 min
Metasploit
Introducing msfvenom
The Metasploit Framework has included the useful tools msfpayload and msfencode
for quite sometime. These tools are extremely useful for generating payloads in
various formats and encoding these payloads using various encoder modules. Now I
would like to introduce a new tool which I have been working on for the past
week, msfvenom. This tool combines all the functionality of msfpayload and
msfencode in a single tool.
Merging these two tools into a single tool just made sense. It standardizes
2 min
Metasploit
Metasploit-ation for the Nation
In a couple of weeks, our very own @Mubix (AKA Rob Fuller to those who don't
live their life with an @ sign permanently attached to their name!) will be
offering Metasploit-ation for the Nation. Unlike that phrase – which I just
made up – Mubix will actually be talking sense as he walks penetration testers
through the delightful world of Metasploit Pro in a 4-hour in-depth training
session.
Mubix took some time to answer a few questions below to give you a flavor of the
training. If you have