2 min
Metasploit
More Fun with BSD-derived Telnet Daemons
In my last post [/2011/12/28/bsd-telnet-daemon-encrypt-key-id-overflow], I
discussed the recent BSD telnetd vulnerability and demonstrated the scanner
module added to the Metasploit Framework. Since then, two new exploit modules
have been released; one for FreeBSD versions 5.3 - 8.2
[https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/freebsd/telnet/telnet_encrypt_keyid.rb]
and another for Red Hat Enterprise Linux 3
[https://github.com/rapid7/metasploit-framework/blob/ma
3 min
Metasploit
Fun with BSD-derived Telnet Daemons
On December 23rd, the FreeBSD security team published an advisory
[http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc] stating
that a previously unknown vulnerability in the Telnet daemon was being exploited
in the wild and that a patch had been issued. This vulnerability was interesting
for three major reasons:
1. The code in question may be over 20 years old and affects most BSD-derived
telnetd services
2. The overflow occurs in a structure with a function pointer store
2 min
Metasploit
Metasploit Updated: Trivial Access to TFTP
The Metasploit Update is out, and it's a little smaller than you might expect.
We've recently rejiggered our development to QA to release workflow here at
Rapid7, and that means that this week, we cut the release a couple days earlier
than usual in order to ensure the work flow all makes sense and that the
releases get the post-commit QA attention that they deserve. The end result is
that we'll have a pretty light release this week (due to the shortened
development cycle), but going forward, wee
3 min
Metasploit
Installing Metasploit Community Edition on BackTrack 5 R1
Update: I just published a new blog post for using Metasploit on BackTrack 5 R2
[https://www.rapid7.com/blog/post/2012/05/30/install-metasploit-on-backtrack/].
BackTrack 5 R1 comes pre-installed with Metasploit Framework 4.0. Unfortunately,
Metasploit Community, which brings a great new Web UI and other functionality,
was introduced in version 4.1, so it's not included by default. Updating
Metasploit Framework using the msfupdate command will not install the Web UI. In
addition, BT5 only makes
2 min
Metasploit
Metasploit Framework Updated: What's your Favorite Resource Script?
Sample Resource Scripts
About a week ago, munky9001 posted on Reddit the headline, DB_Autopwn
Deprecated! About time [http://redd.it/mzfp2]. Shortly after, HD wrote up a blog
post, Six Ways to Automate Metasploit
[/2011/12/08/six-ways-to-automate-metasploit], with the moral of the story
being, "don't cry for db_autopwn, there are already much better methods to get
your automated pwnage on." Of these, the easiest and most straightforward way to
automate things is to write a resource script.
Thi
2 min
Release Notes
Metasploit Framework Updated: FastLib and More
Metasploit development moves fast. Blindingly fast, fueled by tons of open
source contributors -- which is one of the reasons why we moved away from our
tried and true SVN repository and on to GitHub. Now that we're on a more modern,
more social development platform, we have all new ways to get overwhelmed with
the pace of change on the Framework, especially since contributor code is that
much easier to integrate now. So, in order to ensure that the more notable
week-over-week changes get their
4 min
Metasploit
Six Ways to Automate Metasploit
Onward
Over the last few weeks the Metasploit team at Rapid7 has engaged in an overhaul
of our development process. Our primary goals were to accelerate community
collaboration and better define the scopes of our open source projects. The
first step was to migrate all open source development to GitHub. This has
resulted in a flood of contributors and lots of greatnew features and content.
One controversial change involved removing old, buggy automation tools that
simply didn't meet the quality
8 min
Metasploit
Recon, Wireless, and Password Cracking
The Metasploit Framework continues to grow and expand with the support of the
community. There have been many new features added to the Metasploit Framework
over the past month. I am very excited to be able to share some of these new
developments with you.
Mubix's Recon Modules
Mubix's post-exploitation modules form his Derbycon talk are now in the
repository. The resolve_hostname module, originally called 'Dig', will take a
given hostname and resolve the IP address for that host from the windo
1 min
Metasploit
Adding Custom Wordlists in Metasploit for Brute Force Password Audits
In any penetration test that involves brute forcing passwords, you may want to
increase your chances of a successful password audit by adding custom wordlists
specific to the organization that hired you. Some examples:
* If you are security testing a hospital, you may want to add a dictionary with
medical terms.
* If you're testing a German organization, users are likely to use German
passwords, so you should add a German wordlist.
* Another good idea is to build a custom wordlist b
0 min
Metasploit
Metasploit and PTES
One of our Metasploit contributers, Brandon Perry
[http://twitter.com/#%21/brandonprry], has put together a document detailing the
recently released Penetration Testing Execution Standard
[http://www.pentest-standard.org/index.php/Main_Page](PTES) with the modules and
functionality in the Framework. PTES is a push from a group of testers fed up
with the lack of guidance and the disparate sources of basic penetration testing
information. Brandon's document does a great job detailing disparate par
3 min
Release Notes
Exploit for critical Java vulnerability added to Metasploit
@_sinn3r [http://twitter.com/_sinn3r] and Juan Vasquez
[https://twitter.com/#!/_juan_vazquez_] recently released a module which
exploits the Java vulnerability detailed here
[http://schierlm.users.sourceforge.net/CVE-2011-3544.html] by mihi and by Brian
Krebs here
[http://krebsonsecurity.com/2011/11/new-java-attack-rolled-into-exploit-kits].
This is a big one. To quote Krebs: "A new exploit that takes advantage of a
recently-patched critical security flaw in Java is making the rounds in the
cri
2 min
Metasploit
Three Great New Metasploit Books
I've seen three great Metasploit books published lately. The one that most
people are probably already familiar with is Metasploit: The Penetration
Tester's Guide by David Kennedy, Jim O'Gorman, Devon Kearns and Mati Aharoni.
The book is very comprehensive, and packed full of great advice. David Kennedy
is Chief Information Security Officer at Diebold Incorporated and creator of the
Social-Engineer Toolkit (SET), Fast-Track, and other open source tools, so he
really knows his stuff. By the way,
0 min
Metasploit
Metasploit Framework Featured on CNN: Phishing Made Simple
While browsing security related articles at CNN, I noticed this video of Eric
Fiterman demonstrating a phishing attack and some post exploitation techniques
with Metasploit Framework.
Video courtesy of:
2 min
Metasploit
PCI DIY: How to do an internal penetration test to satisfy PCI DSS requirement 11.3
If you're accepting or processing credit cards and are therefore subject to PCI
DSS, you'll likely be familiar with requirement 11.3, which demands that you
"perform penetration testing at least once a year, and after any significant
infrastructure or application upgrade or modification". What most companies
don't know is that you don't have to hire an external penetration testing
consultant - you can carry out the penetration test internally, providing you
follow some simple rules:
* Sufficie
3 min
Nexpose
Introducing Metasploit Community Edition!
The two-year anniversary of the Metasploit acquisition is coming up this week.
Over the last two years we added a ridiculous amount of new code to the open
source project, shipped dozens of new releases, and launched two commercial
products. We could not have done this without the full support of the security
community. In return, we wanted to share some of our commercial work with the
security community at large.
As of version 4.1 [http://www.metasploit.com/], we now include the Metasploit