15 min
Metasploit
MonaSploit
Introduction
“Standalone exploits suck”.
egyp7 [https://twitter.com/egyp7] and bannedit [https://twitter.com/msfbannedit]
made this statement earlier this year at Bsides Vegas, and nullthreat
[https://twitter.com/nullthreat] & yours truly
[https://twitter.com/corelanc0d3r] elaborated on this even more during our talk
at Derbycon 2011.
There are many reasons why writing Metasploit exploit modules and submitting
them to the Metasploit framework is a good idea. You're not only going to help
the
1 min
Metasploit
Metasploit, Scanners, and DNS
One of the awesome things about the Metasploit Framework (and Ruby in general)
is that there is a strong focus on avoiding code duplication. This underlying
philosophy is why we can manage a million-plus line code base with a relatively
small team. In this post, I want to share a recent change which affects how
hostnames with multiple A records are processed by modules using the Scanner
mixin.
Quite of a few of the web's "major" properties, such as google.com, return
multiple IP addresses when
1 min
Metasploit
How to Update to Metasploit 4.0
If you're packing to go to Black Hat, Defcon or Security B-Sides in Las Vegas,
make sure you also download Metasploit 4.0 to entertain you on the plane ride.
The new version is now available for all editions, and here's how you upgrade:
* Metasploit Pro and Metasploit Express 4.0: For fresh installs, download
version 4.0 of Metasploit Pro
[https://www.rapid7.com/products/metasploit/download/] and install. If you
already have Metasploit Pro or Metasploit Express installed, simply go t
3 min
Release Notes
Metasploit Framework 4.0 Released!
It's been a long road to 4.0. The first 3.0 release was almost 5 years ago and
the first release under the Rapid7 banner was almost 2 years ago. Since then,
Metasploit has really spread its wings. When 3.0 was released, it was under a
EULA-like license with specific restrictions against using it in commercial
products. Over time, the reasons for that decision became less important and the
need for more flexibility came to the fore; in 2008, we released Metasploit 3.2
under a 3-clause BSD licen
2 min
Metasploit
Password Cracking in Metasploit with John the Ripper
HDM recently added password cracking functionality to Metasploit through the
inclusion of John-the-Ripper in the Framework
[http://dev.metasploit.com/redmine/projects/framework/repository/revisions/13135]
. The 'auxiliary/analyze/jtr_crack_fast
[http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/analyze/jtr_crack_fast.rb]
' module was created to facilitate JtR's usage in Framework and directly into
Express/Pro's automated collection routine. The module works
4 min
Metasploit
Metasploit 4.0 is Coming Soon!
It'll only be days until you can download the new Metasploit version 4.0!
The new version marks the inclusion of 36 new exploits, 27 new post-exploitation
modules and 12 auxiliary modules, all added since the release of version 3.7.1
in May 2011. These additions include nine new SCADA exploits, improved 64-bit
Linux payloads, exploits for Firefox and Internet Explorer, full-HTTPS and HTTP
Meterpreter stagers, and post-exploitation modules for dumping passwords from
Outlook, WSFTP, CoreFTP, S
2 min
Exploits
Metasploit Bounty: Code, Sweat, and Tears
After more than 30 days of hardcore and intense exploit hunting, the Metasploit
Bounty program has finally come to an end. First off, we'd like to say that even
though the Metasploit Framework has made exploit development much easier, the
process is not always an easy task. We're absolutely amazed how hard our
participants tried to make magic happen.
Often, the challenge begins with finding the vulnerable software. If you're
lucky, you can find what you need from 3rd-party websites that mirror
2 min
Metasploit
Testing Snort IDS with Metasploit vSploit Modules
One of my key objectives for developing the new vSploit modules
[https://www.rapid7.com/blog/post/2011/06/02/vsploit-virtualizing-exploitation-attributes-with-metasploit-framework/]
was to test network devices such as Snort [http://www.snort.org]. Snort or Cisco
[https://www.cisco.com/site/us/en/products/security/index.html] enterprise
products are widely deployed in enterprises, so Snort can safely be considered
the de-facto standard when it comes to intrusion detection systems (IDS). So
much
1 min
Metasploit
Metasploit Exploit Bounty - Status Update
A few weeks ago the Metasploit team announced a bounty program
[/2011/06/14/metasploit-exploit-bounty-30-exploits-500000-in-5-weeks] for a list
of 30 vulnerabilities that were still missing Metasploit exploit modules. The
results so far have been extremely positive and I wanted to take a minute to
share some of the statistics.
As of last night, there have been 27 participants in the bounty program
resulting in 10 submissions, with 5 of those already comitted to the open source
repository and t
5 min
Metasploit
Meterpreter HTTP/HTTPS Communication
The Meterpreter payload within the Metasploit Framework (and used by Metasploit
Pro) is an amazing toolkit for penetration testing and security assessments.
Combined with the Ruby API on the Framework side and you have the simplicity of
a scripting language with the power of a remote native process. These are the
things that make scripts and Post modules great and what we showcase in the
advanced post-exploit automation available today. Metasploit as a platform has
always had a concept of an est
11 min
Metasploit
MS11-030: Exploitable or Not?
If you weren't already aware, Rapid7 is offering a bounty
[/2011/06/14/metasploit-exploit-bounty-30-exploits-500000-in-5-weeks] for
exploits that target a bunch of hand-selected, patched vulnerabilities. There
are two lists to choose from, the Top 5 and the Top 25
[https://community.rapid7.com/docs/DOC-1467] . An exploit for an issue in the
Top 5 list will receive a $500 bounty and one from the Top 25 list will fetch a
$100 bounty. In addition to a monetary reward, a successful participant also
1 min
Metasploit
Metasploit Framework Console Output Spooling
Sometimes little things can make a huge difference in usability -- the
Metasploit Framework Console is a great interface for getting things done
quickly, but so far, has been missing the capability to save command and module
output to a file. We have a lot of small hacks that makes this possible for
certain commands, such as the "-o" parameter to db_hosts and friends, but this
didn't solve the issue of module output or general console logs.
As of revision r13028 the console now supports the sp
1 min
Release Notes
Metasploit Framework 3.7.2 Released!
It's that time again! The Metasploit team is proud to announce the immediate
release of the latest version [http://metasploit.com/download/] of the
Metasploit Framework, 3.7.2. Today's release includes eleven new exploit modules
and fifteen post modules for your pwning pleasure. Adding to Metasploit's
well-known hashdump capabilities, now you can easily steal password hashes from
Linux, OSX, and Solaris. As an added bonus, if any of the passwords were hashed
with crypt_blowfish (which is the d
2 min
Metasploit
Emulating ZeuS DNS Traffic with Metasploit Framework
[UPDATE 6/28/2011] vSploit Modules will be released at DEFCON
This is a follow-up post for vSploit - Virtualizing Intrusion & Exploitation
Attributes with Metasploit Framework
[https://community.rapid7.com/blogs/rapid7/2011/06/02/vsploit--virtualizing-exploitation-attributes-with-metasploit-framework]
about using Metasploit as a way to test network infrastructure countermeasures
and coverage. I mentioned obtaining list of suspicious domains to use for
testing organization's networking intell
2 min
Metasploit
vSploit - Virtualizing Intrusion & Exploitation Attributes with Metasploit Framework
Many organizations are making significant investments in technologies in order
to tell if they have been compromised; however, frequently they find out when it
is too late. There are several network-based attributes that, when combined,
indicate possible compromises have taken place. Many pentesters are successful
at compromising hosts; however, commonly they are restricted in what they can
and can't do. There needs to be a way that they can sucessfully mimick threats
and scenarios, even when re