Posts tagged Metasploit

2 min Metasploit

Metasploit Now Supports Kali Linux, the Evolution of BackTrack

Today, our friends at Offensive Security announced Kali Linux [http://www.kali.org/offensive-security-introduces-kali-linux/], which is based on the philosophy of an offensive approach to security. While defensive solutions are important to protect your network, it is critical to step into the shoes of an attacker to see if they're working. Kali Linux is a security auditing toolkit that enables you just that: test the security of your network defenses before others do. Kali is a free, open sour
3 min Metasploit

Weekly Update: Splitting DNS Modules and a D-Link Auth Bypass

DNS Module Split up This week, we appear to have a whole bunch of new DNS-based enumeration and information gathering modules. In fact, this was actually more of a housekeeping chore, largely by longtime Metasploit contributor Carlos @darkoperator Perez. Darkoperator wrote most of the original enum_dns module as well. enum_dns became a bit of a junk drawer of DNS functionality -- it did a whole bunch of everything for DNS. So, instead of just tacking on more and more over time, it's been split

2 min Metasploit

Weekly Update: Corelan, MSFTidy, and UNC Path Injection

28 Hours Later This week, much of the Metasploit Framework and Metasploit Pro teams here at Rapid7 had the opportunity to get some intense, in-person training on exploit development from long-time Metapsloit contributor, Peter corelanc0d3r [https://twitter.com/corelanc0d3r] Van Eeckhoutte and local Corelan Teammates @_sinn3r [https://twitter.com/_sinn3r] and TheLightCosine [https://twitter.com/thelightcosine]. I'm the first to admit that my memory corruption skills are pretty light (I hang arou
3 min Metasploit

How to Verify that the Payload Can Connect Back to Metasploit on a NATed Network

If you are running an external penetration test and are working from a NATed network behind a wireless router, for example from home, you will need to adjust your router's port forwarding settings so the payload can connect back to Metasploit. The best option would be to eliminate the router and connect directly to the Internet, but that would make me unpopular with the other folks sharing the Internet connection, so it wasn't an option in my case. Setting up the port forwarding is not too diffi
3 min Metasploit

Security Flaws in Universal Plug and Play: Unplug, Don't Play

This morning we released a whitepaper entitled Security Flaws in Universal Plug and Play [https://information.rapid7.com/rs/411-NAK-970/images/SecurityFlawsUPnP%20%281%29.pdf] . This paper is the result of a research project spanning the second half of 2012 that measured the global exposure of UPnP-enabled network devices. The results were shocking to the say the least. Over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet. Somewhere between 40 a
3 min Metasploit

The Forgotten Spying Feature: Metasploit's Mic Recording Command

About two years ago, Metasploit implemented [https://github.com/rapid7/metasploit-framework/commit/2e72926638b0fb972a26b2c1a3b040cf4cc224f2] the microphone recording feature to stdapi thanks to Matthew Weeks [https://twitter.com/scriptjunkie1].  And then almost a year ago, we actually lost that command [https://github.com/rapid7/metasploit-framework/commit/42719ab34bb9ca51d2cd623777662fc2253857f1] due to a typo.  We, and apparently everyone else, never noticed that until I was looking at th
5 min Product Updates

Update to the Metasploit Updates and msfupdate

The Short Story In order to use the binary installer's msfupdate, you need to first register your Metasploit installation. In nearly all cases, this means visiting https://localhost:3790 [https://localhost:3790/] and filling out the form. No money, no dense acceptable use policy, just register and go. Want more detail and alternatives? Read on. Background A little over a year ago, Metasploit primary development switched to Git as a source control platform and GitHub as our primary source hos
1 min Metasploit

Hacking like it's 1985: Rooting the Cisco Prime LAN Management Solution

On January 9th Cisco released advisory cisco-sa-20130109 [http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms] to address a vulnerability in the "rsh" service running on their Cisco Prime LAN Management Solution virtual appliance. The bug is as bad as it gets - anyone who can access the rsh service can execute commands as the root user account without authentication. The example below demonstrates how to exploit this flaw using Metasploit ( free download [
2 min Metasploit

