Posts tagged Metasploit

2 min Metasploit

Important Security Fixes in Metasploit 4.12.0-2016091401

A number of important security issues were resolved in Metasploit (Pro, Express, and Community editions) this week. Please update [https://community.rapid7.com/docs/DOC-3521] as soon as possible. Issue 1: Localhost restriction bypass (affects versions 4.12.0-2016061501 through 4.12.0-2016083001) On initial install, the Metasploit web interface displays a page for setting up an initial administrative user. After this initial user is configured, you can login and use the Metasploit web UI for th

Read Full Post

3 min Metasploit

Metasploit Weekly Wrapup: Aug. 12, 2016

Las Vegas 2016 is in The Books This week's wrap-up actually covers two weeks thanks in large part to the yearly pilgrimage to Las Vegas.  I myself elected not to attend, but I'm told everyone had a great time.  Many on the team are still recuperating, but I'd wager that they all enjoyed seeing you there as well.  Here's to everyone's speedy recovery. Centreon Web UserAlias Command Execution Our first new module this go-around exploits a remote command execution vulnerability in Centreon Web via

Read Full Post

5 min Metasploit

Pentesting in the Real World: Going Bananas with MongoDB

This is the 4th in a series of blog topics by penetration testers, for penetration testers, highlighting some of the advanced pentesting techniques they'll be teaching in our new Network Assault and Application Assault certifications, opening for registration this week. For more information, check out the training page at www.rapid7.com/services/training-certification/penetration-testing-training.jsp [http://www.rapid7.com/services/training-certification/penetration-testing-training.jsp] Prefa

Read Full Post

5 min Metasploit

Pentesting in the Real World: Gathering the Right Intel

This is the first in a series of blog topics by penetration testers, for penetration testers, highlighting some of the advanced pentesting techniques they'll be teaching in our new Network Assault and Application Assault certifications, opening for registration this week. For more information, check out the training page at www.rapid7.com/services/training-certification/penetration-testing-training.jsp [http://www.rapid7.com/services/training-certification/penetration-testing-training.jsp] So

Read Full Post

1 min Metasploit

Announcement: End-of-Life Metasploit 32-Bit Versions

UPDATE: With the release of version 4.15 on July 19, 2017, commercial Metasploit 32-bit platforms (Metasploit Pro, Metasploit Express, and Metasploit Community) no longer receive future product or content updates. These platforms are now obsolete and are no longer supported. Rapid7 announced the end of life of Metasploit Pro 32-bit versions for both Windows and Linux operating systems on July 5th, 2017.  This announcement applies to all editions: Metasploit Pro, Metasploit Express and Metasploi

Read Full Post

10 min Metasploit

A Short Approach: The Cisco ASA 5505 as a Stepping Stone Into Embedded Reverse Engineering

Back in February, Exodus Intelligence released their blog entry titled "Execute My Packet", which detailed their discovery and exploitation of CVE-2016-1287.  Since then, I've fielded numerous requests for modules and witnessed much discussion generated from it.  From this discussion, I've gathered that many researchers seem to consider the Cisco ASA as an unruly beast, difficult to approach, even harder to tame.  I feel that this is far from the truth, and this article is a response to such not

Read Full Post

2 min Metasploit

Rapid7 Sponsors Tech For Troops Hacking Convention

This is a guest blog by Eliza May Austin, a student at Sheffield Hallam University in the United Kingdom. We commend Eliza for her involvement in and commitment to Tech for Troops and we're honored to be able to participate. In March of 2016, Rapid7 sponsored the first ever Tech For Troops hacking convention (TFTcon), hosted at Sheffield Hallam University. TFTcon is a hacking convention specific to ex-military people and its purpose is to bridge the gap in the information security industry with

