2 min
Metasploit
Metasploit Pro 3.7: Better, Faster, Stronger
Over the last two months the Rapid7 team has been hard at work rewiring the
database and session management components of the Metasploit Framework,
Metasploit Express, and Metasploit Pro products. These changes make the
Metasploit platform faster, more reliable, and able to scale to hundreds of
concurrent sessions and thousands of target hosts. We are excited to announce
the immediate availability of version 3.7 of Metasploit Pro and Metasploit
Express!
Existing customers can apply the latest s
1 min
Metasploit
Metasploit T-Shirt Design Contest: And the Winner is...
You have voted in large numbers – and the results are out: design #36
[/servlet/JiveServlet/downloadImage/38-5353-1228/36.png] is the winner of the
Metasploit T-shirt design contest. Danny Chrastil submitted the winning design,
featuring the Metasploit logo consisting of code from the payload
osx/ppc/shell_reverse_tcp. The back shows the Metasploit splash screen cow, our
legendary creature of mystery and superstition.
A few words about the winner: Danny Chrastil aka @DisK0nn3cT is a web
appl
2 min
Metasploit
Learn, Download & Contribute: The New Metasploit Website
Today, we relaunched the Metasploit.com site. We hope you'll find it as awesome
as we do. The new site not only has updated looks, we've also rewritten much of
its content and put it on a shiny new server to make it faster.
We mainly focused on three aspects: learn, download & contribute:
Learn – Many Metasploit newbies told us they found it hard to get started with
the Metasploit Framework, so we took a fresh look at our website to design it so
that new Metasploit Framework users would fin
2 min
Metasploit
Metasploit Version 3.6 Delivers Enhanced Command-Line Options and PCI Peports
Originally Posted by Chris Kirsch
All Metasploit editions are seeing an update to version 3.6 today, including an
enhanced command-line feature set for increased proficiency and detailed PCI
reports with pass/fail information for a comprehensive view of compliance
posture with PCI regulations.
Here's an overview of what's new:
The new Metasploit Pro Console offers powerful new features that help
professional penetration testers complete their job more efficiently in their
preferred environmen
6 min
Metasploit
Cisco IOS Penetration Testing with Metasploit
The Metasploit Framework and the commercial Metasploit products have always
provided features for assessing the security of network devices. With the latest
release, we took this a step further and focused on accelerating the penetration
testing process for Cisco IOS devices. While the individual modules and
supporting libraries were added to the open source framework, the commercial
products can now chain these modules together to quickly compromise all
vulnerable devices on the network. The sc
2 min
Metasploit
Sesame Open: Auditing Password Security with Metasploit 3.5.1
Secret passwords don't only get you into Aladdin's cave or the tree house, but
also into corporate networks and bank accounts. Yet, they are one of the weakest
ways to protect access. Sure, there are better ways to secure access, such as
smart cards or one-time password tokens, but these are still far from being
deployed everywhere although the technology has matured considerably over the
past years. Passwords are still the easiest way into a network.
The new Metasploit version 3.5.1 adds a l
4 min
Exploits
Setting Up a Test Environment for VPN Pivoting with Metasploit Pro
Penetration testing software only shows its true capabilities on actual
engagements. However, you cannot race a car before you've ever sat in the
driver's seat. That's why in this article I'd like to show you how to set up a
test environment for VPN pivoting, a Metasploit Pro
[https://www.rapid7.com/products/metasploit/download/] feature for intermediate
and advanced users recently described in this post
[https://community.rapid7.com/blogs/rapid7/2010/11/08/how-vpn-pivoting-creates-an-undetectab
1 min
Metasploit
Turning Your World Upside Down: Metasploit Ambigram Tattoos
Bill Swearingen aka hevnsnt blew us away by designing
a Metasploit ambigram for the Metasploit Pro tattoo
contest
You may remember Roy's Metasploit tattoo
[https://community.rapid7.com/blogs/rapid7/2010/11/01/we-weren-t-joking-when-we-said-tattoos]
a few weeks ago, which prompted our Metasploit Pro
[http://www.rapid7.com/products/metasploit-pro.jsp] tattoo competition. We
thought it was a cute idea, expecting a few fun pictures with felt pen tattoos
or tattoo photo montages of of the Metas
2 min
Metasploit
How VPN pivoting creates an undetectable local network tap
Let's assume your goal for an external penetration test is to pwn the domain
controller. Of course, the domain controller's IP address is not directly
accessible from the Web, so how do you go about it? Seasoned pentesters already
know the answer: they compromise a publicly accessible host and pivot to other
machines and network segments until they reach the domain controller. It's the
same concept as a frog trying to cross a pond by jumping from lily pad to lily
pad.
If you have already
2 min
Awards
We weren't joking when we said "tattoos"!
Be careful what we wish for: In 2006, HD Moore wrote a blog post
[/2006/08/27/metasploit-framework-30-beta-2] about a redesign of the Metasploit
Project, announcing that the new graphics “will be featured on tee shirts,
posters, and tattoos over the coming year.” Well, you guys took a little longer
than we thought but we now have our first Metasploit tattoo!
Initially, we thought Roy Morris (aka @soundwave1234
[http://twitter.com/soundwave1234]) was joking when he tweeted to @hdmoore
[htt
2 min
Exploits
Take an Earlier Flight Home with the New Metasploit Pro
We love it, our beta testers loved it, and we trust you will as well: today
we're introducing Metasploit Pro
[http://www.rapid7.com/products/metasploit-pro.jsp], our newest addition to the
Metasploit family, made for penetration testers who need a bigger, and better,
bag of tricks.
Metasploit Pro provides advanced penetration testing
capabilities, including web application exploitation and social
engineering.
The feedback from our beta testers has been fantastic, most people loved how
easily