1 min
Metasploit
Top 3 Takeaways from "7 Ways to Make Your Penetration Tests More Productive" Webcast
Earlier this week we heard from ckirsch
[https://community.rapid7.com/people/ckirsch], Senior Product Marketing Manager
for Metasploit at Rapid7, on the pressure penetration testers are facing. (Hint:
it's a lot!). With the increase in high profile breaches and their costs, more
and more emphasis is being put on the pen tester and security in general. Read
on if you'd like to get the top takeaways from this week's webcast so that you
aren't left in the dark about, "7 Ways to Make Your Penetratio
1 min
Metasploit
2014 Metasploit T-Shirt Design Contest
Hey Hacker-Designers!
Remember about this time last year, we kicked off the Metasploit T-Shirt design
contest
[/2013/05/03/metasploits-10th-anniversary-laptop-decal-design-competition]to
commemorate our shipping of 1,000 exploits and Metasploit's 10th Anniversary?
Turns out, we had so many good designs
[/2013/07/16/metasploit-design-contest-winners] and so much fun with that that
we're doing it again this year. So let's see, what reason can we contrive this
year...
We have 1,294 exploits now
2 min
Metasploit
Federal Friday - 4.25.14 - A Whole Lot of Oops
Happy Friday, Federal friends! I hope all of you enjoyed some nice family time
over the respective holidays last week. After a successful Marathon Monday here
in Boston we're blessed with chirping birds and blooming flowers (finally)!
As you all probably know by now, Verizon released their latest DBIR
[http://www.verizonenterprise.com/DBIR/2014/reports/rp_dbir-2014-executive-summary_en_xg.pdf]
report earlier this week. While this report covered a wide range of topics in
regards to breaches, I
2 min
Metasploit
Hacker's Dome: An Online Capture-the-Flag (CTF) Competition on May 17
Many folks ask me how you can get started as a penetration tester. Save for a
real-life penetration test, capture-the-flag (CTF) competitions are probably the
most effective ways for you to hone your offensive security skills. What's best:
they're a ton of fun, even for experienced pentesters. The folks over at
CTF365.com [http://www.ctf365.com/] have put together a one-off CTF called
Hacker's Dome, which will start on May 17th and run for 48 hours, so save the
date.
Hacker's Dome - First Bloo
4 min
Metasploit
Security Advisory: OpenSSL Heartbleed Vulnerability (CVE-2014-0160) in Metasploit (Updated 4/11/14 2:20pm EDT)
Metasploit 4.9.0 and earlier vulnerable to Heartbleed, update 4.9.1 addresses
critical cases
The Metasploit editions Metasploit Pro, Metasploit Express, and Metasploit
Community in versions 4.9.0 or earlier are vulnerable to the OpenSSL Heartbleed
Vulnerability (CVE-2014-0160). Please update to version 4.9.1 to remediate
critical vulnerabilities. See below for remediation instructions.
Metasploit Framework itself is not affected, but it has dependencies on other
components that may need to be u
2 min
Metasploit
R7-2014-05 Vulnerability in Metasploit Modules (Fixed)
Metasploit Pro, Community, and Express users are urged to update to the latest
version of Metasploit to receive the patch for the described vulnerability. Kali
Linux users should use the normal 'apt-get update' method of updating, while
other Metasploit Pro, Community, and Express users can use the in-application
Administration : Software Updates button.
A remote privilege escalation vulnerability has been discovered by Ben Campbell
of MWR InfoSecurity [https://labs.mwrinfosecurity.com/advisori
3 min
Metasploit
Weekly Metasploit Update: Encoding-Fu, New Powershell Payload, Bug Fixes
I Got 99 Problems but a Limited Charset Ain't One
In this week's Metasploit weekly update, we begin with OJ TheColonial Reeves
[https://twitter.com/TheColonial]' new optimized sub encoding module (opt_sub.rb
). As the name implies, this encoder takes advantage of the SUB assembly
instruction to encode a payload with printable characters that are file path
friendly. Encoders like this are incredibly useful for developing a memory
corruption exploit that triggers a file path buffer overflow, where
3 min
Metasploit
Weekly Metasploit Update: ADSI support and MSFTidy for sanity
Meterpreter ADSI support
We ended up skipping last week's update since upwards of 90% of Rapid7 folks
were Shanghaied up to Boston, in the dead of winter, with only
expense-reportable booze too keep us warm at night. So, with much fanfare comes
this week's update, featuring the all new ADSI interface for Meterpreter, via OJ
TheColonial [https://twitter.com/TheColonial] Reeves' Extended API.
