Posts tagged Metasploit

1 min Metasploit

2015 Metasploit T-Shirt Design Contest: It's On!

Hacker-designers! We need you! Show us your graphic skills, design an epic Metasploit t-shirt, and win Eternal Fame and Glory! [https://99designs.com/t-shirt-design/contests/metasploit-t-shirt-design-contest-489841/brief] Ahem, er, rather, we're looking for someone to design this year's Metasploit t-shirt. And if you are this year's winning Metasploit t-shirt designer, you will get $230USD and the notoriety and/or immense personal satisfaction in knowing that you're the 2015 Metasploit t-shi
5 min Metasploit

Unicode Support in Meterpreter

A short, mostly-accurate history of character encodings In the beginning, when you wanted to use a computer to store text, there were not many options - you inherited something from punchcards like EBCDIC or invented something convenient and unique to your system. Computers did not need to talk to each other, so there was not much point in standardizing between vendors. Things were pretty simple. Then, there came the need for computers and vendors to interoperate and communicate. Thus, ASCII an
8 min Metasploit

Meterpreter Survey 2015: You spoke, we listened, then wrote a bunch of code.

The Survey One month ago we asked the community for feedback about how they use Metasploit and what they want to see in the Meterpreter payload suite going forward. Over the course of a week we received over 400 responses and over 200 write-in suggestions for new features. We have spent the last month parsing through your responses, identifying dependencies, and actively delivering new features based on your requests. These requests covered 20 different categories: General Feedback Metasploit F
1 min Metasploit

Nexpose and Metasploit Training and Certification Courses Filling Up Fast!

Looking to amp-up or fine-tune your security prowess? UNITED conference attendees get the chance to do just that by registering for additional small group training and certification courses (Nexpose Basic, Metasploit Basic, and Nexpose Advanced). Since we're keeping the sessions intimate, spots are filling up quickly! Save your spot now for two days of formalized, curriculum-based training with Rapid7 experts [http://www.unitedsummit.org/new-registration.jsp]. You'll get to: * Share best p
4 min Metasploit

Being Product Manager of Metasploit

Hello World My name is Eray Yilmaz, and I am the new Product Manager of Metasploit. It has been three months since I have joined Rapid7, and I wanted to share my experiences with you so far. Before we get to that, here is tiny bit about myself: I am a 28, married, and fairly new father. I went to UTSA where I majored in Information Assurance and Information Systems, and received my B.B.A. Like anyone else in our industry, I have done my fair share of IT work, from helpdesk to managing networks
4 min Metasploit

HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301)

Overview The Update (2014122301) which was released on December, 23th 2014, failed to include necessary files for the application to update to version 4.11.0 for the first time. Issue The application will not start, therefore browser will provide generic "The page can't be displayed" message when trying to load the web UI. Additionally, various log messages may appear in respective log files. Windows: C:\metasploit\apps\pro\engine\prosvc.log Linux: /opt/metasploit/apps/pro/engine/prosvc_stder
7 min Metasploit

12 Days of HaXmas: Maxing Meterpreter's Mettle

This post is the twelfth in a series, 12 Days of HaXmas, where we usually take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014. As this is the last in the series, let's peek forward, to the unknowable future. Happy new year, it's time to make some resolutions. There is nothing like a fresh new year get ones optimism at its highest. Meterpreter is a pretty nifty piece of engineering, and full of useful functionality. The various extensi
3 min Metasploit

12 Days of HaXmas: Metasploit, Nexpose, Sonar, and Recog

This post is the tenth in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014. The Metasploit Framework [https://www.metasploit.com/download/] uses operating system and service fingerprints for automatic target selection and asset identification. This blog post describes a major overhaul of the fingerprinting backend within Metasploit and how you can extend it by submitting new fingerprints. Histo
9 min Metasploit

12 Days of HaXmas: Buffer Overflows Come and Go, Bad Passwords are Forever

This post is the fourth in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014. This summer, the Metasploit team began the large undertaking of reworking credentials throughout the project. Metasploit, as you already know, began as a collection of traditional exploits. Over the years it has grown into much more than that. Credentials were first introduced into Metasploit in the form of Auxiliary Sc
3 min Metasploit

Good-bye msfpayload and msfencode

Greetings all, On behalf of the Metasploit's development teams, I'd like to officially announce the decision of deprecating msfpayload and msfencode. Also starting today, we no longer support or accept patches for these two utilities. On June 8th 2015, the elderly msfpayload and msfencode will retire from the Metasploit repository, and replaced by their successor msfvenom. The tool msfvenom is the combination of msfpayload and msfencode, and has been in testing for more than 3.5 years. msfpayl
5 min Metasploit

R7-2014-18: Hikvision DVR Devices - Multiple Vulnerabilities

Rapid7 Labs has found multiple vulnerabilities in Hikvision [https://www.hikvision.com/us-en/] DVR (Digital Video Recorder) devices such as the DS-7204 and other models in the same product series that allow a remote attacker to gain full control of the device. More specifically, three typical buffer overflow vulnerabilities were discovered in Hikvision's RTSP request handling code: CVE-2014-4878, CVE-2014-4879 and CVE-2014-4880. This blog post serves as disclosure of the technical details for th
1 min Metasploit

New "show missing" Command in msfconsole

Hello, Metasploiters! Just wanted to update y'all on a new feature in msfconsole that *hopefully* should make vgrepping [https://en.wikipedia.org/wiki/Visual_inspection#Humorous_terminology] through module options a little easier. Show empty required options The new command is show missing, and all it does is show empty required options. Instead of looking through a long list of options and picking out the required ones that haven't been set, just run show missing, and a list of unset required
6 min Metasploit

Not Reinventing The Wheel: The Metasploit Rails::Application in 4.10

In Metasploit 4.10, we converted Metasploit Framework (and prosvc in Metasploit Commercial Editions) to be a full-fledged Rails::Application.  You may be wondering why Metasploit Framework and prosvc, should be Rails applications when they aren't serving up web pages.  It all has to do with not reinventing the wheel and very useful parts of Rails, Rails::Railtie and Rails::Engine. Rails 3.0 infrastructure Since Rails 3.0, Rails has been broken into multiple gems that didn't require each other a
2 min Metasploit

Feedback on Rapid7's Tech Preview Process and Metasploit Pro 4.10

By guest blogger Sean Duffy, IS Team Lead, TriNet Rapid7 invited me to participate in pre-release testing of Metasploit 4.10, a process they call Tech Preview. They asked me to openly share my thoughts with the community. Preparation and Logistics I always enjoy working with Rapid7. Preparatory meetings and documentation made the installation and testing process a breeze. Rapid7 was also kind enough to extend my testing and feedback sessions when work so rudely intruded on the fun. Zero comp
1 min Metasploit

msfconsole failing to start? Try 'msfconsole -n'

As part of the last release, the Metasploit Engineering team here at Rapid7 has been on a path of refactoring in the Metasploit open source code in order to make it more performant and to get toward a larger goal of eventually breaking up the framework into a multitude of libraries that can be used and tested in a standalone way. This effort will make it easier to deliver features and respond to issues more quickly, as well as ensure that regressions and bugs can get diagnosed, triaged, and fix

Popular Topics

Tags