Posts tagged Metasploit

5 min Product Updates

Update to the Metasploit Updates and msfupdate

The Short Story In order to use the binary installer's msfupdate, you need to first register your Metasploit installation. In nearly all cases, this means visiting https://localhost:3790 [https://localhost:3790/] and filling out the form. No money, no dense acceptable use policy, just register and go. Want more detail and alternatives? Read on. Background A little over a year ago, Metasploit primary development switched to Git as a source control platform and GitHub as our primary source hos
1 min Metasploit

Hacking like it's 1985: Rooting the Cisco Prime LAN Management Solution

On January 9th Cisco released advisory cisco-sa-20130109 [http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms] to address a vulnerability in the "rsh" service running on their Cisco Prime LAN Management Solution virtual appliance. The bug is as bad as it gets - anyone who can access the rsh service can execute commands as the root user account without authentication. The example below demonstrates how to exploit this flaw using Metasploit ( free download [
2 min Metasploit

Weekly Metasploit Update: Rails Scanning, ZDI, and Exploit Dev

Rails Injection Bug The big news this week turned out to be the new Rails injection bug, aka, CVE-2013-0156, which you can read about in detail over on HD Moore's blog post. Soon after the vulnerability was disclosed, @hdmoore [https://twitter.com/hdmoore] had a functional auxiliary scanner module [http://www.metasploit.com/modules/auxiliary/scanner/http/rails_xml_yaml_scanner] put together, so as of this moment, you're encouraged to scan the heck out of your environment, repeatedly, for vulner
4 min Metasploit

Serialization Mischief in Ruby Land (CVE-2013-0156)

This afternoon a particularly scary advisory [https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion] was posted to the Ruby on Rails (RoR) security discussion list. The summary is that the XML processor in RoR can be tricked into decoding the request as a YAML document or as a Ruby Symbol, both of which can expose the application to remote code execution or SQL injection. A gentleman by the name of Felix Wilhelm went into detail [http://www.insinuator.net/2013/01/r
4 min Penetration Testing

Free Metasploit Penetration Testing Lab in the Cloud

No matter whether you're taking your first steps with Metasploit or if you're already a pro, you need to practice, practice, practice your skillz. Setting up a penetration testing lab can be time-consuming and expensive (unless you have the hardware already), so I was very excited to learn about a new, free service called Hack A Server, which offers vulnerable machines for you to pwn in the cloud. The service only required that I download and launch a VPN configuration to connect to the vulnerab
3 min Metasploit

Using BackTrack 5 R3 with Metasploit Community or Metasploit Pro

Update: Kali Linux now superseded BackTrack as a platform. We strongly recommend using Kali Linux over BackTrack if you are going to run Metasploit. More info here [https://www.rapid7.com/blog/post/2013/03/13/metasploit-now-supports-kali-linux-the-evolution-of-backtrack/] . As of version 5 R3, BackTrack comes pre-installed with Metasploit 4.4, so it's now easier to use Metasploit Community Edition or Metasploit Pro on BackTrack. Here is how it's done: * After BackTrack boots, enter startx t
3 min Metasploit

How Metasploit's 3-Step Quality Assurance Process Gives You Peace Of Mind

Metasploit exploits undergo a rigorous 3-step quality assurance process so you have the peace of mind that exploits will work correctly and not affect production systems on your next assignment. Step 1: Rapid7 Code Review Many of the Metasploit exploits are contributed by Metasploit's community of over 175,000 users, making Metasploit the de-facto standard for exploit development. This is a unique ecosystem that benefits all members of the community because every Metasploit user is a “sensor
8 min Metasploit

New Metasploit Exploit: Crystal Reports Viewer CVE-2010-2590

In this blog post we would like to share some details about the exploit for CVE-2010-2590 [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2590], which we released in the last Metasploit update [/2012/12/19/weekly-metasploit-update]. This module exploits a heap-based buffer overflow, discovered by Dmitriy Pletnev, in the CrystalReports12.CrystalPrintControl.1 ActiveX control included in PrintControl.dll. This control is shipped with the Crystal Reports Viewer, as installed by default wi
2 min Metasploit