Lucky for us, and you, Carlos DarkOperator [https://twitter.com/DarkOperator]
Perez was not ensconced i
5 min
Metasploit
Making Your Printer Say "Feed Me a Kitten" and Also Exfiltrate Sensitive Data
As of this last release, PJL
[https://en.wikipedia.org/wiki/Printer_Job_Language] (HP's Printer Job Language)
is now a grown-up Rex::Proto protocol! Since extending a protocol in Metasploit
is beyond the scope of this post, we'll just be covering how to use the PoC
modules included with the new protocol. Feel free to dig around in
lib/rex/proto/pjl*, though!
Okay, let's get started!
printer_version_info
First off, we have printer_version_info. This module lets us scan a range of
hosts for pri
3 min
Metasploit
Weekly Metasploit Update: Talking PJL With Printers
Abusing Printers with PJL
This week's release features a half dozen new modules that seek out printers
that talk the Print Job Language (PJL) for use and abuse. Huge thanks to our
newest full time Metasploit trouble maker, William Vu
[https://twitter.com/wvuuuuuuuuuuuuu].
As a penetration tester, you probably already know that office printers
represent tasty targets. Like most hardware with embedded systems, they rarely,
if ever, get patches. They don't often have very serious security controls
1 min
Metasploit
Free Webcast: From Framework to Pro - Using Metasploit Pro in Penetration Tests
Metasploit Pro [https://www.rapid7.com/products/metasploit/download/] is more
than just a pretty web interface for Metasploit; it contains many little known
features that simplify large scale network penetration tests. In this technical
webinar for penetration testers who are familiar with Metasploit Framework
[http://information.rapid7.com/how-to-use-metasploit-pro-in-penetration-tests.html?LS=2903674&CS=web]
, David Maloney shows which features he finds most useful in Metasploit Pro.
Watch
2 min
Exploits
Weekly Metasploit Update: Arbitrary Driver Loading & Win a WiFi Pineapple
Wow, I don't know about you, kind reader, but I'm just about blogged out after
that 12 Days of HaXmas sprint. I'll try to keep this update short and sweet.
Arbitrary Driver Loading
This week's update include a delightful new post module for managing a
compromised target, the Windows Manage Driver Loader by longtime Metasploit
community contributor, Borja Merino. If you, as a penetration tester, pops a box
get gains administrator rights (or elevate yourself there using any of the
several strateg
1 min
Metasploit
Make Your Voice Heard & Make Metasploit More Awesome
We've sharpened our pencils and put up a drawing board to decide where we want
to take Metasploit in 2014 and beyond. Metasploit is built on collaboration with
the community, both through the contributions of security researchers in
building the open source Metasploit Framework, and through a continuous feedback
loop with our customers that enables us to keep driving the solution to meet
their needs. As part of our continued commitment to the latter, we're asking you
to let us know how you use
4 min
Metasploit
Bypassing Adobe Reader Sandbox with Methods Used In The Wild
Recently, FireEye identified and shared information
[http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html]
about two vulnerabilities used in the wild to exploit Adobe Reader on Windows XP
SP3 systems. The vulnerabilities are:
* CVE-2013-3346 [http://cvedetails.com/cve/CVE-2013-3346]: An Use After Free on
Adobe Reader. Specifically in the handling of a ToolButton object, which can
be exploited through document's Java
3 min
Metasploit
Weekly Metasploit Update: SAP and Silverlight
SAP SAPpy SAP SAP
We've been all SAP all the time here in the Independent Nations of Metasploit,
and expect to be for the rest of the week. You might recall that Metasploit
exploit dev, Juan Vazquez [https://twitter.com/_juan_vazquez_] published his
SAP
survey paper
[http://information.rapid7.com/sap-penetration-testing-using-metasploit.html] a
little while back; on Tuesday, we did a moderated twitter chat on the hashtag
#pwnSAP [https://twitter.com/search?q=%23pwnSAP&src=tyah] with the major
S