8 min
Windows
12 Days of HaXmas: Does it Blend Like a Duck?
This post is the fifth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014._
Writing portable software is not hard. It's just like walking through a
minefield! Getting to the other side, that's the tricky part.
Sure, if you target C, Unix-like systems and GCC or LLVM, you may not run into
too many hassles these days. There are still a few annoying differences between
BSDs and Linux, but POSIX a
9 min
Metasploit
12 Days of HaXmas: Buffer Overflows Come and Go, Bad Passwords are Forever
This post is the fourth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014.
This summer, the Metasploit team began the large undertaking of reworking
credentials throughout the project. Metasploit, as you already know, began as a
collection of traditional exploits. Over the years it has grown into much more
than that. Credentials were first introduced into Metasploit in the form of
Auxiliary Sc
4 min
Haxmas
12 Days of HaXmas: Improvements to jsobfu
This post is the third in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014.
Several months ago, Wei sinn3r [https://twitter.com/_sinn3r] Chen and I landed
some improvements to Metasploit's Javascript obfuscator, jsobfu. Most notably,
we moved it out to its own repo [https://github.com/rapid7/jsobfu] and gem
[https://rubygems.org/gems/jsobfu], wrapped it in tests, beefed up its AV
resilience, and
2 min
Haxmas
12 Days of HaXmas: Opening Up My Top Secret Metasploit Time Capsule
This post is the second in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014._
For today's HaXmas amusement, I have something fun to share with you all. So the
other day I was watching this movie called The Knowing
[https://www.youtube.com/watch?v=ikJ3t_tZf-E], an action-thriller starring
Nicolas Cage. The story of this movie begins with a school teacher telling the
students that as part of the s
1 min
Haxmas
Metasploit's 12 Days of HaXmas
12 Days of HaXmas, Wrapped!
Over the actual Twelve Days of Christmas
[https://en.wikipedia.org/wiki/Twelve_Days_of_Christmas], we here in Metasploit
Nation have been celebrating the 12 Days of HaXmas by bringing our blog readers
a fresh post about Metasploit (and hackery in general) every day for twelve days
straight, all tagged under HaXmas. That conveniently lists all 12 posts in
reverse order, so as you scroll through the titles, you can sing along:
On the 12th day of HaXmas, my true love g
8 min
Authentication
12 Days of HaXmas: Diving Into Git for Current and Future Metasploit Devs
This post is the eleventh in a series, 12 Days of HaXmas, where we take a look
at some of more notable advancements in the Metasploit Framework over the course
of 2013.
Make no mistake -- the initial learning curve for git and GitHub can be pretty
hairy. Way back in 2011, we made the initial move to GitHub for our source code
hosting, but it took us until 2013 to remove the last vestiges of our old SVN
infrastructure. In the meantime, we've picked up a fair amount of git and GitHub
smarts. For
4 min
Haxmas
12 Days of HaXmas: Exploiting (and Fixing) RJS Rails Info Leaks
This post is the fifth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements in the Metasploit Framework over the course of
2013.
Several weeks ago, Egor Homakov wrote a blog post
[http://homakov.blogspot.com/2013/11/rjs-leaking-vulnerability-in-multiple.html]
pointing out a common info leak vulnerability in many Rails apps that utilize
Remote JavaScript. The attack vector and implications can be hard to wrap your
head around, so in this post I'll explain ho
3 min
Haxmas
12 Days of HaXmas: Meterpreter, Reloaded
This post is the third in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements in the Metasploit Framework over the course of
2013.
Over the last quarter of 2013, we here in the Democratic Freehold of Metasploit
found that we needed to modernize our flagship remote access toolkit (RAT),
Meterpreter. That started with cleaving Meterpreter out of the main Metasploit
repository and setting it up with its own repository
[https://github.com/rapid7/meterpreter], and