2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Nov. 3, 2017
What’s New?
This week’s release sees multiple improvements and corrections, some years in
the making! We fixed an interesting bug in the initial handshake with
meterpreter that caused some payload callbacks to fail, improved error and
information reporting in other modules, and then @h00die ran spellcheck
[https://github.com/rapid7/metasploit-framework/pull/9144/files]!
New (and Improved!) Modules (2 New):
After three years, @wvu’s tnftp aux module grew up to become a strong,
well-rounded explo
6 min
Metasploit
Testing SMB Security with Metasploit Pro Task Chains: Part 2
This is part two of our blog series on testing SMB security with Metasploit Pro.
In the previous post, we explained how to use Metasploit Pro’s Task Chains
feature to audit SMB passwords automatically. Read it here
[/2017/10/31/testing-smb-server-security-with-metasploit-pro-task-chains-part-1/]
if you haven’t already.
In today’s blog post, we will talk about how to use a custom resource script in
a Task Chain to automatically find some publicly-known high-profile
vulnerabilities in SMB. Publi
6 min
Metasploit
Testing SMB Server Security with Metasploit Pro Task Chains: Part 1
A step-by-step guide to testing SMB server security using Metasploit Pro Task Chains.
2 min
Metasploit
Metasploit Wrapup: Oct. 27, 2017
Would you like to help Metasploit Framework and get a free t-shirt?
There is still a bit of October left, which means you can totally still sign up
for Hacktoberfest [https://hacktoberfest.com/]: a fun annual project to
encourage open source software contributions! Make four pull requests on any
open source GitHub project by Oct 31, and you might find yourself some joy and
fulfilment—but at least a free t-shirt.
Check out the Contribute section on the refreshed metasploit.com
[https://metasploi
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Oct. 20, 2017
Exploits for hours. Gather 'round with a pocket full of shells.
2 min
Metasploit
Metasploit Wrapup: Metasploit 5 or Bust
What's coming down the pipeline for Metasploit? Brent Cook brings you October's first Metasploit wrap-up.
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Sep. 22, 2017
To celebrate this first day of Autumn[1], we've got a potpourri of "things
Metasploit" for you this week. And it might smell a bit like "pumpkin spice"...
Or it might not. Who knows?
Winter is Coming
If you're looking to finish filling your storehouse before the cold sets in,
we've got a couple of new gatherer modules to help. This new Linux post module
[https://www.rapid7.com/db/modules/post/linux/gather/tor_hiddenservices] can
locate and pull TOR hostname and private key files for TOR hidden
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Sept. 15, 2017
It's been a hot minute since the last Metasploit Wrapup. So why not take in our
snazzy new Rapid7 blog makeover and catch up on what's been goin' down!
You can't spell 'Struts' without 'trust'
Or perhaps you can! With the all the current news coverage around an Apache
Struts vulnerability from earlier this year
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638] (thanks to its
involvement in a consumer credit reporting agency data breach), there's a new
Struts vuln [https://lgtm.com/
1 min
Metasploit
Metasploit: The New Shiny
It's been a while since I've written a blog post about new stuff in Metasploit
[https://www.rapid7.com/products/metasploit/download/] (and I'm not sure if the
editors will let me top the innuendo of the last one
[/2017/02/09/metasploit-framework-valentines-update/]). But I'm privileged to
announce that I'm speaking about Metasploit twice next month: once at the FSec
17 Conference [http://fsec.foi.hr/] in Varaždīn, Croatia September 7-8, and a
second time at UNITED 2017 [https://unitedsummit.org/
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: August 11, 2017
Slowloris: SMB edition
Taking a page from the Slowloris HTTP DoS attack
[https://web.archive.org/web/20090822001255/http://ha.ckers.org/slowloris/], the
aptly named SMBLoris DoS attack [/2017/08/03/smbloris-what-you-need-to-know]
exploits a vuln contained in many Windows releases (back to Windows 2000) and
also affects Samba (a popular open source SMB implementation). Through creation
of many connections to a target's SMB port, an attacker can exhaust all
available memory on the target by sendi
2 min
Metasploit
Hack with Metasploit: Announcing the UNITED 2017 CTF
Got mad skillz? Want mad skillz? This year at Rapid7's annual UNITED Summit
[https://unitedsummit.org/index.php], we're hosting a first-of-its-kind Capture
the Flag (CTF) competition. Whether you're a noob to hacking or a grizzled pro,
you'll emerge from our 25-hour CTF with more knowledge and serious bragging
rights. Show off your 1337 abilities by competing for top prizes, or learn how
to capture your first ever flag. Read on for details, and if you haven't already
done so, register for UNITED
4 min
Python
Virtual Machine Automation (vm-automation) repository released
Rapid7 just released a new public repo called vm-automation. The vm-automation
repository is a Python library that encapsulates existing methodologies for
virtual machine and hypervisor automation and provides a platform-agnostic
Python API. Currently, only ESXi and VMWare workstation are supported, but I
have high hopes we will support other hypervisors in time, and we would love to
see contributors come forward and assist in supporting them!
That's awesome. I want to get started now!
Great! I
2 min
Metasploit
Metasploit Wrapup: June 16, 2017
A fresh, new UAC bypass module for Windows 10!
Leveraging the behavior of fodhelper.exe and a writable registry key as a normal
user, you too can be admin! Unpatched as of last week, this bypass module
[https://github.com/rapid7/metasploit-framework/pull/8434] works on Windows 10
only, but it works like a charm!
Reach out and allocate something
This release offers up a fresh denial/degradation of services exploit against
hosts running a vulnerable version of rpcbind. Specifically, you can repea
2 min
Vulnerability Disclosure
R7-2017-16 | CVE-2017-5244: Lack of CSRF protection for stopping tasks in Metasploit Pro, Express, and Community editions (FIXED)
Summary
A vulnerability in Metasploit Pro, Express, and Community was patched in
Metasploit v4.14.0 (Update 2017061301)
[https://help.rapid7.com/metasploit/release-notes/archive/2017/06/#20170613].
Routes used to stop running tasks (either particular ones or all tasks) allowed
GET requests. Only POST requests should have been allowed, as the stop/stop_all
routes change the state of the service. This could have allowed an attacker to
stop currently-running Metasploit tasks by getting an authenti
2 min
Metasploit
Metasploit Wrapup 6/2/17
It has only been one week since the last wrapup, so it's not like much could
have happened, right? Wrong!
Misery Loves Company
After last week's excitement with Metasploit's version of ETERNALBLUE (AKA the
Wannacry vulnerability)
[https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue],
this week SAMBA had its own "Hold My Beer" moment with the disclosure that an
authenticated (or anonymous) client can upload a shared library to a SAMBA
server, and that server will happily e