Weekly Metasploit Update: Rails Scanning, ZDI, and Exploit Dev

Rails Injection Bug The big news this week turned out to be the new Rails injection bug, aka, CVE-2013-0156, which you can read about in detail over on HD Moore's blog post. Soon after the vulnerability was disclosed, @hdmoore [https://twitter.com/hdmoore] had a functional auxiliary scanner module [http://www.metasploit.com/modules/auxiliary/scanner/http/rails_xml_yaml_scanner] put together, so as of this moment, you're encouraged to scan the heck out of your environment, repeatedly, for vulner
4 min Metasploit

Serialization Mischief in Ruby Land (CVE-2013-0156)

This afternoon a particularly scary advisory [https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion] was posted to the Ruby on Rails (RoR) security discussion list. The summary is that the XML processor in RoR can be tricked into decoding the request as a YAML document or as a Ruby Symbol, both of which can expose the application to remote code execution or SQL injection. A gentleman by the name of Felix Wilhelm went into detail [http://www.insinuator.net/2013/01/r
4 min Penetration Testing

Free Metasploit Penetration Testing Lab in the Cloud

No matter whether you're taking your first steps with Metasploit or if you're already a pro, you need to practice, practice, practice your skillz. Setting up a penetration testing lab can be time-consuming and expensive (unless you have the hardware already), so I was very excited to learn about a new, free service called Hack A Server, which offers vulnerable machines for you to pwn in the cloud. The service only required that I download and launch a VPN configuration to connect to the vulnerab
3 min Metasploit

Using BackTrack 5 R3 with Metasploit Community or Metasploit Pro

Update: Kali Linux now superseded BackTrack as a platform. We strongly recommend using Kali Linux over BackTrack if you are going to run Metasploit. More info here [https://www.rapid7.com/blog/post/2013/03/13/metasploit-now-supports-kali-linux-the-evolution-of-backtrack/] . As of version 5 R3, BackTrack comes pre-installed with Metasploit 4.4, so it's now easier to use Metasploit Community Edition or Metasploit Pro on BackTrack. Here is how it's done: * After BackTrack boots, enter startx t
2 min Metasploit

How Metasploit's 3-Step Quality Assurance Process Gives You Peace Of Mind

Metasploit exploits undergo a rigorous 3-step quality assurance process so you have the peace of mind that exploits will work correctly and not affect production systems on your next assignment. Step 1: Rapid7 Code Review Many of the Metasploit exploits are contributed by Metasploit's community of over 175,000 users, making Metasploit the de-facto standard for exploit development. This is a unique ecosystem that benefits all members of the community because every Metasploit user is a “sensor”

8 min Metasploit

New Metasploit Exploit: Crystal Reports Viewer CVE-2010-2590

In this blog post we would like to share some details about the exploit for CVE-2010-2590 [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2590], which we released in the last Metasploit update [/2012/12/19/weekly-metasploit-update]. This module exploits a heap-based buffer overflow, discovered by Dmitriy Pletnev, in the CrystalReports12.CrystalPrintControl.1 ActiveX control included in PrintControl.dll. This control is shipped with the Crystal Reports Viewer, as installed by default wi
2 min Metasploit

Weekly Metasploit Update: CrystalReports and Testing Discipline

Dissecting CrystalPrintControl This week's update is, by all accounts, pretty light. This may be the first update we've shipped that has exactly one new module.  To make up for the lack of quantity, though, we've got some quality for you, oh boy. If it's snowy and blustery where you live, grab yourself a cup of hot cocoa, gather the kids, and watch their little eyes twinkle in the firelight as you regale them with the classic fable of how Metasploit Exploitation Elf Juan @_juan_vazquez [https:

Popular Topics

Tags