4 min
Metasploit
Hunting for Credentials: How Metasploit Pro Beat Me on the Command Line
By guest blogger Robert Jones, Information Security Manager, City of Corpus
Christi
I had the opportunity to participate in a tech preview of Metasploit Pro's new
credentials features. In our shop, we use Metasploit Pro, Nexpose, UserInsight
and ControlsInsight, all by Rapid7. I certainly wish I could spend the majority
of my time pentesting, but instead I often times I find myself using Metasploit
to educate users by showing them how I can compromise their machines. It is
incredibly compelli
2 min
Metasploit
Metasploit Pro's New Credentials Features Save Us Time in Workflows
By guest blogger Dustin Heywood, Manager, Security Assurance, ATB Financial
Recently I was invited to participate in Metasploit Pro's Tech Preview Program,
where customers are given early access to new product releases. I've taken part
in this program before and I have always loved the experience.
For those of you who haven't been involved in a Rapid7 Tech Preview program: It
starts out with a call with the customer engagement manager and the product
management team, who gave me an overview
3 min
Metasploit
Weekly Metasploit Update: Embedded Device Attacks and Automated Syntax Analysis
D-Link Embedded Device Shells
This week, esteemed Metasploit [https://www.metasploit.com/download/]
contributor @m-1-k-3 [https://github.com/m-1-k-3] has been at it again with his
valiant personal crusade against insecure SOHO (small office/home office)
embedded devices with known vulnerabilities. We have a new trio of modules that
target D-Link gear, based on the research released by Craig Heffner and Zachary
Cutlip, which exploit two bugs present in the DSP-W215 Smart Plug, and one UPnP
comma
1 min
Metasploit
Top 3 Takeaways from "7 Ways to Make Your Penetration Tests More Productive" Webcast
Earlier this week we heard from ckirsch
[https://community.rapid7.com/people/ckirsch], Senior Product Marketing Manager
for Metasploit at Rapid7, on the pressure penetration testers are facing. (Hint:
it's a lot!). With the increase in high profile breaches and their costs, more
and more emphasis is being put on the pen tester and security in general. Read
on if you'd like to get the top takeaways from this week's webcast so that you
aren't left in the dark about, "7 Ways to Make Your Penetratio
1 min
Metasploit
2014 Metasploit T-Shirt Design Contest
Hey Hacker-Designers!
Remember about this time last year, we kicked off the Metasploit T-Shirt design
contest
[/2013/05/03/metasploits-10th-anniversary-laptop-decal-design-competition]to
commemorate our shipping of 1,000 exploits and Metasploit's 10th Anniversary?
Turns out, we had so many good designs
[/2013/07/16/metasploit-design-contest-winners] and so much fun with that that
we're doing it again this year. So let's see, what reason can we contrive this
year...
We have 1,294 exploits now
2 min
Metasploit
Federal Friday - 4.25.14 - A Whole Lot of Oops
Happy Friday, Federal friends! I hope all of you enjoyed some nice family time
over the respective holidays last week. After a successful Marathon Monday here
in Boston we're blessed with chirping birds and blooming flowers (finally)!
As you all probably know by now, Verizon released their latest DBIR
[http://www.verizonenterprise.com/DBIR/2014/reports/rp_dbir-2014-executive-summary_en_xg.pdf]
report earlier this week. While this report covered a wide range of topics in
regards to breaches, I
2 min
Metasploit
Hacker's Dome: An Online Capture-the-Flag (CTF) Competition on May 17
Many folks ask me how you can get started as a penetration tester. Save for a
real-life penetration test, capture-the-flag (CTF) competitions are probably the
most effective ways for you to hone your offensive security skills. What's best:
they're a ton of fun, even for experienced pentesters. The folks over at
CTF365.com [http://www.ctf365.com/] have put together a one-off CTF called
Hacker's Dome, which will start on May 17th and run for 48 hours, so save the
date.
Hacker's Dome - First Bloo
4 min
Metasploit
Security Advisory: OpenSSL Heartbleed Vulnerability (CVE-2014-0160) in Metasploit (Updated 4/11/14 2:20pm EDT)
Metasploit 4.9.0 and earlier vulnerable to Heartbleed, update 4.9.1 addresses
critical cases
The Metasploit editions Metasploit Pro, Metasploit Express, and Metasploit
Community in versions 4.9.0 or earlier are vulnerable to the OpenSSL Heartbleed
Vulnerability (CVE-2014-0160). Please update to version 4.9.1 to remediate
critical vulnerabilities. See below for remediation instructions.
