0 min
Metasploit v3.3 Released!
HD Moore and the entire Metasploit team have released Metasploit v3.3! I'm
really excited to start using this new release as it provides tons of new
features including: 123 new exploits, 117 new auxiliary modules, support for
Vista and Windows 7, improved stability of Meterpreter, all applicable exploits
now have OSVDB references, Meterpreter with colors and much much more! More
details be be found within the Release Notes. [https://metasploit.com/]
Download Metasploit v3.3 here [https://githu
6 min
Metasploit Framework 3.3 Released!
We are excited to announce the immediate availability
[http://www.metasploit.com/framework/download/] of version 3.3 of the Metasploit
Framework. This release includes 446 exploits
[http://www.metasploit.com/modules/exploit/], 216 auxiliary modules
[http://www.metasploit.com/modules/auxiliary/], and hundreds of payloads
[http://www.metasploit.com/modules/payload/], including an in-memory VNC service
and the Meterpreter. In addition, the Windows payloads now support NX, DEP,
IPv6, and the Windo
3 min
Microsoft
November Microsoft Patch Tuesday Roundup
Time once again for this month's summary of the latest Microsoft Security
updates …
6 updates, with 15 vulnerabilities covered. Here's the breakdown:
MS09-063: Rated Critical. Potential Remote Code Execution via Memory Corruption
in Web Services on Devices API, covering 1 vulnerability: CVE-2009-2512.
Important to note that this one only affects Windows Vista and Server 2008. Also
important to note that attackers must be on the local subnet to exploit this
vulnerability, so it would either b
3 min
Metasploit Rising
I created the Metasploit Project over six years ago as way to publish security
information to those who needed it most, the security professionals in the
field. The project has evolved from a personal web site, to a collaborative
effort with a small group of friends, and finally to the robust community-driven
project that we know today. This progress came at the cost of the evenings,
lunch hours, early mornings, and weekends of countless contributors who donate
their time for the benefit of the
4 min
Microsoft
October Microsoft Patch Tuesday Roundup
Time for this month's summary of the latest Microsoft Security updates …
13 advisories, with 34 vulnerabilities covered. Here's the breakdown:
MS09-050: Rated Critical. Potential Remote Code Execution and Denial of Service
in SMBv2, covering 3 vulnerabilities: CVE-2009-2526 (Infinite Loop DoS),
CVE-2009-2532 (Command Value Remote Code Exec), and CVE-2009-3103 (Negotiation
Remote Code Exec). Important to note that this one was listed as a DoS on NVD
while Metasploit and others were insisting
1 min
Microsoft
October Microsoft Patch Tuesday Preview
Wow, because the number of bulletins affecting the number of Windows versions is
pretty staggering. Windows is taking the most lumps this month.
Wow, because Windows7 makes its debut in the monthly dance with 5 updates
(although only the IE update is critical)
Wow, because Bulletin 13 alone affects the following products across the
Microsoft universe:
- Windows 2000 SP4
- Windows XP (SP2 and SP3)
- Windows Server 2003 SP2
- Windows Vista & Vista SP1
- Windows 2008
- Office XP
-
3 min
Metasploit 3.3 Development Updates
The last 48 hours has been a whirlwind [http://trac.metasploit.com/timeline] of
development at the Metasploit Project as we prepare for the 3.3 stable release.
Efrain Torres completed the screenshot feature of the espia Metepreter module.
This command only works when the process meterpreter is executing inside has
access to the active desktop (like explorer.exe). You can see an example of this
below:
meterpreter > ps
Process list
============
PID Name Path
--- ---- ----
204 iexp
3 min
Forcing Payloads Through Restrictive Firewalls
I was reading a fun blog post
[http://clinicallyawesome.com/post/196352889/blind-connect-back-through-restrictive-firewall]
by Jason Mansfield about different ways to brute force a connection through a
restrictive outbound firewall and realized that this would be trivial to
implement in Metasploit and would go nicely with another feature implemented
earlier today.
The general idea is that many networks block some or all outbound TCP ports from
their network. This is a great way to avoid entire
4 min
NSS Labs Endpoint Protection Test Results
On Monday, NSS Labs [http://www.nsslabs.com/] released the results of their
anti-malware Endpoint Protection Product [http://www.nsslabs.com/anti-malware]
tests. The test results are separated into consumer and corporate product lines,
with the consumer report available for download from their web site after free
registration.
The test put each product through a 17-day rolling assessment, where each day
the latest updates to the product were applied and a fresh list of
malware-serving URLs w
1 min
IE DirectShow (msvidctl.dll) MPEG-2 Metasploit Exploit
Originally Posted by Jabra
There is a new IE exploit that has been recently released into the wild. The
exploit is for DirectShow (msvidctl.dll) MPEG-2. The exploit utilizes an ActiveX
control in addition to a GIF file include, to perform a memory corruption
attack. The vulnerability affects users of both IE 6 and IE7.
Today, the exploit was added to the Metasploit framework
[http://www.metasploit.com/] by HD Moore (the author of Metasploit). The module
was written by Trancer.
Thus far, I h
1 min
Mastering the Metasploit Framework
The next official Metasploit class
[http://blackhat.com/html/bh-usa-09/train-bh-usa-09-hdm-meta.html] will be held
in Las Vegas, Nevada during Black Hat USA on July 25th and 26th. This course
dives into the newest features of the Metasploit Framework and demonstrates how
to use these features in every aspect of a penetration test. Students will learn
how to create custom modules to solve specific tasks, launch wide-scale
client-side attacks, operate a malicious wireless access point, generate c
1 min
Capturing Logon Credentials with Meterpreter
In my previous post [/2009/03/22/remote-keystroke-sniffing-with-meterpreter], I
described the keystroke sniffing capabilities of the Meterpreter payload. One of
the key restrictions of this feature is that it can only sniff while running
inside of a process with interactive access to the desktop. In the case of the
MS08-067 exploit, we had to migrate into Explorer.exe in order to capture the
logged-on user's keystrokes.
While testing the keystroke sniffer, it occurred to me to migrate into the
2 min
Remote Keystroke Sniffing with Meterpreter
Earlier this afternoon, I committed some code
[http://trac.metasploit.com/changeset/6370] to allow keystroke sniffing through
Meterpreter sessions. This was implemented as set of new commands for the stdapi
extension of Meterpreter. Dark Operator, author of many great Meterpreter
scripts, already wrote a nice blog post describing how to use the new keystroke
sniffer, but I wanted to cover some of the internals and limitations as well.
The keyscan_start command spawns a new thread inside of the
3 min
VMWare, Virtual PC, and FDCC Images
Update: A couple [http://nicholsonsecurity.com/] folks
[http://www.blogger.com/profile/10734906797874214568] pointed out that the
VMWare Converter [http://www.vmware.com/products/converter/overview.html]
automates most of the issues covered in this post.
On August 20th, 2007 NIST's Federal Desktop Core Configuration
[http://nvd.nist.gov/fdcc/] project released its initial set of Windows virtual
machine images as a security reference. This set has been updated to consist of
Windows XP SP2 and
2 min
Metasploit Mass Exploitation for Dummies
One of the features added in the 3.2 release
[http://metasploit.com/documents/RELEASE-3.2.txt] of the Metasploit Framework
was the ability to restrict the db_autopwn command to specific ports and modules
matching a given regular expression. This feature can be used to run one or more
exploits against a specific range of hosts at the same time.
In the example below, we will demonstrate how to launch the MS08-067
[http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx] exploit
against e