4 min
Metasploit Now Supports Malware Analysis via VirusTotal
VirusTotal is a free online service that allows you to analyze files or URLs in
order to identify malware detectable by antivirus engines, and is one of the
most popular ones in the community, so we decided to get a piece of that action.
As offensive tool developers, we often find ourselves testing the capabilities
of different AV products. There are usually two ways to achieve this, of course.
You either spend some money and build your own lab, or you spend nothing and
just use VirusTotal's API
10 min
Piercing SAProuter with Metasploit
Saprouter is basically a reverse proxy for SAP systems, typically sitting
between the Internet and internal SAP systems. Its main purpose is to allow
controlled access from hosts on the Internet to the internal SAP systems, since
it allows for a finer grained control of SAP protocols than a typical firewall.
This means that saprouter usualy ends up being exposed to the Internet, by
allowing the inbound TCP port 3299 to the saprouter host on the organization's
firewalls. And from the saprouter,
2 min
Exploits
Weekly Metasploit Update: Arbitrary Driver Loading & Win a WiFi Pineapple
Wow, I don't know about you, kind reader, but I'm just about blogged out after
that 12 Days of HaXmas sprint. I'll try to keep this update short and sweet.
Arbitrary Driver Loading
This week's update include a delightful new post module for managing a
compromised target, the Windows Manage Driver Loader by longtime Metasploit
community contributor, Borja Merino. If you, as a penetration tester, pops a box
get gains administrator rights (or elevate yourself there using any of the
several strateg
1 min
Metasploit
Make Your Voice Heard & Make Metasploit More Awesome
We've sharpened our pencils and put up a drawing board to decide where we want
to take Metasploit in 2014 and beyond. Metasploit is built on collaboration with
the community, both through the contributions of security researchers in
building the open source Metasploit Framework, and through a continuous feedback
loop with our customers that enables us to keep driving the solution to meet
their needs. As part of our continued commitment to the latter, we're asking you
to let us know how you use
1 min
Haxmas
Metasploit's 12 Days of HaXmas
12 Days of HaXmas, Wrapped!
Over the actual Twelve Days of Christmas
, we here in Metasploit
Nation have been celebrating the 12 Days of HaXmas by bringing our blog readers
a fresh post about Metasploit (and hackery in general) every day for twelve days
straight, all tagged under HaXmas. That conveniently lists all 12 posts in
reverse order, so as you scroll through the titles, you can sing along:
On the 12th day of HaXmas, my true love g
8 min
Authentication
12 Days of HaXmas: Diving Into Git for Current and Future Metasploit Devs
This post is the eleventh in a series, 12 Days of HaXmas, where we take a look
at some of more notable advancements in the Metasploit Framework over the course
of 2013.
Make no mistake -- the initial learning curve for git and GitHub can be pretty
hairy. Way back in 2011, we made the initial move to GitHub for our source code
hosting, but it took us until 2013 to remove the last vestiges of our old SVN
infrastructure. In the meantime, we've picked up a fair amount of git and GitHub
smarts. For
4 min
Haxmas
12 Days of HaXmas: Exploiting (and Fixing) RJS Rails Info Leaks
This post is the fifth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements in the Metasploit Framework over the course of
2013.
Several weeks ago, Egor Homakov wrote a blog post
pointing out a common info leak vulnerability in many Rails apps that utilize
Remote JavaScript. The attack vector and implications can be hard to wrap your
head around, so in this post I'll explain ho
4 min
12 Days of HaXmas: Impress Your Family With Elite Metasploit Wizardry
This post is the fourth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements in the Metasploit Framework over the course of
2013.
Every year during a major holiday, we crawl out from our own bat cave and
actually spend time with our family and friends. People start asking you what
you do for a living? You respond with something you probably regret like "I am a
penetration tester.", because to an average person your job title probably
sounds no different than
3 min
Haxmas
12 Days of HaXmas: Meterpreter, Reloaded
This post is the third in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements in the Metasploit Framework over the course of
2013.
Over the last quarter of 2013, we here in the Democratic Freehold of Metasploit
found that we needed to modernize our flagship remote access toolkit (RAT),
Meterpreter. That started with cleaving Meterpreter out of the main Metasploit
repository and setting it up with its own repository
, and
1 min
UI Vulnerability Exception Query
Working in support, we receive a lot of request of extracting the vulnerability
exception data from the UI. With this query noted below and using our new SQL
Query export feature, you'll finally be able to obtain that data.
This query will provide you with:
* Exception Scope
* Additional Comments
* Submitted Data
* Submitted By
* Review Date
* Review By
* Review Comments
* Expiration Date
* Status of Exception
* Reason
* Vulnerability Title
* Nexpose ID.
SELECT
CASE
WHEN dve.s
4 min
Metasploit
Bypassing Adobe Reader Sandbox with Methods Used In The Wild
Recently, FireEye identified and shared information
about two vulnerabilities used in the wild to exploit Adobe Reader on Windows XP
SP3 systems. The vulnerabilities are:
* CVE-2013-3346 : An Use After Free on
Adobe Reader. Specifically in the handling of a ToolButton object, which can
be exploited through document's Java
3 min
Exploits
Metasploit Weekly Update: Adobe Reader Exploit and Post-Exploitation YouTube Broadcasting
New Adobe Reader ROP Gadgets
This week, Juan Vazquez put together a neat
one-two exploit punch that involves a somewhat recent Adobe Reader vulnerability
(disclosed back in mid-May) and a sandbox escape via a OS privilege escalation
bug. I won't give away the surprise there -- he'll have a blog post about it up
in a few hours. Part of the work, though, resulted in some new entries in
Metasploit's RopDB; specifically, for Adobe Reader versions 9, 10, and 11.
6 min
IT Ops
How to Configure Rsyslog with Any Log File; Agents Bad...No Agents Good...
Last week I wrote “In Defense of the Agent .”
One of the main advantages of using agents is the ability to easily get the
agent configured to monitor logs of any type
no matter where those logs live on
your file system. We posted the article on Reddit and there were some
interestingcomments
and
discussion – it’s fairly obvious that there is
2 min
API
SQL Export Report using the API
This morning we published the release of the new SQL Query Export
report. Simultaneously the Nexpose Gem
has released version 0.6.0
to support this new report format in all the reporting API calls (you must
update to this latest version to run the report). When the SQL Query Export is
paired with adhoc-report generation, you are a
3 min
ControlsInsight Year In Review
While many are already looking ahead and making security predictions for 2014
, it's also
important to pause and reflect on the year that's been. It's been a whirlwind
year for ControlsInsight. We developed and launched a new product from the
ground up - this in itself is an achievement that everyone involved should be
proud of.
Since launching in August, we've already released 7 product updates to quickly
make improvements based on us