2 min
Nexpose
Assessing risk using Security Intelligence
Robert Lemos wrote an interesting article
about how CVSS alone does not necessarily give you enough information for
effective remediation prioritization. Adding context about which vulnerabilities
are being exploited easily using known exploits provides a much better way of
determining whether or not a given asset is at risk from a real attack. Quoting
the research completed by Luca Allodi and Fabio Ma
6 min
Metasploit
Good Exploits Never Die: Return of CVE-2012-1823
According to Parallels, "Plesk is the most widely used hosting control panel
solution, providing everything needed for creating and offering rich hosting
plans and managing customers and resellers, including an intuitive User
Interface for setting up and managing websites, email, databases, and DNS."
(source: Parallels ). On
Jun 05 kingcope shocked Plesk world by announcing a new 0 day which could allow
for remote command execution:
Accordi
3 min
Metasploit
Metasploit Update: Those Sneaky IPMI Devices
IPMI, in my network?
This week's update features a set of tools for auditing your IPMI
infrastructure. "Phew, I'm glad I'm not one of those suckers," you might be
thinking to yourself. Well, the thing about IPMI (aka, the Intelligent Platform
Management Interface) is that it's just a skootch more esoteric than most
protocols, and even experienced server administrators may not be aware of it. Do
you use server hardware from IBM, Dell, or HP? Have you ever had to use IBM's
Remote Supervisor adapte
3 min
Introducing RiskRater - a free tool for benchmarking endpoint, mobile and user risk management programs
Introductions
After lurking for a little while, I'm starting to write on SecurityStreet today
in order to introduce RiskRater , a tool we've
been working on recently. RiskRater is an interactive free tool designed to give
security professionals a quick snapshot of how they are doing in terms of their
security controls for endpoints, mobile devices and user-based risk.
What Does RiskRater Do?
We frequently hear from security professionals that they are under consta
13 min
Metasploit
A Penetration Tester's Guide to IPMI and BMCs
Introduction
Dan Farmer is known for his groundbreaking work on
security tools and processes. Over the last year, Dan has identified some
serious security issues with the Intelligent Platform
Management Interface (IPMI) protocol and the Baseboard Management Controllers
(BMCs) that speak it. This post goes into detail on how to identify and test for
each of the issues that Dan identified, using a handful of free security tools.
If you are lo
3 min
IT Ops
Customer Spotlight with Adept Mobile: Ever wonder how the New England Patriots/Miami Dolphins/Boston Celtics handle website demand capacity
We’re launching a new customer Q&A series, where we chat with our customers
about how they’re using log data , their
technology stack, and their overall industry insights. We love talking to our
users, because we always learn something new – and we’d like to share those
insights with you.
In our first interview, we caught up with Craig Heneveld, Director of Technology
at Adept Mobile in Boston, to talk about the development challenges and
successes of bringing
2 min
Metasploit
Weekly Update: Fun with ZPanel, MoinMoin, and FreeBSD
Chaining Zpanel Exploits for Remote Root
ZPanel is a fun, open source web hosting control panel, written in code
auditors' favorite language, PHP. For bonus points, ZPanel likes to do some
things as root, so it installs a nifty little setuid binary called 'zsudo' that
does pretty much what you might expect from a utility of that name -- without
authentication. In the wake of some harsh words on reddit and elsewhere in
regard to the character of ZPanel's development team, the project came to the
13 min
Metasploit
From the Wild to Metasploit: Exploit for MoinMoin Wiki (CVE-2012-6081)
Recently we've added to Metasploit a module for CVE-2012-6081,
an arbitrary file
upload vulnerability affecting to the version 1.9.5 (patched!) of the MoinMoin
Wiki software. In this blog entry we would like to share
both the vulnerability details and how this one was converted in RCE (exploited
in the wild!) because the exploitation is quite interesting, where several
details must have into account to successful e
2 min
Product Updates
Weekly Update: Smaller is Better
In this week's episode, the role of Tod Beardsley will be played by egypt.
Smaller is better
Perhaps the most prominent addition to the framework this week is not an
addition at all, but rather a deletion. We've been working toward a slimmer,
more manageable source tree for a while now, and as part of that effort, we
recently removed a pile of old-and-busted unit tests. This update goes a bit
further, moving source code for some compiled payloads into seperate
repositories. Metasploit's version
7 min
XSS
Cross-site Scripting (XSS) Attacks vs SQL Injection Attacks (SQLi)
A common misunderstanding in the world of Web Application Security is the
difference between the consequences of a cross-site scripting
vulnerability and
the consequences of an SQL Injection Attacks (SQLi)
. We can even go a
step back and say the misunderstanding is on a much broader level; the
difference in consequences between a client-side exploitable vulnerability and a
ser
2 min
Video Tutorial - Installing Kali Linux on Bootable, Persistent USB
Author: Jeremy Druin (webpwnized)
Twitter: @webpwnized
Title: Installing Persistent Kali Linux on Bootable USB Flash Drive
From: ISSA KY June 2013 Workshop
Recorded By: Adrian Crenshaw (@irongeek_adc)
This video covers the installation of Kali Linux on a USB drive. Additionally,
setting up persistence on a separate partition is reviewed including how the
persistence works. A Kali Linux virtual machine is used to create the USB.
The workshop was done to support the Long family. Johnny Long
4 min
Custom Vulnerability Checks using Nexpose's Vulnerability Schemas
Over the years, several documents have been written about how to write custom
vulnerability checks in Nexpose. The most important of these include one about
the various components of a vulnerability check
, one
that
gives examples of common vulnerability checking techniques
,
and another about converting NASL checks to something compatible with Nexpo
1 min
Patch Tuesday - June Edition
The top patching priority in this month's MS Tuesday is MS13-051 which is a
vulnerability affecting Office 2003 for PCs and Office 2011 for Mac. This issue
is seeing limited, targeted exploitation in the wild and the only reason
Microsoft hasn't tagged it as a “Critical” issue is the limited number of
affected platforms. Exploitation of this issue requires the user to interact
with a malicious document.
The kernel elevation of privilege issue disclosed by Google researcher Tavis
Ormandy bug i
6 min
Nexpose
Guide to HTTP Header Configuration
Guide to HTTP Header Configuration
This guide is designed to show how to setup an authenticated web application
scan using HTTP Headers using Metasploit as the target web application. We will
also go over using the Firebug and Cookie Importer Add-ons in firefox to
manually test HTTP headers.
The first thing we want to do is open Firefox and download the ‘Cookie Importer'
and ‘Firebug' Add-ons.
Now that we have our Add-ons installed we will want to restart our brower and
then start
3 min
Product Updates
Weekly Update: The Nginx Exploit and Continuous Testing
Nginx Exploit for CVE-2013-2028
The most exciting element of this week's update is the new exploit for Nginx
which exercises the vulnerability described by CVE-2013-2028
. The
Metasploit module was written by Metasploit community contributors hal and
saelo, and exploits Greg McManus's bug across a bunch of versions on a few
pre-compiled Linux targets. We don't often come across remote, server-side stack
buffer overflows in popul