Posts tagged Metasploit

4 min Metasploit

EternalBlue: Metasploit Module for MS17-010

This week's release of Metasploit [https://www.rapid7.com/products/metasploit] includes a scanner and exploit module for the EternalBlue vulnerability, which made headlines a couple of weeks ago when hacking group, the Shadow Brokers, disclosed a trove of alleged NSA exploits [https://www.rapid7.com/blog/post/2017/04/18/the-shadow-brokers-leaked-exploits-faq/] . Included among them, EternalBlue, exploits MS17-010 [https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue], a Wi
1 min Python

Recent Python Meterpreter Improvements

The Python Meterpreter [https://github.com/rapid7/metasploit-framework/wiki/Meterpreter] has received quite a few improvements this year. In order to generate consistent results, we now use the same technique to determine the Windows version in both the Windows and Python instances of Meterpreter. Additionally, the native system language is now populated in the output of the sysinfo command. This makes it easier to identify and work with international systems. The largest change to the Python M
3 min Metasploit

Exploitable Vulnerabilities: A Metasploit-Vulnerability Management Love Story

Integrating InsightVM [https://www.rapid7.com/products/insightvm/] or Nexpose [https://www.rapid7.com/products/nexpose/] (Rapid7's vulnerability management solutions [https://www.rapid7.com/solutions/vulnerability-management/]) with Metasploit [https://www.rapid7.com/products/metasploit/] (our penetration testing solution [https://www.rapid7.com/solutions/penetration-testing/]) is a lot like Cupid playing “matchmaker” with vulnerabilities and exploit modules [https://www.rapid7.com/fundamentals
3 min Metasploit

Metasploit Wrapup: 4/20/17

Editor's Note: While this edition of the Metasploit Wrapup is a little late (my fault, sorry), we're super excited that it's our first ever Metasploit Wrapup to be authored by an non-Rapid7 contributor. We'd like to thank claudijd [https://github.com/claudijd] -long-time Metasploit contributor, Mozilla security wrangler, and overall nice guy - for writing this post. If other Metasploit contributors want to get involved with spreading the word, we want to hear from you! We should be back on trac
5 min Metasploit

The Shadow Brokers Leaked Exploits Explained

The Rapid7 team has been busy evaluating the threats posed by last Friday's Shadow Broker exploit and tool release [https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/] and answering questions from colleagues, customers, and family members about the release. We know that many people have questions about exactly what was released, the threat it poses, and how to respond, so we have decided to compile a list of frequently asked question
3 min Metasploit

Exploiting Macros via Email with Metasploit Pro Social Engineering

Currently, phishing is seen as one of the largest infiltration points for businesses around the globe, but there is more to social engineering than just phishing. Attackers may use email and USB keys to deliver malicious files to users in the hopes of gaining access to an organization's network. Users that are likely unaware that unsolicited files, such as a Microsoft Word document with a macro, may be malicious and can be a major risk to an organization. Metasploit Pro [https://www.rapid7.com/
4 min Metasploit

Metasploit's RF Transceiver Capabilities

The rise of the Internet of Things We spend a lot of time monitoring our corporate networks. We have many tools to detect strange behaviors. We scan for vulnerabilities. We measure our exposure constantly. However, we often fail to recognize the small (and sometimes big) Internet of Things (IoT) devices that are all around our network, employees, and employees' homes. Somewhat alarmingly – considering their pervasiveness — these devices aren't always the easiest to test. Though often difficult,
2 min Metasploit

Metasploit, Google Summer of Code, and You!

Spend the summer with Metasploit I'm proud to announce that the Metasploit Project has been accepted as a mentor organization in the Google Summer of Code! For those unfamiliar with the program, their about page [https://summerofcode.withgoogle.com/about/] sums it up nicely: > Google Summer of Code is a global program focused on introducing students to open source software development. Students work on a 3 month programming project with an open source organization during their break from univer
9 min Metasploit

Pen Testing Cars with Metasploit and Particle.io Photon Boards

TL;DR This post details how to use the MSFRelay library for Photon boards to write your own Metasploit [https://rapid7.com/products/metasploit/] compatible firmware. Specifically for an add-on called Carloop. If you have a Carloop and just want it to work with Metasploit without having to write any code (or read this) then I've also provided the full code as a library example in the Particle library and can be found here [https://build.particle.io/libs/spark-msf-relay/0.0.1/tab/example/msf-carlo
3 min Metasploit

Metasploit Weekly Wrapup: March 10, 2017

The last couple of weeks in the infosec world have appeared busier, and buzzier, than most others.  It seems almost futile to pry everyone away from the current drama--that being the bombshell revelation that intelligence agencies collect intelligence--long enough to have them read our dev blog.  Regardless, we've been busy ourselves.  And if you're the least bit like me, you could probably use a quick respite from the cacophony.  Keeping up with all the noise is enough to make anyone feel lik
2 min Metasploit Weekly Wrapup

Weekly Metasploit Wrapup: 2/23/17

I gave at the office The office can be a popular place when it comes to giving. From selling kids' cookies/candy to raising awareness for a charity, the opportunity to 'give at the office' is definitely a thing. And now, thanks to Office macros, Metasploit offers a new way to give (and receive!) at 'the Office'. These days, using malicious macros in office productivity programs is still a common attack vector. Designed with a handful of word-processing programs in mind (including some open sour
2 min Metasploit

Metasploitable3 CTF Results and Wrap-Up

The Metasploitable3 CTF competition [https://www.rapid7.com/blog/post/2016/12/07/metasploitable3-capture-the-flags-competition/] has wrapped up and we have our winners!  We had almost 300 flag submissions from more than 50 fine folks.  There were some really great right-ups submitted with great details on how flags were found.  Thanks to everyone who took time to submit a finding!  ON TO THE RESULTS! When we announced the competition, we didn't specify if team submissions were allowed or not. 
2 min Metasploit

Metasploitable3 CTF Competition: Update and Leaderboard!

The Metasploitable3 [/2016/11/15/test-your-might-with-the-shiny-new-metasploitable3] Capture The Flag Competition [/2016/12/07/metasploitable3-capture-the-flags-competition] has been underway for about a week now and the submissions have been pouring in!  We're very excited to see so many great submissions. We're reviewing as fast as we can so if you don't hear back from us right away, don't worry, you will.  For all valid submissions we will update this blog post and subsequent ones with the le
4 min Metasploit

Metasploitable3 Capture the Flag Competition

UPDATE: Leaderboard can be found on this new post [/2016/12/14/metasploitable3-ctf-competition-update]! Plus, some notes that may be helpful. Exciting news! Rapid7 is hosting a month-long, world-wide capture the flag(s) competition! Rapid7 recently released Metasploitable3 [https://github.com/rapid7/metasploitable3], the latest version of our attackable, vulnerable environment designed to help security professionals, students, and researchers alike hone their skills and practice their craft. I
4 min Metasploit

Metasploitable3: An Intentionally Vulnerable Machine for Exploit Testing

Test Your Might With The Shiny New Metasploitable3 Today I am excited to announce the debut of our shiny new toy - Metasploitable3 [https://github.com/rapid7/metasploitable3]. Metasploitable3 is a free virtual machine that allows you to simulate attacks largely using Metasploit [https://www.rapid7.com/products/metasploit/?CS=blog]. It has been used by people in the security industry for a variety of reasons: such as training for network exploitation, exploit development, software testing, techn

Popular Topics

Tags