1 min
Metasploit
Six Wonderful Years
Rapid7 has been my home for the last six years, growing from 98 people when I
joined to over 700 today. Keeping up with the growth has been both exhilarating
and terrifying. I am really proud of our Austin team, the Metasploit ecosystem,
and our leadership in security research. We care about our customers, our
employees, and our impact in the industry. Working at Rapid7 has simply been the
best job I have ever had.
We have surpassed every goal that I set when I joined in 2009. Metasploit is
thr
4 min
Metasploit
12 Days of HaXmas: Metasploit End of Year Wrapup
This is the seventh post in the series, "The 12 Days of HaXmas."
It's the last day of the year, which means that it's time to take a moment to
reflect on the ongoing development of the Metasploit Framework, that de facto
standard in penetration testing, and my favorite open source project around.
While the acquisition of Metasploit way back in 2009 was met with some healthy
skepticism, I think this year, it's easy to say that Rapid7's involvement with
Metasploit has been an enormously positive
4 min
Metasploit
512 Days of HaXmas: Metasploit's IoT WebApp Login Support
This is the sixth post in the series, "The Twelve Days of HaXmas."
Well, the year is coming to a close, and it's just about time for the annual
breakdown of Metasploit commit action. But before we get to that, I wanted to
take a moment to highlight the excellent work we landed in 2015 in adding new
web application login support to Metasploit. After all, who needs exploits when
your password is "public" or "admin" or "password" or any other of the very few
well-known default passwords? Maybe i
2 min
Metasploit
How to Avoid Common Mistakes in your Metasploit Community/Pro License Key Request
As a result of export restrictions placed on Metasploit Community and Pro
trials, this year we have introduced some new systems to help process license
requests. We have received a lot of questions about this, and this post will
hopefully answer some of them for you. If you haven't read the original blog
post about the export controls
[/2015/06/05/availability-of-metasploit-community-metasploit-pro-trials-outside-us-canada]
, please take a moment to review the information there on the updates an
1 min
Metasploit
Metasploit Framework Tools Reorg
There are a wide variety of interesting and useful tools in the Metasploit
Framework. Many of these are available from the top-level of Metasploit in the
form of modules and library code. You can find countless tutorials and blogs
about how to put msfconsole, msfvenom and other top-level commands to good use.
However, not many people know about the 'tools' directory, which contains many
useful, single-purpose scripts, with topics spanning from exploit development to
statistics.
One of the probl
4 min
Metasploit
New Metasploit Tools to Collect Microsoft Patches
Patch testing and analysis are important parts in vulnerability research and
exploit development. One popular reason is people would try this technique to
rediscover patched bugs, or find ways to keep an 0day alive in case the fix in
place is inadequate. The same process is also used to find the range of builds
affected by a vulnerability, which tends to be useful to predict the value of
the exploit, improving target coverage and reliability.
Going through Microsoft patches is no easy task, tho
2 min
Windows
Metasploit Framework Open Source Installers
Rapid7 has long supplied universal Metasploit installers for Linux and Windows.
These installers contain both the open source Metasploit Framework as well as
commercial extensions, which include a graphical user interface, metamodules,
wizards, social engineering tools and integration with other Rapid7 tools. While
these features are very useful, we recognized that they are not for everyone.
According to our recent survey of Metasploit Community users, most only used it
for the open source comp
6 min
Metasploit
Flipping Bits in the Windows Kernel
Recently, the MS15-061 bulletin has received some attention. This security
bulletin includes patches for several Windows Kernel vulnerabilities, mainly
related to win32k.sys. Details of one of them, discovered by Udi Yavo, have been
very well covered.
First, the same Udi Yavo published details about the Use After Free on a blog
entry. Later, Dominic Wang [https://twitter.com/d0mzw] wrote a even more
detailed analysis of both the vulnerability and its exploitation on this paper.
Finally, Meysam
20 min
Metasploit
A Debugging Session in the Kernel
Last week, an awesome paper
[https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2015/september/exploiting-cve-2015-2426-and-how-i-ported-it-to-a-recent-windows-8.1-64-bit/]
about the MS15-078 vulnerability and it's exploitation was published by Cedric
Halbronn [https://twitter.com/saidelike]. This vulnerability, originally found
and exploited by Eugene Ching [https://twitter.com/eugeii], already has a
work-in-progress module in Metasploit, which you can follow on github
[https://
13 min
Metasploit
Using Reflective DLL Injection to exploit IE Elevation Policies
As you are probably aware, sandbox bypasses are becoming a MUST when exploiting
desktop applications such as Internet Explorer. One interesting class of sandbox
bypasses abuse IE's Elevation Policies. An example of this type of sandbox
bypass is CVE-2015-0016
[http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0016]. The
vulnerability has already been analyzed by Henry Li, who published a complete
description in this blog entry
[http://blog.trendmicro.com/trendlabs-security-intelligence/
1 min
Metasploit
Metasploit on Kali Linux 2.0
As you are aware, Kali 2.0
[https://www.kali.org/releases/kali-linux-20-released/] has been released this
week and getting quite a bit of attention, as it should. Folks behind Kali have
worked really hard to bring you the new version of Kali Linux that everyone is
excited about. If you have already started to play with the new version, you
probably have realized that something is different, that is; Metasploit
Community / Pro is no longer installed by default.
Where is Metasploit Community / Pr
3 min
Metasploit
Metasploit Local Exploit Suggester: Do Less, Get More!
Meet Lester, the Exploit Suggester
Hey there, my name is Mo ( Mohamed Sadek [https://github.com/MSadek-r7] ). I am
currently an intern at Rapid7, working with the Metasploit team in Austin. After
some research, testing, and more than a few energy drinks, sinn3r (sinn3r
[https://twitter.com/_sinn3r] ) and I have authored the first version of the
Metasploit Local Exploit Suggester, or Lester for short. Lester is a post module
that you can use to check a system for local vulnerabilities, using the
6 min
Metasploit
Interning at Rapid7: A "git push" in the Right Direction
How I Got Here
Hey there! My name is Mo. I'm currently an intern here at Rapid7 working in the
Austin office as part of the Metasploit team. If you came here expecting a deep
understanding of Metasploit, this blog post isn't the right place. If you ARE
interested in knowing what it's like to being a small town college student
working at a leading firm in security engineering, then keep reading!
Everyone used to tell me that every mistake and failure was a push in the right
direction, but that
8 min
Metasploit
Wassenaar Arrangement - Frequently Asked Questions
The purpose of this post is to help answer questions about the Wassenaar
Arrangement. You can find the US proposal for implementing the Arrangement here
[https://s3.amazonaws.com/public-inspection.federalregister.gov/2015-11642.pdf],
and an accompanying FAQ from the Bureau of Industry and Security (BIS) here
[http://www.bis.doc.gov/index.php/policy-guidance/faqs#subcat200]. For Rapid7's
take on Wassenaar, and information on the comments we intend to submit to BIS,
please read this companion pie
2 min
Metasploit
Metasploit Framework Rails 4.0 Upgrade
It is always a running battle to keep an application's backend up to date with
various technologies. Today, we are excited to announce that Metasploit
Framework [https://www.metasploit.com/download/] now ships with Rails 4.0.
Upgrades like this are sometimes hard to get excited about because if everything
goes well, users should see no difference. There are many reasons to upgrade to
Rails 4, though.
Why Upgrade
Here are the important reasons to upgrade from our perspective:
* Security is a b