Posts tagged Metasploit

4 min Python

Virtual Machine Automation (vm-automation) repository released

Rapid7 just released a new public repo called vm-automation. The vm-automation repository is a Python library that encapsulates existing methodologies for virtual machine and hypervisor automation and provides a platform-agnostic Python API. Currently, only ESXi and VMWare workstation are supported, but I have high hopes we will support other hypervisors in time, and we would love to see contributors come forward and assist in supporting them! That's awesome. I want to get started now! Great! I
2 min Metasploit

Metasploit Wrapup: June 16, 2017

A fresh, new UAC bypass module for Windows 10! Leveraging the behavior of fodhelper.exe and a writable registry key as a normal user, you too can be admin! Unpatched as of last week, this bypass module [https://github.com/rapid7/metasploit-framework/pull/8434] works on Windows 10 only, but it works like a charm! Reach out and allocate something This release offers up a fresh denial/degradation of services exploit against hosts running a vulnerable version of rpcbind. Specifically, you can repea
2 min Vulnerability Disclosure

R7-2017-16 | CVE-2017-5244: Lack of CSRF protection for stopping tasks in Metasploit Pro, Express, and Community editions (FIXED)

Summary A vulnerability in Metasploit Pro, Express, and Community was patched in Metasploit v4.14.0 (Update 2017061301) [https://help.rapid7.com/metasploit/release-notes/archive/2017/06/#20170613]. Routes used to stop running tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenti
2 min Metasploit

Metasploit Wrapup 6/2/17

It has only been one week since the last wrapup, so it's not like much could have happened, right? Wrong! Misery Loves Company After last week's excitement with Metasploit's version of ETERNALBLUE (AKA the Wannacry vulnerability) [https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue], this week SAMBA had its own "Hold My Beer" moment with the disclosure that an authenticated (or anonymous) client can upload a shared library to a SAMBA server, and that server will happily e
4 min Metasploit

EternalBlue: Metasploit Module for MS17-010

This week's release of Metasploit [https://www.rapid7.com/products/metasploit] includes a scanner and exploit module for the EternalBlue vulnerability, which made headlines a couple of weeks ago when hacking group, the Shadow Brokers, disclosed a trove of alleged NSA exploits [https://www.rapid7.com/blog/post/2017/04/18/the-shadow-brokers-leaked-exploits-faq/] . Included among them, EternalBlue, exploits MS17-010 [https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue], a Wi
1 min Python

Recent Python Meterpreter Improvements

The Python Meterpreter [https://github.com/rapid7/metasploit-framework/wiki/Meterpreter] has received quite a few improvements this year. In order to generate consistent results, we now use the same technique to determine the Windows version in both the Windows and Python instances of Meterpreter. Additionally, the native system language is now populated in the output of the sysinfo command. This makes it easier to identify and work with international systems. The largest change to the Python M
3 min Metasploit

Exploitable Vulnerabilities: A Metasploit-Vulnerability Management Love Story

Integrating InsightVM [https://www.rapid7.com/products/insightvm/] or Nexpose [https://www.rapid7.com/products/nexpose/] (Rapid7's vulnerability management solutions [https://www.rapid7.com/solutions/vulnerability-management/]) with Metasploit [https://www.rapid7.com/products/metasploit/] (our penetration testing solution [https://www.rapid7.com/solutions/penetration-testing/]) is a lot like Cupid playing “matchmaker” with vulnerabilities and exploit modules [https://www.rapid7.com/fundamentals
2 min Metasploit

Metasploit Weekly Wrapup

hdm recently provided a new exploit module for a type confusion vulnerability that exists in Ghostscript versions 9.21 and earlier, allowing remote code execution on the target.
3 min Metasploit

Metasploit Wrapup: 4/20/17

Editor's Note: While this edition of the Metasploit Wrapup is a little late (my fault, sorry), we're super excited that it's our first ever Metasploit Wrapup to be authored by an non-Rapid7 contributor. We'd like to thank claudijd [https://github.com/claudijd] -long-time Metasploit contributor, Mozilla security wrangler, and overall nice guy - for writing this post. If other Metasploit contributors want to get involved with spreading the word, we want to hear from you! We should be back on trac
5 min Metasploit

The Shadow Brokers Leaked Exploits Explained

The Rapid7 team has been busy evaluating the threats posed by last Friday's Shadow Broker exploit and tool release [https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/] and answering questions from colleagues, customers, and family members about the release. We know that many people have questions about exactly what was released, the threat it poses, and how to respond, so we have decided to compile a list of frequently asked question
3 min Metasploit

Exploiting Macros via Email with Metasploit Pro Social Engineering

Currently, phishing is seen as one of the largest infiltration points for businesses around the globe, but there is more to social engineering than just phishing. Attackers may use email and USB keys to deliver malicious files to users in the hopes of gaining access to an organization's network. Users that are likely unaware that unsolicited files, such as a Microsoft Word document with a macro, may be malicious and can be a major risk to an organization. Metasploit Pro [https://www.rapid7.com/
4 min Metasploit

Metasploit's RF Transceiver Capabilities

The rise of the Internet of Things We spend a lot of time monitoring our corporate networks. We have many tools to detect strange behaviors. We scan for vulnerabilities. We measure our exposure constantly. However, we often fail to recognize the small (and sometimes big) Internet of Things (IoT) devices that are all around our network, employees, and employees' homes. Somewhat alarmingly – considering their pervasiveness — these devices aren't always the easiest to test. Though often difficult,
2 min Metasploit

Metasploit, Google Summer of Code, and You!

Spend the summer with Metasploit I'm proud to announce that the Metasploit Project has been accepted as a mentor organization in the Google Summer of Code! For those unfamiliar with the program, their about page [https://summerofcode.withgoogle.com/about/] sums it up nicely: > Google Summer of Code is a global program focused on introducing students to open source software development. Students work on a 3 month programming project with an open source organization during their break from univer
9 min Metasploit

Pen Testing Cars with Metasploit and Particle.io Photon Boards

TL;DR This post details how to use the MSFRelay library for Photon boards to write your own Metasploit [https://rapid7.com/products/metasploit/] compatible firmware. Specifically for an add-on called Carloop. If you have a Carloop and just want it to work with Metasploit without having to write any code (or read this) then I've also provided the full code as a library example in the Particle library and can be found here [https://build.particle.io/libs/spark-msf-relay/0.0.1/tab/example/msf-carlo
3 min Metasploit

Metasploit Weekly Wrapup: March 10, 2017

The last couple of weeks in the infosec world have appeared busier, and buzzier, than most others.  It seems almost futile to pry everyone away from the current drama--that being the bombshell revelation that intelligence agencies collect intelligence--long enough to have them read our dev blog.  Regardless, we've been busy ourselves.  And if you're the least bit like me, you could probably use a quick respite from the cacophony.  Keeping up with all the noise is enough to make anyone feel lik

Popular Topics

Tags