3 min
Networking
Weekly Metasploit Update: SAP, MSSQL, DNS, and More!
Zone Transfers for All
This week, Metasploit community contributor bonsaiviking
[https://github.com/bonsaiviking] fixed up the DNS library that Metasploit uses
so we won't choke on some types of zone transfer responses. Turns out, this is a
two-year old bug, but DNS servers that actually offer zone transfers are so rare
any more that this this bug didn't manifest enough to get squashed.
This brings me to a larger point -- with older vulnerabilities like these,
sometimes the hardest part for us
3 min
Metasploit
Mobile Pwning: Using Metasploit on iOS
Have you ever wanted to run an exploit but found yourself away from your desk?
Wouldn't it be awesome if you could launch a full version of the Metasploit
Framework from your phone or tablet? As you might have guessed, now you can.
With an adventurous spirit and a few commands, you can be running the Metasploit
Framework on your iPad or iPhone in just a few short minutes.
Warning: To install Metasploit, you'll need root access to your device – which
is accomplished by following your favorite ja
3 min
Metasploit
Weekly Metasploit Update: Trusted Path Switcheroo, Stack Cookie Bypass, and More!
Another week, another fifteen new modules for Metasploit. I continue to be
amazed by the productivity of our open source exploit developer community.
Thanks so much for your hard work and effort, folks!
New Module for Trusted Path Switcheroo
As I was going over this week's new modules, one that jumped out at me was Wei
"sinn3r" Chen's implementation of a general Trusted Path insertion attack,
Windows Service Trusted Path Privilege Escalation
[http://www.metasploit.com/modules/exploit/windows/l
4 min
Product Updates
Weekly Metasploit Update: Two Dozen New Modules
The Vegas and vacation season is behind us, so it's time to release our first
post-4.4.0 update. Here we go!
Exploit Tsunami
A few factors conspired to make this update more module-heavy than usual. We
released Metasploit 4.4 in mid-July. Historically, a dot version release of
Metasploit means that we spend a little post-release time closing out bugs,
performing some internal housekeeping that we'd been putting off, and other
boring software engineering tasks. Right after this exercise, it was
3 min
Metasploit
Weekly Metasploit Update: RATs, WPAD, and More!
Just a quick update this week for some new Metasploit modules. We're holding off
on the usual Framework and Pro enhancements as we button up the next point
release for Metasploit Pro, Express, and Community Editions. That said, we do
have a few neat new modules that I wanted to hilight, so let's take a look.
Hacking the Hackers
This week's haul includes something a little unusual -- an exploit for Poison
Ivy, a blackhat-favored Remote Administration Tool (RAT). Community contributor
Gal Badishi
2 min
Metasploit
Weekly Metasploit Update: Sniffing with Meterpreter, Egg Hunting, and More!
This week's udpate has seven new modules, a much-anticipated Meterpreter
enhancement, and more, so let's jump into it.
Egg Hunting and Stack Smashing
This week's update features a spiffy new module for HP Data Protector from Juan
Vazquez and Wei 'sinn3r' Chen. It uises an egg hunting technique to reconstruct
the exploit's payload -- and both Wei and Juan have a detailed blog posts in the
works that go into detail on the whys and wherefores of egghunter shellcode and
troubleshooting payload de
24 min
Metasploit
Metasploit Exploit Development - The Series Part 1.
So you wanna be a Metasploit [https://www.exploit-db.com/?author=3211] exploit
[https://www.exploit-db.com/?author=3211] developer huh?
Well you are in luck because I have been working on an an "in-depth" exploit
development tutorial series that takes users behind the scenes on the process
of exploit development and metasploit module creation. This series has been
specifically designed with you "the community" in mind. It will cover step by
step detail and explanation. This post is meant to be
3 min
Exploits
Press F5 for root shell
As HD mentioned [/2012/06/11/scanning-for-vulnerable-f5-bigips-with-metasploit],
F5 has been inadvertently shipping a static ssh key that can be used to
authenticate as root on many of their BigIP devices. Shortly after the advisory,
an anonymous contributor hooked us up with the private key.