Weekly Metasploit Update: CrystalReports and Testing Discipline

Dissecting CrystalPrintControl This week's update is, by all accounts, pretty light. This may be the first update we've shipped that has exactly one new module.  To make up for the lack of quantity, though, we've got some quality for you, oh boy. If it's snowy and blustery where you live, grab yourself a cup of hot cocoa, gather the kids, and watch their little eyes twinkle in the firelight as you regale them with the classic fable of how Metasploit Exploitation Elf Juan @_juan_vazquez [https:
2 min Metasploit

Introduction to Metasploit Hooks

Metasploit provides many ways to simplify your life as a module developer. One of the less well-known of these is the presence of various hooks you can use for processing things at important stages of the module's lifetime. The basic one that anyone who has written an exploit will be familiar with is exploit, which is called when the user types the exploit command. That method is common to all exploit modules. Aux and post modules have an analogous run method. Common to all the runnable modules

8 min Metasploit

The Odd Couple: Metasploit and Antivirus Solutions

I hear a lot of questions concerning antivirus evasion with Metasploit, so I'd like to share some the information critical to understanding this problem. This blog post is not designed to give you surefire antivirus (AV) evasion techniques, but rather to help you understand the fundamentals of the issue. A Quick Glossary Before we begin, let's define a few terms. This will be important for understanding some of the things we will discuss. Payload: A payload is the actual code that is being del
3 min Metasploit

Weekly Metasploit Update: Exploit Dev How-to and InfoSec Targets

Metasploit 4.5 has been out for a few days, so it's high time for an update. Let's hop to it! 1000th Exploit: Freefloat FTP WMI I often hear the question, "How do I get started on writing exploits?" Well, I'd like to point you to Metasploit's 1000th exploit (future Hacker Jeopardy contestants, take note): On December 7, 2012, Wei "sinn3r" Chen and Juan Vazquez committed FreeFloat FTP Server Arbitrary File Upload [http://www.metasploit.com/modules/exploit/windows/ftp/freefloatftp_wbem]. Now, as

2 min Metasploit

Weekly Metasploit Update: OpenVAS, SAP, NetIQ, and More!

Now that I've consumed a significant percentage of my own weight in turkey (seriously, it was something like five percent), it's time to shake off the tryptophan and get this week's update out the door. Attacking Security Infrastructure: OpenVAS This week's update features three new module for bruteforcing three different OpenVAS authentication mechanisms, all provided by community contributor Vlatko @k0st [https://twitter.com/k0st] Kosturjak. OpenVAS is an open source security management stac
2 min Metasploit

Weekly Metasploit Update: Web Libs, SAP, ZDI, and More!

Fresh Web Libs As we head into the holiday season here in the U.S., Metasploit core developers Tasos @Zap0tek [https://twitter.com/Zap0tek] Laskos and James @Egyp7 [https://twitter.com/egyp7] Lee finished up a refresh of the Metasploit fork of the Anemone libraries, which is what we use for basic web spidering. You can read up on it here [http://anemone.rubyforge.org/]. The Metasploit fork isn't too far off of Chris Kite's mainline distribution, but does account for Metasploit's Rex sockets, ad
4 min Metasploit

Weekly Metasploit Update: WinRM x2, ADDP, RealPort, CI and BDD

WinRM, Part Two In the last Metasploit update blog post, we talked about the work from Metasploit core contributors @TheLightCosine [http://twitter.com/thelightcosine] , @mubix [http://twitter.com/mubix] and @_sinn3r [http://twitter.com/_sinn3r] on leveraging WinRM / WinRS. As of this update, Metasploit users can now execute WQL queries [http://www.metasploit.com/modules/auxiliary/scanner/winrm/winrm_wql], execute commands [http://www.metasploit.com/modules/auxiliary/scanner/winrm/winrm_cmd], an

Popular Topics

Tags