5 min
Metasploit
R7-2014-18: Hikvision DVR Devices - Multiple Vulnerabilities
Rapid7 Labs has found multiple vulnerabilities in Hikvision
[https://www.hikvision.com/us-en/] DVR (Digital Video Recorder) devices such as
the DS-7204 and other models in the same product series that allow a remote
attacker to gain full control of the device. More specifically, three typical
buffer overflow vulnerabilities were discovered in Hikvision's RTSP request
handling code: CVE-2014-4878, CVE-2014-4879 and CVE-2014-4880. This blog post
serves as disclosure of the technical details for th
1 min
Metasploit
New "show missing" Command in msfconsole
Hello, Metasploiters! Just wanted to update y'all on a new feature in msfconsole
that *hopefully* should make vgrepping
[https://en.wikipedia.org/wiki/Visual_inspection#Humorous_terminology] through
module options a little easier.
Show empty required options
The new command is show missing, and all it does is show empty required options.
Instead of looking through a long list of options and picking out the required
ones that haven't been set, just run show missing, and a list of unset required
6 min
Metasploit
Not Reinventing The Wheel: The Metasploit Rails::Application in 4.10
In Metasploit 4.10, we converted Metasploit Framework (and prosvc in Metasploit
Commercial Editions) to be a full-fledged Rails::Application. You may be
wondering why Metasploit Framework and prosvc, should be Rails applications when
they aren't serving up web pages. It all has to do with not reinventing the
wheel and very useful parts of Rails, Rails::Railtie and Rails::Engine.
Rails 3.0 infrastructure
Since Rails 3.0, Rails has been broken into multiple gems that didn't require
each other a
2 min
Metasploit
Feedback on Rapid7's Tech Preview Process and Metasploit Pro 4.10
By guest blogger Sean Duffy, IS Team Lead, TriNet
Rapid7 invited me to participate in pre-release testing of Metasploit 4.10, a
process they call Tech Preview. They asked me to openly share my thoughts with
the community.
Preparation and Logistics
I always enjoy working with Rapid7. Preparatory meetings and documentation made
the installation and testing process a breeze. Rapid7 was also kind enough to
extend my testing and feedback sessions when work so rudely intruded on the fun.
Zero comp
1 min
Metasploit
msfconsole failing to start? Try 'msfconsole -n'
As part of the last release, the Metasploit Engineering team here at Rapid7 has
been on a path of refactoring in the Metasploit open source code in order to
make it more performant and to get toward a larger goal of eventually breaking
up the framework into a multitude of libraries that can be used and tested in a
standalone way.
This effort will make it easier to deliver features and respond to issues more
quickly, as well as ensure that regressions and bugs can get diagnosed, triaged,
and fix
4 min
Metasploit
Hunting for Credentials: How Metasploit Pro Beat Me on the Command Line
By guest blogger Robert Jones, Information Security Manager, City of Corpus
Christi
I had the opportunity to participate in a tech preview of Metasploit Pro's new
credentials features. In our shop, we use Metasploit Pro, Nexpose, UserInsight
and ControlsInsight, all by Rapid7. I certainly wish I could spend the majority
of my time pentesting, but instead I often times I find myself using Metasploit
to educate users by showing them how I can compromise their machines. It is
incredibly compelli
2 min
Metasploit
Metasploit Pro's New Credentials Features Save Us Time in Workflows
By guest blogger Dustin Heywood, Manager, Security Assurance, ATB Financial
Recently I was invited to participate in Metasploit Pro's Tech Preview Program,
where customers are given early access to new product releases. I've taken part
in this program before and I have always loved the experience.
