24 min
Metasploit
Metasploit Exploit Development - The Series Part 1.
So you wanna be a Metasploit [https://www.exploit-db.com/?author=3211] exploit
[https://www.exploit-db.com/?author=3211] developer huh?
Well you are in luck because I have been working on an an "in-depth" exploit
development tutorial series that takes users behind the scenes on the process
of exploit development and metasploit module creation. This series has been
specifically designed with you "the community" in mind. It will cover step by
step detail and explanation. This post is meant to be
3 min
Exploits
Press F5 for root shell
As HD mentioned [/2012/06/11/scanning-for-vulnerable-f5-bigips-with-metasploit],
F5 has been inadvertently shipping a static ssh key that can be used to
authenticate as root on many of their BigIP devices. Shortly after the advisory,
an anonymous contributor hooked us up with the private key.
Getting down to business, here it is in action:
18:42:35 0 exploit(f5_bigip_known_privkey) > exploit
[ ] Successful login
[*] Found shell.
[*] Command shell session 3 opened ([redacted]
2 min
Metasploit
Creating a PCI 11.3 Penetration Testing Report in Metasploit
PCI DSS Requirement 11.3 requires that you "perform penetration testing at least
once a year, and after any significant infrastructure or application upgrade or
modification". You can either conduct this PCI penetration test in-house
[/2011/10/20/pci-diy-how-to-do-an-internal-pentest-to-satisfy-pci-dss-requirement-113]
or hire a third-party security assessment. Metasploit Pro offers a PCI reporting
template, which helps you in both of those cases. If you are conducting the
penetration test in
3 min
Metasploit
New Critical Microsoft IE Zero-Day Exploits in Metasploit
We've been noticing a lot of exploit activities against Microsoft
vulnerabilities lately. We decided to look into some of these attacks, and
released two modules for CVE-2012-1889
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1889] and CVE-2012-1875
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1875] within a week of
the vulnerabilities' publication for our users to test their systems. Please
note that both are very important to any organization using Windows, because one
of
3 min
Metasploit
Weekly Metasploit Update: Encrypted Java Meterpreter, MS98-004, and New Modules!
When it rains, it pours. We released Metasploitable Version 2
[/2012/06/13/introducing-metasploitable-2] , published a technique for scanning
vulnerable F5 gear
[/2012/06/11/scanning-for-vulnerable-f5-bigips-with-metasploit] , and put out a
module to exploit MySQL's tragically comic authentication bypass problem
[/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql], all in
addition to cooking up this week's update. So, kind of a busy week around here.
You're welcome. (:
Encryp
1 min
Metasploit
Introducing Metasploitable 2!
Some folks may already be aware of Metasploitable, an intentionally vulnerable
virtual machine designed for training, exploit testing, and general target
practice. Unlike other vulnerable virtual machines, Metasploitable focuses on
vulnerabilities at the operating system and network services layer instead of
custom, vulnerable applications. I am happy to announce the release of
Metasploitable 2, an even better punching bag for security tools like Metasploit
[http://metasploit.com/downloads/], an
4 min
Metasploit
How to Create Custom Reports in Metasploit
Metasploit Pro has a powerful reporting engine with many standard reports but
also great ways to build your own reports. Custom reports can help you if in a
couple of different ways:
* Add your logo and corporate design to reports
* Change the way reports display the information
* Translate a reporting template to your local language
* Create new reports for regional compliance needs
A custom report is a report that you use template to generate. You can generate
a custom report with a te
2 min
Metasploit
Scanning for Vulnerable F5 BigIPs with Metasploit
This morning Matta Consulting posted an advisory
[https://www.trustmatta.com/advisories/MATTA-2012-002.txt] for the F5 BigIP
equipment. The advisory states that certain BigIP devices contain a SSH private
key on its filesystem that is trusted for remote root access on every other
BigIP appliance. Although Matta did not provide the private key, they did
provide the public key itself:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAvIhC5skTzxyHif/7iy3yhxuK6/OB13hjPqrskogkYFrcW8OK4VJ T+5+Fx7wd4sQCnVn8rNqahw/x
5 min
Metasploit
Weekly Metasploit Update: Citrix Opcodes, Hash Collisions, and More!
This week's update has a nice new asymmetric DoS condition module, a bunch of
churn in Metasploit's Rails components, and some new Citrix attacks, so let's
get right into it.
Fuzzing for Citrix Opcodes
This week's update includes three new exploits for Citrix Provisioning Services,
the solution by Citrix "to stream a single desktop image to create multiple
virtual desktops on one or more servers in a data center" (vendor quote
[https://docs.citrix.com/en-us/categories/legacy-archive]). These mo
2 min
Metasploit
Webcast: Don't Pick the Lock, Steal the Key - Password Auditing With Metasploit
David Maloney's webcast for for network administrators and security engineers is
now available online. David discusses weaknesses in password-based
authentication on clients and servers and how to audit these as part of a
regular security program.
What you'll learn in this webcast
* Password storage systems and password obfuscation
* Strengths and weaknesses of the various approaches
* Real-life examples of badly implemented password authentication mechanisms
* How to audit passwords on
4 min
Metasploit
Can't Exploit Machines? A Metasploit Troubleshooting How To
It can be very frustrating to try exploiting machines and not succeeding,
especially if your vulnerability report is showing a lot of vulnerabilities on
the hosts you are trying to exploit. This is usually due to one of the following
reasons:
1. Not all reported vulnerabilities are exploitable. It may be because a
firewall or IPS/IDS is successfully stopping the attack, or simply because
your vulnerability scanner reported a false positive.
2. Your Metasploit machine or network connec
2 min
Metasploit
Weekly Metasploit Update: Dev Docs and More!
This week in the U.S. is the unofficial start of summer, so that probably
explains why it's been a bit of a slow week in the Metasploit community,
hacking-wise. We have a few new modules
[http://www.rapid7.com/downloads/metasploit.jsp] for this week's update, but in
addition to those, I'd like to mention a few new resources we've put together
for the Metasploit development community.
Docs and Videos
Over the last few weeks, we've been working up some more comprehensive
documentation on how to g
3 min
Metasploit
Using BackTrack 5 R2 with Metasploit Community or Metasploit Pro
As of version 5 R2, BackTrack comes pre-installed with Metasploit 4.1.4, so it's
now easier to use Metasploit Community Edition or Metasploit Pro on BackTrack.
Here is how it's done:
* After BackTrack boots, enter startx to get into the UI.
* Install BackTrack in a virtual machine using the Install BackTrack icon in
the top left corner. This is recommended so that Metasploit remembers its
product key; otherwise, you would have to register Metasploit each time.
* Log in with user root,
4 min
Exploits
My First Week at Metasploit
Hi all. I would like to take a minute to share some of my feelings about my
first week here as a full-time Metasploit exploit developer, and share some
exploit modules.
First of all, I would like to thank everyone on the the Metasploit team for
being so nice to me from the first week, and for helping me with anything I
need. They are definitely going easy on me during my first days! Their support
allowed me to build two exploits for the team during my first week here:
* batic_svg_java exploit
4 min
Metasploit
Top 10 Most Searched Metasploit Exploit and Auxiliary Modules
At Rapid7, we often get asked what the top 10 Metasploit modules are. This is a
hard question to answer: What does "top" mean anyway? Is it a personal opinion,
or what is being used in the industry? Because many Metasploit users work in
highly sensitive environments, and because we respect our users' privacy, the
product doesn't report any usage reports back to us.
We may have found a way to answer your questions: We looked at our
metasploit.com web server stats, specifically the Metasploit A