Metasploit Framework itself is not affected, but it has dependencies on other
components that may need to be u
2 min
Metasploit
R7-2014-05 Vulnerability in Metasploit Modules (Fixed)
Metasploit Pro, Community, and Express users are urged to update to the latest
version of Metasploit to receive the patch for the described vulnerability. Kali
Linux users should use the normal 'apt-get update' method of updating, while
other Metasploit Pro, Community, and Express users can use the in-application
Administration : Software Updates button.
A remote privilege escalation vulnerability has been discovered by Ben Campbell
of MWR InfoSecurity [https://labs.mwrinfosecurity.com/advisori
3 min
Metasploit
Weekly Metasploit Update: Encoding-Fu, New Powershell Payload, Bug Fixes
I Got 99 Problems but a Limited Charset Ain't One
In this week's Metasploit weekly update, we begin with OJ TheColonial Reeves
[https://twitter.com/TheColonial]' new optimized sub encoding module (opt_sub.rb
). As the name implies, this encoder takes advantage of the SUB assembly
instruction to encode a payload with printable characters that are file path
friendly. Encoders like this are incredibly useful for developing a memory
corruption exploit that triggers a file path buffer overflow, where
3 min
Metasploit
Weekly Metasploit Update: ADSI support and MSFTidy for sanity
Meterpreter ADSI support
We ended up skipping last week's update since upwards of 90% of Rapid7 folks
were Shanghaied up to Boston, in the dead of winter, with only
expense-reportable booze too keep us warm at night. So, with much fanfare comes
this week's update, featuring the all new ADSI interface for Meterpreter, via OJ
TheColonial [https://twitter.com/TheColonial] Reeves' Extended API.
Lucky for us, and you, Carlos DarkOperator [https://twitter.com/DarkOperator]
Perez was not ensconced i
5 min
Metasploit
Making Your Printer Say "Feed Me a Kitten" and Also Exfiltrate Sensitive Data
As of this last release, PJL
[https://en.wikipedia.org/wiki/Printer_Job_Language] (HP's Printer Job Language)
is now a grown-up Rex::Proto protocol! Since extending a protocol in Metasploit
is beyond the scope of this post, we'll just be covering how to use the PoC
modules included with the new protocol. Feel free to dig around in
lib/rex/proto/pjl*, though!
Okay, let's get started!
printer_version_info
First off, we have printer_version_info. This module lets us scan a range of
hosts for pri
3 min
Metasploit
Weekly Metasploit Update: Talking PJL With Printers
Abusing Printers with PJL
This week's release features a half dozen new modules that seek out printers
that talk the Print Job Language (PJL) for use and abuse. Huge thanks to our
newest full time Metasploit trouble maker, William Vu
[https://twitter.com/wvuuuuuuuuuuuuu].
As a penetration tester, you probably already know that office printers
represent tasty targets. Like most hardware with embedded systems, they rarely,
if ever, get patches. They don't often have very serious security controls
1 min
Metasploit
Free Webcast: From Framework to Pro - Using Metasploit Pro in Penetration Tests
Metasploit Pro [https://www.rapid7.com/products/metasploit/download/] is more
than just a pretty web interface for Metasploit; it contains many little known
features that simplify large scale network penetration tests. In this technical
webinar for penetration testers who are familiar with Metasploit Framework
[http://information.rapid7.com/how-to-use-metasploit-pro-in-penetration-tests.html?LS=2903674&CS=web]
, David Maloney shows which features he finds most useful in Metasploit Pro.
Watch
2 min
Exploits
Weekly Metasploit Update: Arbitrary Driver Loading & Win a WiFi Pineapple
Wow, I don't know about you, kind reader, but I'm just about blogged out after
that 12 Days of HaXmas sprint. I'll try to keep this update short and sweet.
Arbitrary Driver Loading
This week's update include a delightful new post module for managing a
compromised target, the Windows Manage Driver Loader by longtime Metasploit
community contributor, Borja Merino. If you, as a penetration tester, pops a box
get gains administrator rights (or elevate yourself there using any of the
several strateg