Posts by Rapid7

2 min

Offensive Security = Backtrack Linux + Metasploit Pro

This week the guys over at Offensive Security [https://www.offsec.com/] officially added Metasploit Pro [https://www.rapid7.com/products/metasploit/download/] to their curriculum for the class Pentration Testing with Backtrack [https://www.offsec.com/courses-and-certifications/]. For those not familiar with it, BackTrack [http://www.backtrack-linux.org/] is a Linux distribution that includes a lot of tools for penetration testing. Since 2006, it has been downloaded three million times and has b

2 min Metasploit

Sesame Open: Auditing Password Security with Metasploit 3.5.1

Secret passwords don't only get you into Aladdin's cave or the tree house, but also into corporate networks and bank accounts. Yet, they are one of the weakest ways to protect access. Sure, there are better ways to secure access, such as smart cards or one-time password tokens, but these are still far from being deployed everywhere although the technology has matured considerably over the past years. Passwords are still the easiest way into a network. The new Metasploit version 3.5.1 adds a l

1 min

Metasploit Framework 3.5.1 Released!

Rapid7 and the Metasploit Project are proud to announce version 3.5.1 of the Metasploit Framework! This minor version release adds 47 new modules, including exploit covereage for recent bugs in the news: Exim4 [http://www.metasploit.com/modules/exploits/unix/smtp/exim4_string_format], Internet Explorer [http://www.metasploit.com/modules/exploit/windows/browser/ms10_xxx_ie_css_clip] , and ProFTPd. Java payloads have seen significant improvement and java_signed_applet can now use them for compl

6 min

Capturing Windows Logons with Smartlocker

Oftentimes during a penetration test engagement, a bit of finesse goes a long way. One of the most effective ways to capture the clear-text user password from a compromised Windows machine is through the "keylogrecorder" Meterpreter script. This script can migrate into the winlogon.exe process, start capturing keystrokes, and then lock the user's desktop (the -k option). When the user enters their password to unlock their desktop, you now have their password. This, while funny and effective, can

10 min

The Big Easy

People don't like to hire blackhats. It's great because it speaks to so many levels of assumptions and interests me immensely because of it. Arguably, the mentality speaks to a much lower level issue with the pervasive American ideal of perfectionism-- but if I wanted to wax wasteful poetic on the irritating low-level sociological tendencies of our culture, I'd start a LiveJournal. I've already got this blog, so let's just stick to the context of the greater security community. We all know th

1 min Metasploit

Turning Your World Upside Down: Metasploit Ambigram Tattoos

Bill Swearingen aka hevnsnt blew us away by designing a Metasploit ambigram for the Metasploit Pro tattoo contest You may remember Roy's Metasploit tattoo [https://community.rapid7.com/blogs/rapid7/2010/11/01/we-weren-t-joking-when-we-said-tattoos/] a few weeks ago, which prompted our Metasploit [https://www.rapid7.com/products/metasploit/] tattoo competition. We thought it was a cute idea, expecting a few fun pictures with felt pen tattoos or tattoo photo montages of of the Metasploit logo.

7 min

Metasploit: Now with more commercial-grade-y-ness

Update (11/17/2010 10:14PM): I've updated the title of this post, based on solely on the fact that I don't think the old title captured the essence of the post, and didn't convey the tone i wanted to take. Clearly Metasploit is a commercial grade product, so the title is decidedly tongue-in-cheek, but it's important to highlight this fact. A huge benefit of the commercial products is that we now have the resources to provide QA'd snapshots (see below). In addition, every submission is hand-revi

1 min Patch Tuesday

November Patch Tuesday Roundup

Microsoft's November Patch Tuesday was fairly light with only 3 security bulletins covering 11 vulnerabilities, only one bulletin, MS10-087, was rated critical. The bulletin related to MS Office 2007 and Office 2010 vulnerability which could be exploited by a classic drive by type attack when a customer views a malicious RTF. As Josh Abraham, Rapid7 security research analyst noted, the fact that November is fairly light could be a blessing. "Based on the huge amount of patches from last mo

2 min Metasploit

How VPN pivoting creates an undetectable local network tap

Let's assume your goal for an external penetration test is to pwn the domain controller. Of course, the domain controller's IP address is not directly accessible from the Web, so how do you go about it? Seasoned pentesters already know the answer: they compromise a publicly accessible host and pivot to other machines and network segments until they reach the domain controller. It's the same concept as a frog trying to cross a pond by jumping from lily pad to lily pad. If you have already us

1 min

Metasploit Framework 3.5.0 - Win32 respin

The 3.5.0 release a couple of weeks ago ran into a few minor problems in the new Windows installer. First, Console2, our new terminal emulator, wouldn't work correctly with our setup if you already had a copy installed. Second, installing into a directory with a space in its name would prevent Console from starting. Lastly, and probably more important for most users, is that the new msfgui didn't work out of the box due to some incorrect paths in various places. All of these issues have been

2 min Awards

We weren't joking when we said "tattoos"!

Be careful what we wish for: In 2006, HD Moore wrote a blog post [/2006/08/27/metasploit-framework-30-beta-2] about a redesign of the Metasploit Project, announcing that the new graphics “will be featured on tee shirts, posters, and tattoos over the coming year.” Well, you guys took a little longer than we thought but we now have our first Metasploit tattoo! Initially, we thought Roy Morris (aka @soundwave1234 [http://twitter.com/soundwave1234]) was joking when he tweeted to @hdmoore [htt

2 min

Metasploit Anniversary Marks World's Most Successful Open Source Acquisition

Exactly one year ago, Rapid7 acquired the Metasploit Project [http://www.metasploit.com]. Many community members feared that this would be the end of Metasploit's open source era. After all, many open source projects had been turned into commercial offerings at the cost of the community. Most prominently our space, a widely used vulnerability scanner is no longer open source. To the surprise of many skeptics, Metasploit is arguably the most successful collaboration between an open source pro

3 min

One Year Later: Metasploit Framework 3.5.0 Released!

On this first anniversary of Rapid7's acquisition of The Metasploit Project, we are proud to announce the release of the newest version of the Metasploit Framework, 3.5.0 [https://information.rapid7.com/metasploit-framework.html], with over 600 exploits and tons of bug fixes. A lot has happened in the last year. Twelve months ago, lots of folks were asking whether the acquisition was going to mean the end of Metasploit. To address some of those questions a year ago, I promised several things.

1 min Exploits

Take an Earlier Flight Home with the New Metasploit Pro

We love it, our beta testers loved it, and we trust you will as well: today we're introducing Metasploit Pro, our newest addition to the Metasploit family, made for penetration testers who need a bigger, and better, bag of tricks. Metasploit Pro provides advanced penetration testing capabilities, including web application exploitation and social engineering. The feedback from our beta testers has been fantastic, most people loved how easily they can conduct Web application scanning and exploi