For those of you who haven't been involved in a Rapid7 Tech Preview program: It
starts out with a call with the customer engagement manager and the product
management team, who gave me an overview
3 min
Metasploit
Weekly Metasploit Update: Embedded Device Attacks and Automated Syntax Analysis
D-Link Embedded Device Shells
This week, esteemed Metasploit [https://www.metasploit.com/download/]
contributor @m-1-k-3 [https://github.com/m-1-k-3] has been at it again with his
valiant personal crusade against insecure SOHO (small office/home office)
embedded devices with known vulnerabilities. We have a new trio of modules that
target D-Link gear, based on the research released by Craig Heffner and Zachary
Cutlip, which exploit two bugs present in the DSP-W215 Smart Plug, and one UPnP
comma
1 min
Metasploit
Top 3 Takeaways from "7 Ways to Make Your Penetration Tests More Productive" Webcast
Earlier this week we heard from ckirsch
[https://community.rapid7.com/people/ckirsch], Senior Product Marketing Manager
for Metasploit at Rapid7, on the pressure penetration testers are facing. (Hint:
it's a lot!). With the increase in high profile breaches and their costs, more
and more emphasis is being put on the pen tester and security in general. Read
on if you'd like to get the top takeaways from this week's webcast so that you
aren't left in the dark about, "7 Ways to Make Your Penetratio
1 min
Metasploit
2014 Metasploit T-Shirt Design Contest
Hey Hacker-Designers!
Remember about this time last year, we kicked off the Metasploit T-Shirt design
contest
[/2013/05/03/metasploits-10th-anniversary-laptop-decal-design-competition]to
commemorate our shipping of 1,000 exploits and Metasploit's 10th Anniversary?
Turns out, we had so many good designs
[/2013/07/16/metasploit-design-contest-winners] and so much fun with that that
we're doing it again this year. So let's see, what reason can we contrive this
year...
We have 1,294 exploits now
2 min
Metasploit
Federal Friday - 4.25.14 - A Whole Lot of Oops
Happy Friday, Federal friends! I hope all of you enjoyed some nice family time
over the respective holidays last week. After a successful Marathon Monday here
in Boston we're blessed with chirping birds and blooming flowers (finally)!
As you all probably know by now, Verizon released their latest DBIR
[http://www.verizonenterprise.com/DBIR/2014/reports/rp_dbir-2014-executive-summary_en_xg.pdf]
report earlier this week. While this report covered a wide range of topics in
regards to breaches, I
2 min
Metasploit
Hacker's Dome: An Online Capture-the-Flag (CTF) Competition on May 17
Many folks ask me how you can get started as a penetration tester. Save for a
real-life penetration test, capture-the-flag (CTF) competitions are probably the
most effective ways for you to hone your offensive security skills. What's best:
they're a ton of fun, even for experienced pentesters. The folks over at
CTF365.com [http://www.ctf365.com/] have put together a one-off CTF called
Hacker's Dome, which will start on May 17th and run for 48 hours, so save the
date.
Hacker's Dome - First Bloo
4 min
Metasploit
Security Advisory: OpenSSL Heartbleed Vulnerability (CVE-2014-0160) in Metasploit (Updated 4/11/14 2:20pm EDT)
Metasploit 4.9.0 and earlier vulnerable to Heartbleed, update 4.9.1 addresses
critical cases
The Metasploit editions Metasploit Pro, Metasploit Express, and Metasploit
Community in versions 4.9.0 or earlier are vulnerable to the OpenSSL Heartbleed
Vulnerability (CVE-2014-0160). Please update to version 4.9.1 to remediate
critical vulnerabilities. See below for remediation instructions.
Metasploit Framework itself is not affected, but it has dependencies on other
components that may need to be u
2 min
Metasploit
R7-2014-05 Vulnerability in Metasploit Modules (Fixed)
Metasploit Pro, Community, and Express users are urged to update to the latest
version of Metasploit to receive the patch for the described vulnerability. Kali
Linux users should use the normal 'apt-get update' method of updating, while
other Metasploit Pro, Community, and Express users can use the in-application
Administration : Software Updates button.
A remote privilege escalation vulnerability has been discovered by Ben Campbell
of MWR InfoSecurity [https://labs.mwrinfosecurity.com/advisori
3 min
Metasploit
Weekly Metasploit Update: Encoding-Fu, New Powershell Payload, Bug Fixes
I Got 99 Problems but a Limited Charset Ain't One
In this week's Metasploit weekly update, we begin with OJ TheColonial Reeves
[https://twitter.com/TheColonial]' new optimized sub encoding module (opt_sub.rb
). As the name implies, this encoder takes advantage of the SUB assembly
instruction to encode a payload with printable characters that are file path
friendly. Encoders like this are incredibly useful for developing a memory
corruption exploit that triggers a file path buffer overflow, where