3 min
Metasploit
New Metasploit Swag Store Is Online
You may remember the awesome Metasploit T-shirt contest we ran in April of last
year [/2011/04/13/who-will-you-be-wearing-vote-for-the-new-metasploit-t-shirt].
We received a ton of submissions at the time and selected a winning T-shirt,
designed by Danny Chrastil.
It was a long and arduous journey for us to get the T-shirts printed and to get
the back-end systems up and running for the Metasploit Swag Store
[http://www.metasploit.com/wear-swag/]...but it's finally here. Yes, you'll
notice tha
2 min
Metasploit
Weekly Metasploit Update: Wmap, Console Search, and More!
In addition to the nuclear-powered exploit, we've got a new slew of updates,
fixes and modules this week for Metasploit, so let's jump right into the
highlights for this update.
Updated WMAP Plugin
Longtime community contributor Efrain Torres provided a much-anticipated update
to the Wmap plugin. Wmap automates up a bunch of web-based Metasploit modules
via the Metasploit console, from HTTP version scanning to file path bruteforcing
to blind SQL injection testing. If you're not already familiar
2 min
Metasploit
Weekly Metasploit Update: POSIX Meterpreter and New Exploits
This is a pretty modest update, since it's the first after our successful 4.2
release [https://www.rapid7.com/products/metasploit/download/] last week. Now
that 4.2 is out the door, we've been picking up on core framework development,
and of course, have a few new modules shipping out.
Meterpreter Updates
James "egyp7" Lee and community contributor mm__ have been banging on the POSIX
side of Meterpreter development this week, and have a couple of significant
enhancements to Linux Meterpreter. T
1 min
Metasploit
Free Microsoft Virtual Machines for Testing
I am often asked how security professionals and students can safely test
security software. My usual response is, they should create a virtual lab with
diverse operating systems for testing. The problem that many encounter is they
don't have licenses available to install the operating systems.
During my creating and testing the Metasploit Javascript Keylogger
[/2012/02/21/metasploit-javascript-keylogger], I came across free virtual
machines from Microsoft that are sure to be useful to securit
2 min
Metasploit
Metasploit 4.2 Released: IPv6, VMware, and Tons of Modules!
Since our last release in October, we've added 54 new exploits, 66 new auxiliary
modules, 43 new post-exploitation modules, and 18 new payloads -- that clocks in
at just about 1.5 new modules per day since version 4.1. Clearly, this kind of
volume is way too much to detail in a single update blog post.
IPv6 Coverage
Metasploit 4.2 now ships with thirteen brand new payloads, all added to support
opening command sessions and shells on IPv6 networks. In addition, Metasploit's
existing arsenal of p
3 min
Metasploit
The Art of Keylogging with Metasploit & Javascript
Rarely does a week go by without a friend or family member getting their login
credentials compromised, then reused for malicious purposes. My wife is always
on the lookout on Facebook, warning relatives and friends to change their
passwords. Many people don't understand how their credentials get compromised.
Password reuse on several websites is usually the culprit. Password reuse is a
problem even if the website encrypts the passwords in their databases. An
attacker only needs to insert some
2 min
Metasploit
Weekly Metasploit Update: All Your Auth Are Belong To Us
This week, with RSA 2012 fast approaching and the final touches on Metasploit
version 4.2 getting nailed down, we've been in a code freeze for core Metasploit
functionality. However, that doesn't apply to the parade of modules, so here's
what's in store for the next -- and quite likely last -- update for Metasploit
4.1 [http://www.metasploit.com/download/].
Authentication Credential Gathering and Testing
Jon Hart (of Nexpose [http://www.rapid7.com/vulnerability-scanner.jsp] fame) has
been on fi
2 min
Metasploit
Getting The Most Out of Metasploit: Pentesting, Password Auditing, and Vulnerability Validation
When we talk to Metasploit users, they usually use it for either penetration
testing, password auditing or vulnerability validation, but few use it for more
than one of these purposes. By leveraging your investment in Metasploit, you can
triple-dip at the same price - no extra licenses needed.
