3 min
Mobile Device Security and Android File Disclosure
Back in November, Thomas Cannon brought to light
an
issue within the Android operating system. Specifically, he found that it was
possible to obtain the contents of files on an Android device by simply
persuading its owner to visit a web site under attacker control. The issue only
garners a 3.5 CVSS score, but yet it's still fairly serious.
Thomas reported this issue responsibly to Google and they took it seriously.
Ho
2 min
Patch Tuesday
January Patch Tuesday Roundup
So I know we all were hoping to see a fix for some of this Windows Graphic
Rendering Engine nastiness...but no go. For now, you'll need to resort
to the good ol' FixIt option or if you
wanna get your hands dirty, you can modify the ACL on shimgvw.dll directly.
Either way, if you're running IE, you'll have to patiently wait for the official
patch release.
So this monthly release was lean-n-mean, Microsoft released (2) bulletins,
addressing (3)
7 min
Plunderous Informative Pirates
Gawker got owned. Bad. The resulting data breach resulted in some pretty
entertaining fallout: a hacker gang took down a website purely on perceived
arrogance and self-worth of the target, millions of accounts wound up
compromised all across the web. NPR and other outlets wound up trying to tell us
for like the 10th time how to make a secure password. Overall, it was probably
the second-most entertaining data-breach this year. (The first one, of course,
was when the GNAA goatse'd the world with
6 min
Metasploit
Cisco IOS Penetration Testing with Metasploit
The Metasploit Framework and the commercial Metasploit products have always
provided features for assessing the security of network devices. With the latest
release, we took this a step further and focused on accelerating the penetration
testing process for Cisco IOS devices. While the individual modules and
supporting libraries were added to the open source framework, the commercial
products can now chain these modules together to quickly compromise all
vulnerable devices on the network. The sc
2 min
Offensive Security = Backtrack Linux + Metasploit Pro
This week the guys over at Offensive Security
officially added Metasploit Pro
to their curriculum for
the class Pentration Testing with Backtrack
. For those not familiar
with it, BackTrack is a Linux distribution
that includes a lot of tools for penetration testing. Since 2006, it has been
downloaded three million times and has b
2 min
Metasploit
Sesame Open: Auditing Password Security with Metasploit 3.5.1
Secret passwords don't only get you into Aladdin's cave or the tree house, but
also into corporate networks and bank accounts. Yet, they are one of the weakest
ways to protect access. Sure, there are better ways to secure access, such as
smart cards or one-time password tokens, but these are still far from being
deployed everywhere although the technology has matured considerably over the
past years. Passwords are still the easiest way into a network.
The new Metasploit version 3.5.1 adds a l
1 min
Metasploit Framework 3.5.1 Released!
Rapid7 and the Metasploit Project are proud to announce version 3.5.1 of the
Metasploit Framework! This minor version release adds 47 new modules, including
exploit covereage for recent bugs in the news: Exim4
,
Internet Explorer
, and ProFTPd. Java payloads have seen significant improvement and
java_signed_applet can now use them for compl
6 min
Capturing Windows Logons with Smartlocker
Oftentimes during a penetration test engagement, a bit of finesse goes a long
way. One of the most effective ways to capture the clear-text user password from
a compromised Windows machine is through the "keylogrecorder" Meterpreter
script. This script can migrate into the winlogon.exe process, start capturing
keystrokes, and then lock the user's desktop (the -k option). When the user
enters their password to unlock their desktop, you now have their password.
This, while funny and effective, can
10 min
The Big Easy
People don't like to hire blackhats. It's great because it speaks to so many
levels of assumptions and interests me immensely because of it. Arguably, the
mentality speaks to a much lower level issue with the pervasive American ideal
of perfectionism-- but if I wanted to wax wasteful poetic on the irritating
low-level sociological tendencies of our culture, I'd start a LiveJournal. I've
already got this blog, so let's just stick to the context of the greater
security community.
We all know th
1 min
Metasploit
Turning Your World Upside Down: Metasploit Ambigram Tattoos
Bill Swearingen aka hevnsnt blew us away by designing
a Metasploit ambigram for the Metasploit Pro tattoo
contest
You may remember Roy's Metasploit tattoo
a few weeks ago, which prompted our Metasploit
tattoo competition. We thought it
was a cute idea, expecting a few fun pictures with felt pen tattoos or tattoo
photo montages of of the Metasploit logo.
7 min
Metasploit: Now with more commercial-grade-y-ness
Update (11/17/2010 10:14PM): I've updated the title of this post, based on
solely on the fact that I don't think the old title captured the essence of the
post, and didn't convey the tone i wanted to take.
Clearly Metasploit is a commercial grade product, so the title is decidedly
tongue-in-cheek, but it's important to highlight this fact. A huge benefit of
the commercial products is that we now have the resources to provide QA'd
snapshots (see below). In addition, every submission is hand-revi
1 min
Patch Tuesday
November Patch Tuesday Roundup
Microsoft's November Patch Tuesday was fairly light with only 3 security
bulletins covering 11 vulnerabilities, only one bulletin, MS10-087, was rated
critical. The bulletin related to MS Office 2007 and Office 2010
vulnerability which could be exploited by a classic drive by type attack when a
customer views a malicious RTF.
As Josh Abraham, Rapid7 security research analyst noted, the fact that November
is fairly light could be a blessing. "Based on the huge amount of patches from
last mo
2 min
Metasploit
How VPN pivoting creates an undetectable local network tap
Let's assume your goal for an external penetration test is to pwn the domain
controller. Of course, the domain controller's IP address is not directly
accessible from the Web, so how do you go about it? Seasoned pentesters already
know the answer: they compromise a publicly accessible host and pivot to other
machines and network segments until they reach the domain controller. It's the
same concept as a frog trying to cross a pond by jumping from lily pad to lily
pad.
If you have already us
1 min
Metasploit Framework 3.5.0 - Win32 respin
The 3.5.0 release a couple of weeks ago ran into a few minor problems in the new
Windows installer. First, Console2, our new terminal emulator, wouldn't work
correctly with our setup if you already had a copy installed. Second,
installing into a directory with a space in its name would prevent Console from
starting. Lastly, and probably more important for most users, is that the new
msfgui didn't work out of the box due to some incorrect paths in various
places. All of these issues have been
2 min
Awards
We weren't joking when we said "tattoos"!
Be careful what we wish for: In 2006, HD Moore wrote a blog post
about a redesign of the Metasploit
Project, announcing that the new graphics “will be featured on tee shirts,
posters, and tattoos over the coming year.” Well, you guys took a little longer
than we thought but we now have our first Metasploit tattoo!
Initially, we thought Roy Morris (aka @soundwave1234
) was joking when he tweeted to @hdmoore