4 min
Penetration Testing
Free Metasploit Penetration Testing Lab in the Cloud
No matter whether you're taking your first steps with Metasploit or if you're
already a pro, you need to practice, practice, practice your skillz. Setting up
a penetration testing lab can be time-consuming and expensive (unless you have
the hardware already), so I was very excited to learn about a new, free service
called Hack A Server, which offers vulnerable machines for you to pwn in the
cloud. The service only required that I download and launch a VPN configuration
to connect to the vulnerab
3 min
Metasploit
Using BackTrack 5 R3 with Metasploit Community or Metasploit Pro
Update: Kali Linux now superseded BackTrack as a platform. We strongly recommend
using Kali Linux over BackTrack if you are going to run Metasploit. More info
here
.
As of version 5 R3, BackTrack comes pre-installed with Metasploit 4.4, so it's
now easier to use Metasploit Community Edition or Metasploit Pro on BackTrack.
Here is how it's done:
* After BackTrack boots, enter startx t
6 min
Guide to monitoring JVM Memory usage
This guide is designed to show a few techniques to monitor how the Java Virtual
Machine (JVM) memory is used. When Nexpose starts, it takes a 75% sized chunk of
the available memory. The memory utilization graph of your system will just
appear to flat-line.** But what does it really do with all that memory?
Hopefully by the end of this guide you will have a better idea of what goes on
under that line and be able to tweak your systems to maximum efficiency.**
How does memory usage work with the
5 min
Exploits
Security Death Match: Open Source vs. Pay-for-Play Exploit Packs
In the blue corner: an open-source exploit pack. In the red corner: a
pay-for-play incumbent. As a security professional trying to defend your
enterprise against attacks, which corner do you bet on for your penetration
tests?
What's the goal of the game?
Okay, this is a loaded question, because it really depends on what your goal is.
If you are like 99% of enterprises, you'll want to protect against the biggest
and most likely risks. If you are the 1% that comprise defense contractors and
the
2 min
Metasploit
How Metasploit's 3-Step Quality Assurance Process Gives You Peace Of Mind
Metasploit exploits undergo a rigorous 3-step quality assurance process so you
have the peace of mind that exploits will work correctly and not affect
production systems on your next assignment.
Step 1: Rapid7 Code Review
Many of the Metasploit exploits are contributed by Metasploit's community of
over 175,000 users, making Metasploit the de-facto standard for exploit
development. This is a unique ecosystem that benefits all members of the
community because every Metasploit user is a “sensor”
8 min
Metasploit
New Metasploit Exploit: Crystal Reports Viewer CVE-2010-2590
In this blog post we would like to share some details about the exploit for
CVE-2010-2590, which we released in the last Metasploit update. This module
exploits a heap-based buffer overflow, discovered by Dmitriy Pletnev, in the
CrystalReports12.CrystalPrintControl.1 ActiveX control included in
PrintControl.dll. This control is shipped with the Crystal Reports Viewer, as
installed by default with Crystal Reports 2008. While this is a vulnerability
from the end of 2010, its exploitation has some
2 min
Metasploit
Weekly Metasploit Update: CrystalReports and Testing Discipline
Dissecting CrystalPrintControl
This week's update is, by all accounts, pretty light. This may be the first
update we've shipped that has exactly one new module. To make up for the lack
of quantity, though, we've got some quality for you, oh boy.
If it's snowy and blustery where you live, grab yourself a cup of hot cocoa,
gather the kids, and watch their little eyes twinkle in the firelight as you
regale them with the classic fable of how Metasploit Exploitation Elf Juan
@_juan_vazquez
3 min
Exploits
5 Tips to Ensure Safe Penetration Tests with Metasploit
Experienced penetration testers know what to look out for when testing
production systems so they don't disrupt operations. Here's our guide to ensure
smooth sailing.
Vulnerabilities are unintentional APIs
In my warped view of the world, vulnerabilities are APIs that weren't entirely
intended by the developer. They hey are also undocumented and unsupported. Some
of these vulnerabilities are exploited more reliably than others, and there are
essentially three vectors to rank them:
* Exploit s
2 min
Metasploit
Introduction to Metasploit Hooks
Metasploit provides many ways to simplify your life as a module developer. One
of the less well-known of these is the presence of various hooks you can use for
processing things at important stages of the module's lifetime. The basic one
that anyone who has written an exploit will be familiar with is exploit, which
is called when the user types the exploit command. That method is common to all
exploit modules. Aux and post modules have an analogous run method. Common to
all the runnable modules
8 min
Metasploit
The Odd Couple: Metasploit and Antivirus Solutions
I hear a lot of questions concerning antivirus evasion with Metasploit, so I'd
like to share some the information critical to understanding this problem. This
blog post is not designed to give you surefire antivirus (AV) evasion
techniques, but rather to help you understand the fundamentals of the issue.
A Quick Glossary
Before we begin, let's define a few terms. This will be important for
understanding some of the things we will discuss.
Payload: A payload is the actual code that is being del
3 min
Metasploit
Weekly Metasploit Update: Exploit Dev How-to and InfoSec Targets
Metasploit 4.5 has been out for a few days, so it's high time for an update.
Let's hop to it!
1000th Exploit: Freefloat FTP WMI
I often hear the question, "How do I get started on writing exploits?" Well, I'd
like to point you to Metasploit's 1000th exploit (future Hacker Jeopardy
contestants, take note): On December 7, 2012, Wei "sinn3r" Chen and Juan Vazquez
committed FreeFloat FTP Server Arbitrary File Upload
. Now,
as
4 min
Exploits
November Exploit Trends: Apache Killer Exploit New to List
This month was a quiet one on the Metasploit Top Ten List. Each month we compile
a list of the most searched exploit and auxiliary modules from our exploit
database . To protect user's privacy, the statistics
come from analyzing webserver logs of searches, not from monitoring Metasploit
usage.
The only new addition to the list this month is an old Apache Killer exploit.
Read on for the rest of November's exploit and auxiliary modules with commentary
by Metasploit's o
2 min
Nexpose
Introducing Nexpose 5.5 - CIS, USGCB 2, Enhanced Reporting, and Data Scalability
For those of you that don't know me, I head up the Nexpose engineering team, and
we are excited to introduce the latest release, Nexpose 5.5. This release
focuses on meeting three big needs that we've heard about from our customers.
The first is configuration assessment. This is a big deal for organizations that
are subject to regulatory or internal standards that require confirmation of
specific configurations of IT assets, such as USGCB 2.0. For those
organizations, proving compliance is pain
2 min
Metasploit Hits 1000 Exploits
Along with today's 4.5 release
,
Metasploit hit a thousand exploits.
So, what does that mean? Well, let's take a look, historically.
When Metasploit 1.0 was released on October 6, 2003, it boasted all of 11
exploits, according to this mailing list post
. Now, this is 9 years ago,
so an announcement on a mailing list of more than one exploit was pretty novel,
and "a ton
15 min
Malware
Skynet, a Tor-powered botnet straight from Reddit
While wandering through the dark alleys of the Internet we encountered an
unusual malware artifact, something that we never observed before that gave us
fun while we meticulously dissected it until late night.
The more we spent time looking at it, the more it started to look unusually
familiar. As a matter of fact it turned out being the exact same botnet that an
audacious Reddit user of possible German origin named “throwaway236236”
described in a very popular I Am A thread you can read here