4 min
Metasploit
Change the Theme, Get a Shell: Remote Code Execution with MS13-071
Recently we've added an exploit for MS13-071
to
Metasploit. Rated as "Important" by Microsoft, this remote code execution, found
by Eduardo Prado, for Windows XP and Windows 2003 environments is achieved by
handling specially crafted themes. In this blog post we would like to discuss
the vulnerability and give some helpful tips for exploiting it from Metasploit.
First of all, the bug occurs while handling the section on
2 min
Understanding Security Control Grades
One of the most valuable features of ControlsInsight is its ability to
prioritize security control improvement guidance as a sequence of next steps. It
does this by grading each security control configuration and ordering the
guidance for each configuration by grade. ControlsInsight calculates the grade
for each security control configuration based upon the coverage of that
configuration across all assessed assets and a weight assigned to that
configuration.
Coverage
Coverage is the measure of
2 min
Internet Explorer
IE 0-day: exploit code is now widely available (CVE-2013-3893)
Any newly discovered Internet Explorer zero day vulnerability is bad for users.
But once the exploit code gets around to public disclosure sites, it's so much
worse. In the past day or so exploit code has been submitted to virustotal.com
and scumware.org.
Users and administrators should take immediate action to mitigate the risk posed
by CVE-2013-3893. Considering the timing, I personally expect to see an out of
band patch from Microsoft before October's patch Tuesday, but that is just
specu
2 min
IT Ops
How to Log Client-side JavaScript Events – Logging for the Web with le.js
At Logentries we provide a comprehensive collection of client libraries
and inputs
which make it easy to dispatch log events from any tier in your existing
infrastructure. Until now though, one platform has been left out, and it’s the
most ubiquitous and widely-understood of all- the browser. Collecting events
from the browser presents a number of challenges which have hindered the
development of a viable solution:
* There’s n
5 min
Kvasir: Penetration Data Management for Metasploit and Nexpose
Data management is half the battle for penetration testing, especially when
you're auditing large networks. As a penetration tester with Cisco's Advanced
Services, I've created a new open source tool called Kvasir that integrates with
Metasploit Pro, Nexpose, and a bunch of other tools I use regularly to aggregate
and manage the data I need. In this blog post, I'd like to give you a quick
intro what Kvasir does - and to invite you to use it with Metasploit Pro.
Cisco's Advanced Services has b
2 min
Government
Federal Friday – 9.20.13 – The Air Gapped-Off line Edition
September 20th. Yup, I said it. We are two days away from the Autumnal Equinox,
and I find myself asking; where have the spring and summer gone? With about 6
working days left in the federal FY13 most of us are knee deep in year-end wrap
and FY14 prep (even though that might be delayed a little while).
I read a nice article in the New York Times last weekend by Matthew L. Wald
called “Imagining a Cyberattack on the Power Grid
3 min
Metasploit
Weekly Update
Windows Meterpreter: Reloaded
If you've been around Metasploit for any length of time, you know that
Meterpreter is the preferred and de facto standard for manipulating a target
computer after exploit. While Meterpreter and Metasploit go hand-in-hand, we did
manage to get some code seperation between the two by breaking Windows
Meterpreter out to its own open source respository on GitHub
.
As threatened in a previous blog post ,
2 min
Site Import Procedure
The ControlsInsight product provides a Manage tab in its UI that allows users to
filter assets by site. Sites viewed in this Manage tab are taken directly from
the names of the sites as it exists in Nexpose. This feature allows users to
segregate the data assessed and displayed in ControlsInsight.
Assessments.
Assessment is the process by which ControlsInsight analyses asset data to
determine your threat posture. Assessments can only happen after a scan is
complete. This means that if yo
3 min
Metasploit
Weekly Update: MSIE, GE Proficy, and handling Metasploit merge conflicts
Exploiting Internet Explorer (MS13-055)
This week, we open with a new IE exploit. This is a pretty recent patch (from
July, 2013), and more notably, it appears it was silently patched without
attribution to the original discoverer, Orange Tsai. So, if you're a desktop IT
admin, you will certainly want to get your users revved up to the latest patch
level. Thanks tons to Peter WTFuzz Vreugdenhil and
of course Wei sinn3r Chen for knocking
3 min
Video Tutorial: Introduction to XML External Entity Injection
Title: Video Tutorial: Introduction to XML External Entity Injection
Author: webpwnized
From: ISSA KY Sept 2013 Workshop (Louisville, KY)
Twitter: @webpwnized
This video introduces XML injection to achieve XML external entity injection
(XXE) and XML based cross site scripting (XSS). Please find notes used/mentioned
in video posted below the video.
1. What is XML injection
2. What is an "entity"
3. What is entity injection
4. Cross site
3 min
Microsoft
Patch Tuesday, Sept 2013
September's Patch Tuesday is live! The 14 bulletins predicted were cut to 13,
with the .NET patch landing on the cutting room floor. A patch getting pulled
after the advance notice is up usually indicates that late testing revealed an
undesired interaction with another product or component.
Of the 13 bulletins remaining they are split 7/6 between the MS Office family
and Windows OS patches, if we are counting the Internet Explorer patch as part
of the OS patching, anti-trust lawsuits notwiths
2 min
Product Updates
Weekly Update: Apple OSX Privilege Escalation
Sudo password bypass on OSX
This week's update includes a nifty local exploit for OSX, the sudo bug
described in CVE-2013-1775. We don't have nearly enough of these Apple desktop
exploits, and it's always useful to disabuse the Apple-based cool-kids web app
developer crowd of the notion that their computing platform of choice is
bulletproof.
Joe Vennix , the principle author of this module,
is, in fact, of that very same Apple-based developer crowd, and usually bu
3 min
Incident Detection
Finding Out What Users are Doing on Your Network
One of the most common questions in IT is how to find out what users are doing on a network. We break down the common ways to monitor users on your network.
2 min
Metasploit
Firewall Egress Filtering
Why And How You Should Control What's Leaving Your Network
Most companies have firewall rules that restrict incoming traffic, but not
everyone thinks to restrict data leaving the network. That's a shame, because a
few easy configurations can save you a lot of headaches.
Firewall egress filtering controls what traffic is allowed to leave the network,
which can prevent leaks of internal data and stop infected hosts from contacting
their command & control servers. NAT alone won't help you - you ac
2 min
Nexpose
Rapid7 part of VMware NSX Partner ecosystem
We're very excited that VMware is showcasing Rapid7 as an official VMware NSX
Partner
at VMworld 2013 this week, demonstrating how we provide best-in-class
vulnerability management for virtual networks.
Rapid7 has been a longtime partner with VMware. In 2011, we introduced our
vAsset discovery
method that allows Nexpose to have real-time visib