1 min
Metasploit
Learn, Download & Contribute: The New Metasploit Website
Today, we relaunched the Metasploit.com site. We hope you'll find it as awesome
as we do. The new site not only has updated looks, we've also rewritten much of
its content and put it on a shiny new server to make it faster.
We mainly focused on three aspects: learn, download & contribute:
Learn – Many Metasploit newbies told us they found it hard to get started with
the Metasploit Framework, so we took a fresh look at our website to design it so
that new Metasploit Framework users would find i
4 min
Adobe Flash CVE-2011-0609
Originally Posted by bannedit
Recently, I spent about a week and a half working on the latest 0-day Flash
vulnerability. I released a working exploit on March 22nd 2011. The original
exploit was just an attempt to get something working out the door for all of our
users. The first attempt left a lot to be desired. To understand the crux of
this vulnerability and what needed to be done to improve the first attempt at
exploiting it I had to dig in deep into ActionScript.
ActionScript is a languag
2 min
Vulnerability Disclosure
March Patch Tuesday Roundup
Since Microsoft is on this new staggered pattern of releases, we can expect a
feast or famine every other month...so get used to it. Depending on what side of
the desk you sit on you can adjust the context. With that being said, this
month's release brought us 3 patches addressing 4 vulnerabilities. I think we
were all expecting to see the MHTML
[http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0096] protocol
handler issue resolved, however it didn't make the cut. Make sure IE is in
r
2 min
Metasploit
Metasploit Version 3.6 Delivers Enhanced Command-Line Options and PCI Peports
Originally Posted by Chris Kirsch
All Metasploit editions are seeing an update to version 3.6 today, including an
enhanced command-line feature set for increased proficiency and detailed PCI
reports with pass/fail information for a comprehensive view of compliance
posture with PCI regulations.
Here's an overview of what's new:
The new Metasploit Pro Console offers powerful new features that help
professional penetration testers complete their job more efficiently in their
preferred environmen
2 min
Metasploit Framework 3.6.0 Released!
In coordination with Metasploit Express and Metasploit Pro
[https://www.rapid7.com/products/metasploit/download/], version 3.6 of the
Metasploit Framework is now available. Hot on the heels of 3.5.2, this release
comes with 8 new exploits and 12 new auxiliaries. A whopping 10 of those new
auxiliary modules are Chris John Riley's foray into SAP, giving you the ability
to extract a range of information from servers' management consoles via the SOAP
interface. This release fixes an annoying inst
1 min
Dual Core's Metasploit Track: Free Download!
We got a ton of requests to let you know when the new Dual Core Metasploit track
"msf mastering success & failure" would be available for download. Dual Core
had given the track a debut at the Rapid7 Skye High party at Ruby Skye in San
Francisco as part of the RSA Conference
I'm excited to let you know that we've now received the final copy. Even better:
Dual Core has made the song available free of charge - woot! Big thanks on
behalf of the community!
We all appreciate getting thing
2 min
IT Ops
Stronger Passwords for Django
One of our main concerns is data security. While we can do our best to protect
our service against external threats, a weak account password posses the easiest
attack vector. We are all human and sometimes we don’t even realize how
vulnerable our (supposedly strong) password is to a dictionary-based attack.
We use Django [http://www.djangoproject.com/] internally. Let us share with you
how we hard-ended our account registration process to automatically check for
weak passwords and give our user
1 min
Events
Rapid7's high flying RSA party
Thanks to all of you who attended our party at Ruby Skye on Wednesday. We were
overwhelmed by how many RSA delegates showed up: The club holds close to a
thousand people, and we were operating at capacity for most of the night.
Apologies if you had to wait in line for a few minutes!
Have a great weekend and sleep off the RSA Conference buzz!
Update: Just received this great picture taken by Travis Arnold at the party –
thought you'd enjoy it!
1 min
Metasploit Training at CanSecWest
The Metasploit Framework is more than a pile of exploits; it is a collection of
tools for gaining access where none is provided and a scaffolding for building
new tools. In a few weeks I will be teaching two, one-day dojos at CanSecWest
[https://www.secwest.net/] focusing on using and extending the framework. Some
of the topics we will cover are: post-exploitation automation including
meterpreter and cmd/sh shell sessions, no-exploit pwnage using stolen
credentials of various types, and buildi
1 min
Metasploit Framework 3.5.2 Released!
On February 1st, Eduardo Prado of Secumania notified us of a privilege
escalation vulnerability on multi-user Windows installations of the Metasploit
Framework. The problem was due to inherited permissions that allowed an
unprivileged user to write files in the Metasploit installation directory.
Today we are releasing version 3.5.2 to fix this vulnerability. The new
installers fix this issue through two changes: first, we've moved the default
installation to %ProgramFiles%, which does not nor
2 min
Exploiting SEH Overwrites Using ROP
In the final days of 2010, an exploit for the Windows CreateSizedDIBSECTION
vulnerability was added
[https://twitter.com/#!/jduck1337/status/22315323722039296] to the Metasploit
trunk. The trigger bitmap was taken byte-for-byte from Moti and Xu Hao's slides
[http://www.exploit-db.com/download_pdf/15899/] from the Power of Community
[http://powerofcommunity.net/] conference. However, the method for achieving
code execution on Windows XP was slightly different.
Since this vulnerability is basical
3 min
Mobile Device Security and Android File Disclosure
Back in November, Thomas Cannon brought to light
[http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability/] an
issue within the Android operating system. Specifically, he found that it was
possible to obtain the contents of files on an Android device by simply
persuading its owner to visit a web site under attacker control. The issue only
garners a 3.5 CVSS score, but yet it's still fairly serious.
Thomas reported this issue responsibly to Google and they took it seriously.
Ho
2 min
Patch Tuesday
January Patch Tuesday Roundup
So I know we all were hoping to see a fix for some of this Windows Graphic
Rendering Engine [http://] nastiness...but no go. For now, you'll need to resort
to the good ol' FixIt [http://support.microsoft.com/kb/2490606] option or if you
wanna get your hands dirty, you can modify the ACL on shimgvw.dll directly.
Either way, if you're running IE, you'll have to patiently wait for the official
patch release.
So this monthly release was lean-n-mean, Microsoft released (2) bulletins,
addressing (3)
7 min
Plunderous Informative Pirates
Gawker got owned. Bad. The resulting data breach resulted in some pretty
entertaining fallout: a hacker gang took down a website purely on perceived
arrogance and self-worth of the target, millions of accounts wound up
compromised all across the web. NPR and other outlets wound up trying to tell us
for like the 10th time how to make a secure password. Overall, it was probably
the second-most entertaining data-breach this year. (The first one, of course,
was when the GNAA goatse'd the world with
6 min
Metasploit
Cisco IOS Penetration Testing with Metasploit
The Metasploit Framework and the commercial Metasploit products have always
provided features for assessing the security of network devices. With the latest
release, we took this a step further and focused on accelerating the penetration
testing process for Cisco IOS devices. While the individual modules and
supporting libraries were added to the open source framework, the commercial
products can now chain these modules together to quickly compromise all
vulnerable devices on the network. The sc