4 min
Patch Tuesday
December Microsoft Patch Tuesday Roundup
Time once again for this month's summary of the latest Microsoft Security
updates. NeXpose (including the free NeXpose Community Edition) users will have
coverage within 24 hours or less. Metasploit already had a module for the IE
exposure. Here's the breakdown ...
6 updates, with 12 vulnerabilities covered. Here's the breakdown:
MS09-069: Rated Critical. Potential Denial of Service via ISAKMP through IPsec
affecting LSASS, covering 1 vulnerability: CVE-2009-3675. Important to note that
W
2 min
Patch Tuesday
December Microsoft Patch Tuesday Preview
Sheldon here with a preview of what's coming out in next week's Microsoft Patch
Tuesday …
6 updates in total, covering 12 vulnerabilities. Windows, IE, and Office are
affected.
Bulletin 1: Remote Code Execution affects all supported Windows versions, rated
Important on most, Moderate on XP, and Critical on Server 2008. This will be
the second highest priority out of the Critical updates – particularly if you
have deployed Windows Server 2008.
Bulletin 2: Remote Code Execution doesn't aff
2 min
NeXpose Community Edition/Metasploit Integration: Responding to the Needs of Users
When we released NeXpose Community Edition and Metasploit 3.3.1 two days ago, we
received a lot of interest from members of the community. As people have
downloaded the new releases and started using them, we've had a lot of great
feedback. Your response has been exceptionally positive and people are finding a
lot of value in the NeXpose/Metasploit integration. Sincere thanks to everyone
who has provided feedback so far.
As with any free product version, there are some enterprise features that
0 min
Metasploit v3.3 Released!
HD Moore and the entire Metasploit team have released Metasploit v3.3! I'm
really excited to start using this new release as it provides tons of new
features including: 123 new exploits, 117 new auxiliary modules, support for
Vista and Windows 7, improved stability of Meterpreter, all applicable exploits
now have OSVDB references, Meterpreter with colors and much much more! More
details be be found within the Release Notes.
Download Metasploit v3.3 here
6 min
Metasploit Framework 3.3 Released!
We are excited to announce the immediate availability
of version 3.3 of the Metasploit
Framework. This release includes 446 exploits
, 216 auxiliary modules
, and hundreds of payloads
, including an in-memory VNC service
and the Meterpreter. In addition, the Windows payloads now support NX, DEP,
IPv6, and the Windo
3 min
Microsoft
November Microsoft Patch Tuesday Roundup
Time once again for this month's summary of the latest Microsoft Security
updates …
6 updates, with 15 vulnerabilities covered. Here's the breakdown:
MS09-063: Rated Critical. Potential Remote Code Execution via Memory Corruption
in Web Services on Devices API, covering 1 vulnerability: CVE-2009-2512.
Important to note that this one only affects Windows Vista and Server 2008. Also
important to note that attackers must be on the local subnet to exploit this
vulnerability, so it would either b
3 min
Metasploit Rising
I created the Metasploit Project over six years ago as way to publish security
information to those who needed it most, the security professionals in the
field. The project has evolved from a personal web site, to a collaborative
effort with a small group of friends, and finally to the robust community-driven
project that we know today. This progress came at the cost of the evenings,
lunch hours, early mornings, and weekends of countless contributors who donate
their time for the benefit of the
4 min
Microsoft
October Microsoft Patch Tuesday Roundup
Time for this month's summary of the latest Microsoft Security updates …
13 advisories, with 34 vulnerabilities covered. Here's the breakdown:
MS09-050: Rated Critical. Potential Remote Code Execution and Denial of Service
in SMBv2, covering 3 vulnerabilities: CVE-2009-2526 (Infinite Loop DoS),
CVE-2009-2532 (Command Value Remote Code Exec), and CVE-2009-3103 (Negotiation
Remote Code Exec). Important to note that this one was listed as a DoS on NVD
while Metasploit and others were insisting
1 min
Microsoft
October Microsoft Patch Tuesday Preview
Wow, because the number of bulletins affecting the number of Windows versions is
pretty staggering. Windows is taking the most lumps this month.
Wow, because Windows7 makes its debut in the monthly dance with 5 updates
(although only the IE update is critical)
Wow, because Bulletin 13 alone affects the following products across the
Microsoft universe:
- Windows 2000 SP4
- Windows XP (SP2 and SP3)
- Windows Server 2003 SP2
- Windows Vista & Vista SP1
- Windows 2008
- Office XP
-
3 min
Metasploit 3.3 Development Updates
The last 48 hours has been a whirlwind of
development at the Metasploit Project as we prepare for the 3.3 stable release.
Efrain Torres completed the screenshot feature of the espia Metepreter module.
This command only works when the process meterpreter is executing inside has
access to the active desktop (like explorer.exe). You can see an example of this
below:
meterpreter > ps
Process list
============
PID Name Path
--- ---- ----
204 iexp
3 min
Forcing Payloads Through Restrictive Firewalls
I was reading a fun blog post
by Jason Mansfield about different ways to brute force a connection through a
restrictive outbound firewall and realized that this would be trivial to
implement in Metasploit and would go nicely with another feature implemented
earlier today.
The general idea is that many networks block some or all outbound TCP ports from
their network. This is a great way to avoid entire
4 min
NSS Labs Endpoint Protection Test Results
On Monday, NSS Labs released the results of their
anti-malware Endpoint Protection Product
tests. The test results are separated into consumer and corporate product lines,
with the consumer report available for download from their web site after free
registration.
The test put each product through a 17-day rolling assessment, where each day
the latest updates to the product were applied and a fresh list of
malware-serving URLs w
1 min
IE DirectShow (msvidctl.dll) MPEG-2 Metasploit Exploit
Originally Posted by Jabra
There is a new IE exploit that has been recently released into the wild. The
exploit is for DirectShow (msvidctl.dll) MPEG-2. The exploit utilizes an ActiveX
control in addition to a GIF file include, to perform a memory corruption
attack. The vulnerability affects users of both IE 6 and IE7.
Today, the exploit was added to the Metasploit framework
by HD Moore (the author of Metasploit). The module
was written by Trancer.
Thus far, I h
1 min
Mastering the Metasploit Framework
The next official Metasploit class
will be held
in Las Vegas, Nevada during Black Hat USA on July 25th and 26th. This course
dives into the newest features of the Metasploit Framework and demonstrates how
to use these features in every aspect of a penetration test. Students will learn
how to create custom modules to solve specific tasks, launch wide-scale
client-side attacks, operate a malicious wireless access point, generate c
1 min
Capturing Logon Credentials with Meterpreter
In my previous post , I
described the keystroke sniffing capabilities of the Meterpreter payload. One of
the key restrictions of this feature is that it can only sniff while running
inside of a process with interactive access to the desktop. In the case of the
MS08-067 exploit, we had to migrate into Explorer.exe in order to capture the
logged-on user's keystrokes.
While testing the keystroke sniffer, it occurred to me to migrate into the