Penetration Testing
With penetration testing, you can identify issues in your security
infrastructure that could lead to a data breach. Weaknesses you can identify
include exploitable vulnerabilities, we
2 min
Metasploit
Weekly Metasploit Update: New Payloads, New Modules, and PCAnywhere, Anywhere
PCAnywhere, Anywhere
The big news this week centered around Symantec's pcAnywhere. For starters,
there's a new ZDI advisory
[http://www.zerodayinitiative.com/advisories/ZDI-12-018/] for a buffer overflow
in the username field. More notably, though, was the advice in a Symantec white
paper which advises customers to "disable or remove Access Server and use remote
sessions via secure VPN tunnels." So, while the Metasploit elves bang away at a
proper buffer overflow module, HD Moore busted out a pa
3 min
Nexpose
How to Exploit A Single Vulnerability with Metasploit Pro
Metasploit Pro's smart exploitation function is great if you want to get a
session quickly and don't care about being "noisy" on the network, but there are
certain situations where you may want to use just one exploit:
* You're conducting a penetration test and want to exploit just one
vulnerability so you don't draw too much attention (i.e. you want to use a
sniper rifle, not a machine gun)
* You're a vulnerability manager and want to validate just one vulnerability to
know whether
2 min
Metasploit
Remote-Controlling Metasploit Through APIs
Metasploit offers some great ways to automate its functionality through a
programming interface. Metasploit users have built custom tools and processes
based on this functionality, saving them time to conduct repetitive tasks, or
enabling them to schedule automated tasks. Our most advanced customers have even
intgrated Metasploit Pro into their enterprise security infrastructure to
automatically verify the exploitability of vulnerabilities to make their
vulnerability management program more ef
2 min
Metasploit
Weekly Metasploit Update: Subverting NATs, 64-bit LoadLibrary Support, and More!
NAT-PMP'ing is now easy
This week, we have three new modules and an accompanying Rex protocol parser for
the NAT Port-Mapping Protocol (NAT-PMP
[https://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol]), the ad-hoc router
management protocol favored by Apple. Over the weekend, Rapid7 Lead Security
Engineer and confessed protocol nerd Jon Hart forgot the password to a
little-used Airport base station, so rather than merely resetting the device, he
instead busted out a trio of Metasploit modules t
4 min
Metasploit
Metasploit Updated: Forensics, SCADA, SSH Public Keys, and More
Been a busy week here at Metasploit, so let's get to it.
Forensics-Centric Updates
New this week is Brandon Perry's offline Windows registry enhancements.
Featuring a pile of extensions to Rex (Metasploit's general purpose parsing
library) and the tools/reg.rb utility, this update builds on TheLightCosine's
ShadowCopy library and makes life a lot easier for the forensics investigator
looking to parse through Windows registry hives. Brandon goes into the technical
details over here
[https://com
5 min
Metasploit
Adventures in the Windows NT Registry: A step into the world of Forensics and Information Gathering
As of a few days ago [https://github.com/rapid7/metasploit-framework/pull/98],
the Metasploit Framework has full read-only access to offline registry hives.
Within Rex you will now find a Rex::Registry namespace that will allow you to
load and parse offline NT registry hives (includes Windows 2000 and up),
implemented in pure Ruby. This is a great addition to the framework because it
allows you to be sneakier and more stealthy while gathering information on a
remote computer. You no longer need
2 min
Metasploit
Metasploit Framework Updated: Railgun, AIX, and More
Time for another Metasploit Update - this week we've got some new goodies for
Meterpreter's Railgun, SSH, AIX, and a few new exploit modules. Enjoy!
Railgun Updates
Metasploit open source contributors Chao-Mu and kernelsmith have been busy over
the last month or so, cranking out a pile of commits to Railgun in order to
facilitate Windows API error message handling. For you non-post module
developers, Railgun is a super-handy Meterpreter extension that "turns Ruby into
a weapon," and you can get