3 min
Metasploit
Weekly Metasploit Update: RopDB, Local Exploits, Better Samples, and More
Introducing RopDB
This week, Metasploit exploit devs Wei "sinn3r" Chen and Juan Vazquez finished
up Metasploit RopDB. This advancement allows for drop-in ROP chains in new
exploits, without all that mucking around with copying and pasting mysterious
binary blobs from one exploit to the next. For the details on how to use it and
what to expect in the API, see sinn3r's most excellent blog post. What all this
does is bottle up ROP wisdom in a central repository, so chains can be added and
modified
2 min
IT Ops
Cooking up Engine Yard logs with Chef
Opscode’s Chef is an open-source automation framework for the cloud, involving
‘recipes’ that can be triggered by events such as servers booting or restarting.
Chef scripts are written in Ruby, but will often use OS-specific system calls to
manipulate server instances. Chef is a great way to automate your cloud, and in
particular it’s useful as your environment grows! On Engine Yard, Chef recipes
can also be used to configure add-ons (like Logentries) on your servers, as we
will explain…
Each s
2 min
Nexpose
Multi-tenant User Provisioning
Introduction
Performing bulk operations can be time consuming in Nexpose. A good example is
user provisioning, which can take a long time. To save time, using the Nexpose
APIs is an effective way to save you time and eliminate the error-prone process
of doing everything manually. For this blog post, I want to demonstrate how you
can manage users using the Nexpose API. I will be using an open source Java API
client, which is available on clee-r7/nexpose_java_api · GitHub
3 min
Metasploit
Weekly Metasploit Update: Stealing Print Jobs, Exploiting Samba, and More
This update has something for everyone -- new exploits, new auxiliary modules,
new post modules, and even new payloads. If quadfecta is a word, we totally hit
it this week!
More Mac OSX 64-Bit Payloads
The parade of OSX 64-bit payloads continues, with five new 64-bit payloads added
this week:
* modules/payloads/singles/osx/x64/say.rb
* modules/payloads/singles/osx/x64/shell_find_tag.rb
* modules/payloads/stagers/osx/x64/bind_tcp.rb
* modules/payloads/stagers/osx/x64/reverse_tcp.rb
* modul
4 min
Defeat the Hard and Strong with the Soft and Gentle Metasploit RopDB
Data Execution Prevention (DEP) has
always been a hot topic in modern software exploitation. This is a security
feature implemented in most popular operating systems, designed to prevent a
program from executing in a non-executable memory location. So when a malicious
code tries to inject payload in memory, it should fail during execution, and
then simply crashes. But here's the thing, although DEP plays an important role
to your computer's countermeas
1 min
Nexpose
Moving from HML (High, Medium, Low) Hell to Security Heaven – Whiteboard Wednesdays
At last check there are about 22 new vulnerabilities being published and
categorized every single day (see National Vulnerability Database web site -
http://nvd.nist.gov/). In total, the National Vulnerability Database now
contains more than 53,000 vulnerabilities. No wonder security professionals are
overwhelmed with the sheer volume of vulnerabilities in their daily practices.
At the same time, the prioritization schema that many organizations use are
quite basic and are either proprietary or
2 min
API
How to generate reports through the API
Nexpose provides a number of api methods for report management. Through the API
you can create/update a report configuration, generate a report on the fly, and
view the status of the generation requests.
A report configuration, in particular, is a configuration for a type of report.
With a configuration, a user can specify the template, format, and content for a
report. In order to create a configuration via the API a user must generate a
ReportSaveRequest.
ReportSaveRequest - The report save
0 min
Nexpose
Nexpose Reporting with the Java API Client
Nexpose reporting just got easier!
Now you can manage and generate Nexpose reports though an interactive
application that leverages the Nexpose Java API client.
Here is a list of the options that are currently supported.
1. List Reports
2. Generate Reports
3. Delete Reports
4. Delete Report Configurations (and all associated reports)
5. View Report Configuration
6. View Report History
Attached is a copy of the application and the source code so you can easily
modify and extend its func
5 min
Javascript
Creating a bunch of users at once using the Nexpose API
I would like to take the time to share an example of how you can use the Nexpose
API to create a batch of users at one time with the use of a CSV file. Sounds
too good to be true right?
I swear to you that this is not a mirage. In fact I am prepared to put my money
where my mouth is and post a code example with Rapid7's very own Open Source
Java API client. This will allow you to do the following:
* Interactively specify a CSV file to Create Update and even remove existing
users * Please s
0 min
IT Ops
Focus on the first input element in jQuery
Just in case you want to focus on the first element in a form, here is how to do
it through one simple jQuery sector:
$('#form-id :input:enabled:visible:first').focus();
Once you select the right form (#form-id), it’s time to specify any input
elements including text areas (:input) which are editable (:enabled), visible
(:visible), and first in the form (:first).
4 min
IT Ops
How do I know if my Heroku app is slow?
So you’ve written a nice new Heroku app and have tested it thoroughly – it seems
really fast – yay!!! And what do I mean by thoroughly… so you tried out all the
functionality, everything works as you’ve expected, and the response time seems
A-ok!
Well at least it seems ok when there’s one request at a time…. but you wonder
what happens when you go live and the floodgates open… what is the response time
going to be like then and how will you know what your users are experiencing?
Thanks for Swe
2 min
Authentication
Free Scanner for MySQL Authentication Bypass CVE-2012-2122
The MySQL authentication bypass vulnerability (CVE-2012-2122) - explained in
detail in HD Moore's blog post - was the cause for much concern when it was
first discovered. In response, we've created a new vulnerability scanner for
CVE-2012-2122 called ScanNow, which enables you to check your network for
vulnerability to this security issue. The best thing: it's simple to use,
completely free, and scans unlimited IPs for this vulnerability!
This vulnerability allows an attacker to bypass authenti
4 min
Nexpose
Nexpose Community Edition Lab | Scanning & Reports
In the previous blog post, we walked through creating a virtual machine and
installing Nexpose Community for use in a small lab environment. In this post,
we'll highlight key features of Nexpose, run Discovery and Vulnerability scans
and finally generate a report to assist with remediating those pesky
vulnerabilities.
To log into your Nexpose Console, open your browser and navigate to:
https://localhost:3780 , then input the credentials you
specified during the inst
1 min
Metasploit
Webcast: Decrease Your Risk of a Data Breach - Effective Security Programs with Metasploit
Thanks for the many CISOs and security engineers who attended our recent
webcast, in which I presented some practical advice on how to leverage
Metasploit to conduct regular security reviews that address current attack
vectors. While Metasploit is often used for penetration testing projects, this
presentation focuses on leveraging Metasploit for ongoing security assessments
that can be achieved with a small security team to reduce the risk of a data
breach.
This webcast is now available for o
2 min
Metasploit
Weekly Metasploit Update: HP, PHP, and More!
Stupid PHP Tricks
This week's Metasloit update is a cautionary tale about running unaudited PHP
applications as part of your infrastructure. Metasploit community contributor
Brendan Coles has discovered and written Metasploit
modules for two similar root-level vulnerabilities one for OpenFiler
and one for WAN Emulator
(a