1 min
Nexpose
Three Ways to Integrate Metasploit With Nexpose
Metasploit has three ways to integrate with Nexpose vulnerability scanner. I've
heard some confusion about what the different options are, so I'd like to
summarize them here briefly:
1. Importing Nexpose reports: This is a simple, manual file import. Apart from
Nexpose, Metasploit can import about 13 different third-party reports from
vulnerability management solutions and web application scanners. This
feature works in all Metasploit editions.
2. Initiate a Nexpose scan from M
2 min
Metasploit
Metasploit Updated: Year in Review
Turns out, the week between Christmas and New Years was pretty slow, at least as
far as Metasploit Framework development was concerned. This release has a few
small spot fixes on Framework, and a handful of new modules.
ShadowCopy
The most significant addition to the framework was TheLightCosine's work on the
appropriately scary-sounding ShadowCopy library. Based on the research published
by Tim Tomes and Mark Baggett [https://www.scmagazine.com/security-weekly], the
modules implementing this l
1 min
Metasploit
Creating a FISMA Report in Metasploit Pro
If you're working in IT security in U.S. federal government, chances are that
you have to comply with the Federal Information Security Management Act of 2002
(FISMA). With Metasploit Pro
[https://www.rapid7.com/products/metasploit/download/], you can generate FISMA
compliance reports that map penetration testing findings to controls, as
recommended by Special Publication 800-53a (Appendix G) published by the
National Institute of Standards and Technology (NIST) and by Consensus Audit
Guidelines
3 min
Metasploit
How to Leverage the Command Line in Metasploit Pro
"I'm more comfortable with the Metasploit command line," is an objection I often
hear from long-time Metasploit Framework users who are thinking about purchasing
a copy of Metasploit Pro or Metasploit Express. What many penetration testers
don't know is that you can use the command line in the commercial Metasploit
editions, and leverage their advantages at the same time.
Reporting: The commercial Metasploit editions include one-click reporting that
includes any work you have completed on the
1 min
Metasploit
Jumping to another network with VPN pivoting
VPN Pivoting is one of the best but also most elusive features in Metasploit
Pro, so the best way is to see it. That's why I've decided to post a snippet of
a recent webinar, where HD Moore shows this feature in action.
VPN pivoting enables users to route any network traffic through an exploited
host with two NICs to a different network. For example, you could run nmap,
Metasploit network discovery, or Nexpose vulnerability scans through the VPN
pivot. Using a TUN/TAP adaptor on the Metasploit
2 min
Exploits
Metasploit Updated: Telnet Exploits, MSF Lab, and More
It's Wednesday, and while many of you are enjoying the week off between
Christmas and New Years, we've been cranking out another Metasploit Update.
Telnet Encrypt Option Scanner and Exploits
I won't rehash this subject too much since HD already covered these modules in
depth here
[https://community.rapid7.com/community/solutions/metasploit/blog/2011/12/27/bsd-telnet-daemon-encrypt-key-id-overflow]
and here
[https://community.rapid7.com/community/solutions/metasploit/blog/2011/12/28/more-fun-wi
2 min
Metasploit
More Fun with BSD-derived Telnet Daemons
In my last post [/2011/12/28/bsd-telnet-daemon-encrypt-key-id-overflow], I
discussed the recent BSD telnetd vulnerability and demonstrated the scanner
module added to the Metasploit Framework. Since then, two new exploit modules
have been released; one for FreeBSD versions 5.3 - 8.2
[https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/freebsd/telnet/telnet_encrypt_keyid.rb]
and another for Red Hat Enterprise Linux 3
[https://github.com/rapid7/metasploit-framework/blob/ma
3 min
Metasploit
Fun with BSD-Derived Telnet Daemons
On December 23rd, the FreeBSD security team published an advisory
[http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc] stating
that a previously unknown vulnerability in the Telnet daemon was being exploited
in the wild and that a patch had been issued. This vulnerability was interesting
for three major reasons:
1. The code in question may be over 20 years old and affects most BSD-derived
telnetd services
2. The overflow occurs in a structure with a function pointer store
2 min
Metasploit
Metasploit Updated: Trivial Access to TFTP
The Metasploit Update is out, and it's a little smaller than you might expect.
We've recently rejiggered our development to QA to release workflow here at
Rapid7, and that means that this week, we cut the release a couple days earlier
than usual in order to ensure the work flow all makes sense and that the
releases get the post-commit QA attention that they deserve. The end result is
that we'll have a pretty light release this week (due to the shortened
development cycle), but going forward, wee
3 min
Metasploit
Installing Metasploit Community Edition on BackTrack 5 R1
Update: I just published a new blog post for using Metasploit on BackTrack 5 R2
[https://www.rapid7.com/blog/post/2012/05/30/install-metasploit-on-backtrack/].
BackTrack 5 R1 comes pre-installed with Metasploit Framework 4.0. Unfortunately,
Metasploit Community, which brings a great new Web UI and other functionality,
was introduced in version 4.1, so it's not included by default. Updating
Metasploit Framework using the msfupdate command will not install the Web UI. In
addition, BT5 only makes
2 min
Metasploit
Metasploit Framework Updated: What's your Favorite Resource Script?
Sample Resource Scripts
About a week ago, munky9001 posted on Reddit the headline, DB_Autopwn
Deprecated! About time [http://redd.it/mzfp2]. Shortly after, HD wrote up a blog
post, Six Ways to Automate Metasploit
[/2011/12/08/six-ways-to-automate-metasploit], with the moral of the story
being, "don't cry for db_autopwn, there are already much better methods to get
your automated pwnage on." Of these, the easiest and most straightforward way to
automate things is to write a resource script.
Thi
2 min
Release Notes
Metasploit Framework Updated: FastLib and More
Metasploit development moves fast. Blindingly fast, fueled by tons of open
source contributors -- which is one of the reasons why we moved away from our
tried and true SVN repository and on to GitHub. Now that we're on a more modern,
more social development platform, we have all new ways to get overwhelmed with
the pace of change on the Framework, especially since contributor code is that
much easier to integrate now. So, in order to ensure that the more notable
week-over-week changes get their
4 min
Metasploit
Six Ways to Automate Metasploit
Onward
Over the last few weeks the Metasploit team at Rapid7 has engaged in an overhaul
of our development process. Our primary goals were to accelerate community
collaboration and better define the scopes of our open source projects. The
first step was to migrate all open source development to GitHub. This has
resulted in a flood of contributors and lots of greatnew features and content.
One controversial change involved removing old, buggy automation tools that
simply didn't meet the quality
8 min
Metasploit
Recon, Wireless, and Password Cracking
The Metasploit Framework continues to grow and expand with the support of the
community. There have been many new features added to the Metasploit Framework
over the past month. I am very excited to be able to share some of these new
developments with you.
Mubix's Recon Modules
Mubix's post-exploitation modules form his Derbycon talk are now in the
repository. The resolve_hostname module, originally called 'Dig', will take a
given hostname and resolve the IP address for that host from the windo
1 min
Metasploit
Adding Custom Wordlists in Metasploit for Brute Force Password Audits
In any penetration test that involves brute forcing passwords, you may want to
increase your chances of a successful password audit by adding custom wordlists
specific to the organization that hired you. Some examples:
* If you are security testing a hospital, you may want to add a dictionary with
medical terms.
* If you're testing a German organization, users are likely to use German
passwords, so you should add a German wordlist.
* Another good idea is to build a custom wordlist b