All Posts

2 min

What would Trinity do with Kingcope's SSH 0day?

Citizens of the Matrix, Today, I'd like to inform you that there is a Tectia SSH 0day vulnerability discovered by security researcher "Kingcope "... or really, we suspect his real name is Mr. Thomas Anderson .  The vulnerability itself allows any remote user to bypass login if a USERAUTH CHANGE REQUEST is sent before password authentication, and then gain access as root.  Please note as of now, there is no official patc
2 min

A New Look for Rapid7

Today we unveiled a new logo, website and brand identity for Rapid7.  We didn't make a subtle change, as many companies do.  We purposefully made sweeping changes because we don't like to do anything half way. Yet our new brand bridges our history and our future. Our company was founded upon a simple premise: IT security is a complex challenge, but the solutions designed to address it shouldn't be. We believed then, and we believe now, that IT security solutions should make your work easier, mo
2 min Metasploit

Weekly Metasploit Update: OpenVAS, SAP, NetIQ, and More!

Now that I've consumed a significant percentage of my own weight in turkey (seriously, it was something like five percent), it's time to shake off the tryptophan and get this week's update out the door. Attacking Security Infrastructure: OpenVAS This week's update features three new module for bruteforcing three different OpenVAS authentication mechanisms, all provided by community contributor Vlatko @k0st Kosturjak. OpenVAS is an open source security management stac
2 min IT Ops

Getting terminal colors right

As a part of our work on ANSI escape code coloring, I looked in detail at default colors used in different command line terminals. It appears form the Wikipedia article that colors are set at their brightest level with minor variances across implementations: Adapting these color schemes gives the result as in the following picture: If you try to read the te
2 min Metasploit

Weekly Metasploit Update: Web Libs, SAP, ZDI, and More!

Fresh Web Libs As we head into the holiday season here in the U.S., Metasploit core developers Tasos @Zap0tek Laskos and James @Egyp7 Lee finished up a refresh of the Metasploit fork of the Anemone libraries, which is what we use for basic web spidering. You can read up on it here . The Metasploit fork isn't too far off of Chris Kite's mainline distribution, but does account for Metasploit's Rex sockets, ad
18 min

New 0day Exploits: Novell File Reporter Vulnerabilities

Today, we present to you several new vulnerabilities discovered in Novell File Reporter 1.0.2, which "helps organizations more effectively manage network storage by providing administrators the ability to access comprehensive network storage information so that they can determine the best means of addressing their storage content". Following our standard disclosure policy, we notified both Novell and CERT. Vulnerabilities Summary The four vulnerabilities presented have been found in the same co
4 min Metasploit

Weekly Metasploit Update: WinRM x2, ADDP, RealPort, CI and BDD

WinRM, Part Two In the last Metasploit update blog post, we talked about the work from Metasploit core contributors @TheLightCosine , @mubix and @_sinn3r on leveraging WinRM / WinRS. As of this update, Metasploit users can now execute WQL queries , execute commands , an
1 min IT Ops

Feature requests

There are so many thing we can do with logs. We have a pile of new ideas on how to make Logentries better and we spend time implementing these every single day. We also collect feature requests from you, our lovely users. But we want to do more – we want to include you to the whole process of future development. We are happy to announce our Feature requests page, a page that enables you to add new feature requests, vote on them, and add comments with more details. Access the page from the sideb
6 min Metasploit

Abusing Windows Remote Management (WinRM) with Metasploit

Late one night at Derbycon , Mubix and I were discussing various techniques of mass ownage. When Mubix told me about the WinRM service, I wondered: "Why don't we have any Metasploit modules for this yet?" After I got back , I began digging. WinRM/WinRS WinRM is a remote management service for Windows that is installed but not enabled by default in Windows XP and higher versions, but you can install it on older operating systems as well. Win
1 min Career Development

2012: Rapid7 Is a Boston Globe Top Place to Work...Again

I'm very happy to announce that Rapid7 has placed #13 on the Boston Globe's Top Places to Work 2012. It's our second consecutive year on the Globe's list, and thanks to our phenomenal growth, this year we hopped over from the small business category to the mid-sized category. We've expanded our numbers 50% already this year and just reported our 14th consecutive record quarter of revenue growth. Our inclusion in the Top Places to Work list highlights how important our culture is to us, even a
3 min Metasploit

Weekly Metasploit Update: WinRM Part One, Exploiting Metasploit, and More!

WinRM Exploit Library For the last couple weeks, Metasploit core contributor David @TheLightCosine Maloney has been diving into Microsoft's WinRM services with @mubix and @_sinn3r . Until these guys started talking about it, I'd never heard WinRM. If you're also not in the Windows support world day-to-day, you can read up on it at Microsoft

2 min Metasploit

Weekly Metasploit Update: Microsoft Windows and SQL, TurboFTP, and More!

AppSecUSA 2012 Last week was AppSecUSA 2012 here in Austin, which may explain the curious absence of a weekly Metasploit Update blog post. The hilights of Appsec for me, were (in no particular order): Meeting Raphael @ArmitageHacker Mudge in person for the first time, meeting Scott @_nullbind Sutherland, author of a bunch of recent Microsoft SQL post modules, and both of whom happened to contribute to last week's Metasploit upda
3 min Metasploit

Weekly Metasploit Update: Reasonable Disclosure, PHP EXE Wrappers, and More!

ZENWorks' Accidental Backdoor This week, we saw the release of Metasploit exploit developer Juan Vazquez's freshly discovered vulnerability in Novell ZENWorks. You can read all about it in Juan's great technical blog post, but the short version for the attention-deprived is: Novell ZENWorks ships with hard-coded credentials, which allow for SYSTEM-level file system read access. That seems like kind of a big deal for ZENWorks users -- namely because there's no reasonable way to change these cred
3 min

Ghost - an introduction

Rapid7 has announced today that the Ghost USB honeypot will be one of the projects sponsored in their Magnificent7 program. In this blog post, I'm going to give an overview of what Ghost is all about, and I'll motivate our plans for the next year. Our goal is to protect you from the threats of using USB devices. Despite being indisputably useful, USB devices in general and storage devices in particular bear a great risk: Malware can use them as a t
7 min Exploits

New 0day Exploit: Novell ZENworks CVE-2012-4933 Vulnerability

Today, we present to you a flashy new vulnerability with a color-matching exploit straight from our super secret R&D safe house here in Metasploit Country. Known as CVE-2012-4933 , it applies to Novell ZENworks Asset Management 7.5, which "integrates asset inventory, software usage, software management and contract management to provide the most complete software asset management tool available". Following our standard disclosure polic

Popular Topics

Tags