Posts tagged Metasploit

Weekly Update: Cooperative Disclosure and Assessing Joomla

Cooperative Disclosure I'm in attendance this year at Rapid7's UNITED Security Summit, and the conversations I'm finding myself in are tending to revolve around vulnerability disclosure. While Metasploit doesn't traffic in zero-day vulnerabilities every day, it happens often enough that we have a disclosure policy that we stick to when we get a hold of newly uncovered vulnerabilities. What's not talked about in that disclosure policy is the Metasploit exploit dev community's willingness to help

SecureNinjaTV Interview: Tod Beardsley About Metasploit 10th Anniversary

At Black Hat 2013 in Vegas this year, our very own Tod Beardsley was cornered by SecureNinja TV and social engineered into giving an interview. Here is the result - captured for eternity: [http://www.youtube.com/watch?v=yFHA5F2crFE&feature=youtu.be] Click here to download Metasploit Pro [https://www.rapid7.com/products/metasploit/download/]

Metasploit Design Contest: So Much Win!

You may recall that back in May, we announced a Metasploit design contest [/2013/05/03/metasploits-10th-anniversary-laptop-decal-design-competition] to commemorate 10 years of Metasploit -- and now, it's time to announce the (many) winners! Once again, the open source security community has blown me away with your creativity, dedication, and subversive humor. We had a total of 118 designs (most of which did not suck!) from 55 designers. Not bad for a nearly completely hashtag-driven contest! In

Good Exploits Never Die: Return of CVE-2012-1823

According to Parallels, "Plesk is the most widely used hosting control panel solution, providing everything needed for creating and offering rich hosting plans and managing customers and resellers, including an intuitive User Interface for setting up and managing websites, email, databases, and DNS." (source: Parallels [http://www.parallels.com/products/plesk/webhosters/]). On Jun 05 kingcope shocked Plesk world by announcing a new 0 day which could allow for remote command execution: Accordi

Metasploit Update: Those Sneaky IPMI Devices

IPMI, in my network? This week's update features a set of tools for auditing your IPMI infrastructure. "Phew, I'm glad I'm not one of those suckers," you might be thinking to yourself. Well, the thing about IPMI (aka, the Intelligent Platform Management Interface) is that it's just a skootch more esoteric than most protocols, and even experienced server administrators may not be aware of it. Do you use server hardware from IBM, Dell, or HP? Have you ever had to use IBM's Remote Supervisor adapte

A Penetration Tester's Guide to IPMI and BMCs

Introduction Dan Farmer is known for his groundbreaking work [http://fish2.com/security/] on security tools and processes. Over the last year, Dan has identified some serious security issues [http://fish2.com/ipmi/] with the Intelligent Platform Management Interface (IPMI) protocol and the Baseboard Management Controllers (BMCs) that speak it. This post goes into detail on how to identify and test for each of the issues that Dan identified, using a handful of free security tools.  If you are lo

Weekly Update: Fun with ZPanel, MoinMoin, and FreeBSD

Chaining Zpanel Exploits for Remote Root ZPanel is a fun, open source web hosting control panel, written in code auditors' favorite language, PHP. For bonus points, ZPanel likes to do some things as root, so it installs a nifty little setuid binary called 'zsudo' that does pretty much what you might expect from a utility of that name -- without authentication. In the wake of some harsh words on reddit and elsewhere in regard to the character of ZPanel's development team, the project came to the

From the Wild to Metasploit: Exploit for MoinMoin Wiki (CVE-2012-6081)

Recently we've added to Metasploit a module for CVE-2012-6081, [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6081] an arbitrary file upload vulnerability affecting to the version 1.9.5 (patched!) of the MoinMoin [http://moinmo.in/] Wiki software. In this blog entry we would like to share both the vulnerability details and how this one was converted in RCE (exploited in the wild!) because the exploitation is quite interesting, where several details must have into account to successful e

Weekly Update: Smaller is Better

In this week's episode, the role of Tod Beardsley will be played by egypt. Smaller is better Perhaps the most prominent addition to the framework this week is not an addition at all, but rather a deletion. We've been working toward a slimmer, more manageable source tree for a while now, and as part of that effort, we recently removed a pile of old-and-busted unit tests. This update goes a bit further, moving source code for some compiled payloads into seperate repositories. Metasploit's version

Weekly Update: The Nginx Exploit and Continuous Testing

Nginx Exploit for CVE-2013-2028 The most exciting element of this week's update is the new exploit for Nginx which exercises the vulnerability described by CVE-2013-2028 [http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html]. The Metasploit module was written by Metasploit community contributors hal and saelo, and exploits Greg McManus's bug across a bunch of versions on a few pre-compiled Linux targets. We don't often come across remote, server-side stack buffer overflows in popul

Weekly Update: 4.6.1, ColdFusion Exploit, and SVN Lockdown

Metasploit 4.6.1 Released This week's update bumps the patch version of Metasploit to 4.6.1 (for installed versions of Metasploit). The major change here is the ability to install Metasploit on Windows 8 and Windows Server 2012. That meant we had to fiddle with the installer and a few of Metasploit Pro's dependencies to get that all working correctly, and that led to skipping last week's release so we could be sure all the moving parts lined up correctly. This release also fixes a few minor iss

Git Clone Metasploit; Don't SVN Checkout

TL;DR: Please stop using SVN with svn co https://www.metasploit.com/svn/framework3/trunk and start using the GitHub repo with git clone git://github.com/rapid7/metasploit-framework As of today, a few of you may notice that an attempt to update Metasploit Framework over SVN (instead of git or msfupdate) results in an authentication request. If you try to SVN checkout on Windows, using TortoiseSVN, you will see a pop up much like this: For command line people, if you try to 'svn co' or 'svn

New 1day Exploits: Mutiny Vulnerabilities

Metasploit's 10th Anniversary: Laptop Decal Design Competition

When I wrote up the Metasploit Hits 1000 Exploits post back in December, I had to perform a little open source forensic work to get something resembling an accurate history of the Metasploit project -- after all, it's difficult for me to remember a time on the Internet without Metasploit. I traced the first mention of 1.0 back to this mailing list post [http://marc.info/?l=pen-test&m=106548308908767&w=2] in 2003. You know what that means, right? This year marks the 10th year of the Metasploit Fr

How To Do Internal Security Audits Remotely To Reduce Travel Costs

An internal penetration tests simulates an attack on the network from inside the network. It typically simulates a rogue employee with user-level credentials or a person with physical access to the network, such as cleaning staff, trying to access resources on the network they're not authorized for. Internal penetration tests typically require the auditor to be physically present in the location. If you are working as a consultant, then conducting internal penetration tests can mean a lot of