Read Full Post

3 min Metasploit

Securing Your Metasploit Logs

Metasploit, backed by a community of 200,000 users and contributors is the most impactful penetration testing solution on the planet. With it, uncover weaknesses in your defenses, focus on the highest risks, and improve your security outcomes. Your Metasploit Pro console produces a lot of important logs. It is essential to be able to review these logs, alert on them, and keep them secure. Why should I monitor these logs? The logs produced by your Metasploit Pro console are helpful when troubl

Read Full Post

3 min Release Notes

Weekly Metasploit Wrapup: March 14, 2016

Scanning for the Fortinet backdoor with Metasploit Written by wvu Metasploit now implements a scanner for the Fortinet backdoor. Curious to see how to use it? Check this out! wvu@kharak:~/metasploit-framework:master$ ./msfconsole -qL msf > use auxiliary/scanner/ssh/fortinet_backdoor msf auxiliary(fortinet_backdoor) > set rhosts 417.216.55.0/24 rhosts => 417.216.55.0/24 msf auxiliary(fortinet_backdoor) > set threads 100 threads => 100 msf auxiliary(fortinet_backdoor) > run [*]

Read Full Post

1 min Metasploit

Six Wonderful Years

Rapid7 has been my home for the last six years, growing from 98 people when I joined to over 700 today. Keeping up with the growth has been both exhilarating and terrifying. I am really proud of our Austin team, the Metasploit ecosystem, and our leadership in security research. We care about our customers, our employees, and our impact in the industry. Working at Rapid7 has simply been the best job I have ever had. We have surpassed every goal that I set when I joined in 2009. Metasploit is thr

Read Full Post

4 min Metasploit

12 Days of HaXmas: Metasploit End of Year Wrapup

This is the seventh post in the series, "The 12 Days of HaXmas." It's the last day of the year, which means that it's time to take a moment to reflect on the ongoing development of the Metasploit Framework, that de facto standard in penetration testing, and my favorite open source project around. While the acquisition of Metasploit way back in 2009 was met with some healthy skepticism, I think this year, it's easy to say that Rapid7's involvement with Metasploit has been an enormously positive

Read Full Post

4 min Metasploit

512 Days of HaXmas: Metasploit's IoT WebApp Login Support

This is the sixth post in the series, "The Twelve Days of HaXmas." Well, the year is coming to a close, and it's just about time for the annual breakdown of Metasploit commit action. But before we get to that, I wanted to take a moment to highlight the excellent work we landed in 2015 in adding new web application login support to Metasploit. After all, who needs exploits when your password is "public" or "admin" or "password" or any other of the very few well-known default passwords? Maybe i

Read Full Post

2 min Metasploit

How to Avoid Common Mistakes in your Metasploit Community/Pro License Key Request

As a result of export restrictions placed on Metasploit Community and Pro trials, this year we have introduced some new systems to help process license requests. We have received a lot of questions about this, and this post will hopefully answer some of them for you. If you haven't read the original blog post about the export controls [/2015/06/05/availability-of-metasploit-community-metasploit-pro-trials-outside-us-canada] , please take a moment to review the information there on the updates an

Read Full Post

1 min Metasploit

Metasploit Framework Tools Reorg

There are a wide variety of interesting and useful tools in the Metasploit Framework. Many of these are available from the top-level of Metasploit in the form of modules and library code. You can find countless tutorials and blogs about how to put msfconsole, msfvenom and other top-level commands to good use. However, not many people know about the 'tools' directory, which contains many useful, single-purpose scripts, with topics spanning from exploit development to statistics. One of the probl

Read Full Post

4 min Metasploit

New Metasploit Tools to Collect Microsoft Patches

Patch testing and analysis are important parts in vulnerability research and exploit development. One popular reason is people would try this technique to rediscover patched bugs, or find ways to keep an 0day alive in case the fix in place is inadequate. The same process is also used to find the range of builds affected by a vulnerability, which tends to be useful to predict the value of the exploit, improving target coverage and reliability. Going through Microsoft patches is no easy task, tho

Read Full Post

• ...
• 27
• 28
• 29
• 30
• 31
• ...