Getting down to business, here it is in action:
18:42:35 0 exploit(f5_bigip_known_privkey) > exploit
[ ] Successful login
[*] Found shell.
[*] Command shell session 3 opened ([redacted]
2 min
Metasploit
Creating a PCI 11.3 Penetration Testing Report in Metasploit
PCI DSS Requirement 11.3 requires that you "perform penetration testing at least
once a year, and after any significant infrastructure or application upgrade or
modification". You can either conduct this PCI penetration test in-house
[/2011/10/20/pci-diy-how-to-do-an-internal-pentest-to-satisfy-pci-dss-requirement-113]
or hire a third-party security assessment. Metasploit Pro offers a PCI reporting
template, which helps you in both of those cases. If you are conducting the
penetration test in
3 min
Metasploit
New Critical Microsoft IE Zero-Day Exploits in Metasploit
We've been noticing a lot of exploit activities against Microsoft
vulnerabilities lately. We decided to look into some of these attacks, and
released two modules for CVE-2012-1889
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1889] and CVE-2012-1875
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1875] within a week of
the vulnerabilities' publication for our users to test their systems. Please
note that both are very important to any organization using Windows, because one
of
3 min
Metasploit
Weekly Metasploit Update: Encrypted Java Meterpreter, MS98-004, and New Modules!
When it rains, it pours. We released Metasploitable Version 2
[/2012/06/13/introducing-metasploitable-2] , published a technique for scanning
vulnerable F5 gear
[/2012/06/11/scanning-for-vulnerable-f5-bigips-with-metasploit] , and put out a
module to exploit MySQL's tragically comic authentication bypass problem
[/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql], all in
addition to cooking up this week's update. So, kind of a busy week around here.
You're welcome. (:
Encryp
1 min
Metasploit
Introducing Metasploitable 2!
Some folks may already be aware of Metasploitable, an intentionally vulnerable
virtual machine designed for training, exploit testing, and general target
practice. Unlike other vulnerable virtual machines, Metasploitable focuses on
vulnerabilities at the operating system and network services layer instead of
custom, vulnerable applications. I am happy to announce the release of
Metasploitable 2, an even better punching bag for security tools like Metasploit
[http://metasploit.com/downloads/], an
4 min
Metasploit
How to Create Custom Reports in Metasploit
Metasploit Pro has a powerful reporting engine with many standard reports but
also great ways to build your own reports. Custom reports can help you if in a
couple of different ways:
* Add your logo and corporate design to reports
* Change the way reports display the information
* Translate a reporting template to your local language
* Create new reports for regional compliance needs
A custom report is a report that you use template to generate. You can generate
a custom report with a te
2 min
Metasploit
Scanning for Vulnerable F5 BigIPs with Metasploit
This morning Matta Consulting posted an advisory
[https://www.trustmatta.com/advisories/MATTA-2012-002.txt] for the F5 BigIP
equipment. The advisory states that certain BigIP devices contain a SSH private
key on its filesystem that is trusted for remote root access on every other
BigIP appliance. Although Matta did not provide the private key, they did
provide the public key itself:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAvIhC5skTzxyHif/7iy3yhxuK6/OB13hjPqrskogkYFrcW8OK4VJ T+5+Fx7wd4sQCnVn8rNqahw/x
5 min
Metasploit
Weekly Metasploit Update: Citrix Opcodes, Hash Collisions, and More!
This week's update has a nice new asymmetric DoS condition module, a bunch of
churn in Metasploit's Rails components, and some new Citrix attacks, so let's
get right into it.
Fuzzing for Citrix Opcodes
This week's update includes three new exploits for Citrix Provisioning Services,
the solution by Citrix "to stream a single desktop image to create multiple
virtual desktops on one or more servers in a data center" (vendor quote
[https://docs.citrix.com/en-us/categories/legacy-archive]). These mo