3 min
Metasploit
Weekly Metasploit Update: Stealing Print Jobs, Exploiting Samba, and More
This update has something for everyone -- new exploits, new auxiliary modules,
new post modules, and even new payloads. If quadfecta is a word, we totally hit
it this week!
More Mac OSX 64-Bit Payloads
The parade of OSX 64-bit payloads continues, with five new 64-bit payloads added
this week:
* modules/payloads/singles/osx/x64/say.rb
* modules/payloads/singles/osx/x64/shell_find_tag.rb
* modules/payloads/stagers/osx/x64/bind_tcp.rb
* modules/payloads/stagers/osx/x64/reverse_tcp.rb
* modul
1 min
Metasploit
Webcast: Decrease Your Risk of a Data Breach - Effective Security Programs with Metasploit
Thanks for the many CISOs and security engineers who attended our recent
webcast, in which I presented some practical advice on how to leverage
Metasploit to conduct regular security reviews that address current attack
vectors. While Metasploit is often used for penetration testing projects, this
presentation focuses on leveraging Metasploit for ongoing security assessments
that can be achieved with a small security team to reduce the risk of a data
breach.
This webcast is now available for o
2 min
Metasploit
Weekly Metasploit Update: HP, PHP, and More!
Stupid PHP Tricks
This week's Metasloit update is a cautionary tale about running unaudited PHP
applications as part of your infrastructure. Metasploit community contributor
Brendan Coles [https://github.com/bcoles] has discovered and written Metasploit
modules for two similar root-level vulnerabilities one for OpenFiler
[http://www.metasploit.com/modules/exploit/linux/http/openfiler_networkcard_exec]
and one for WAN Emulator
[http://www.metasploit.com/modules/exploit/linux/http/wanem_exec] (a
1 min
Metasploit
Current User psexec
At DEF CON this year I talked about some of the post exploitation capabilities
within Metasploit and demo'd a cool technique I developed with Jabra on a
pentest a year or so ago (I later found out that Mubix had come up with
basically the same idea - great minds think alike). It is essentially this: use
a session's current token to create a remote service on a victim machine.
It takes advantage of a feature in Windows that most people take completely for
granted. Given that you are already logg
3 min
Networking
Weekly Metasploit Update: SAP, MSSQL, DNS, and More!
Zone Transfers for All
This week, Metasploit community contributor bonsaiviking
[https://github.com/bonsaiviking] fixed up the DNS library that Metasploit uses
so we won't choke on some types of zone transfer responses. Turns out, this is a
two-year old bug, but DNS servers that actually offer zone transfers are so rare
any more that this this bug didn't manifest enough to get squashed.
This brings me to a larger point -- with older vulnerabilities like these,
sometimes the hardest part for us
3 min
Metasploit
Mobile Pwning: Using Metasploit on iOS
Have you ever wanted to run an exploit but found yourself away from your desk?
Wouldn't it be awesome if you could launch a full version of the Metasploit
Framework from your phone or tablet? As you might have guessed, now you can.
With an adventurous spirit and a few commands, you can be running the Metasploit
Framework on your iPad or iPhone in just a few short minutes.
Warning: To install Metasploit, you'll need root access to your device – which
is accomplished by following your favorite ja
3 min
Metasploit
Weekly Metasploit Update: Trusted Path Switcheroo, Stack Cookie Bypass, and More
Another week, another fifteen new modules for Metasploit. I continue to be
amazed by the productivity of our open source exploit developer community.
Thanks so much for your hard work and effort, folks!
New Module for Trusted Path Switcheroo
As I was going over this week's new modules, one that jumped out at me was Wei
"sinn3r" Chen's implementation of a general Trusted Path insertion attack,
Windows Service Trusted Path Privilege Escalation. I don't recall running into
this attack scenario bef
4 min
Product Updates
Weekly Metasploit Update: Two Dozen New Modules
The Vegas and vacation season is behind us, so it's time to release our first
post-4.4.0 update. Here we go!
Exploit Tsunami
A few factors conspired to make this update more module-heavy than usual. We
released Metasploit 4.4 in mid-July. Historically, a dot version release of
Metasploit means that we spend a little post-release time closing out bugs,
performing some internal housekeeping that we'd been putting off, and other
boring software engineering tasks. Right after this exercise, it was
3 min
Metasploit
Weekly Metasploit Update: RATs, WPAD, and More!
Just a quick update this week for some new Metasploit modules. We're holding off
on the usual Framework and Pro enhancements as we button up the next point
release for Metasploit Pro, Express, and Community Editions. That said, we do
have a few neat new modules that I wanted to hilight, so let's take a look.
Hacking the Hackers
This week's haul includes something a little unusual -- an exploit for Poison
Ivy, a blackhat-favored Remote Administration Tool (RAT). Community contributor
Gal Badishi
2 min
Metasploit
Weekly Metasploit Update: Sniffing with Meterpreter, Egg Hunting, and More!
This week's udpate has seven new modules, a much-anticipated Meterpreter
enhancement, and more, so let's jump into it.
Egg Hunting and Stack Smashing
This week's update features a spiffy new module for HP Data Protector from Juan
Vazquez and Wei 'sinn3r' Chen. It uises an egg hunting technique to reconstruct
the exploit's payload -- and both Wei and Juan have a detailed blog posts in the
works that go into detail on the whys and wherefores of egghunter shellcode and
troubleshooting payload de
24 min
Metasploit
Metasploit Exploit Development - The Series Part 1.
So you wanna be a Metasploit [https://www.exploit-db.com/?author=3211] exploit
[https://www.exploit-db.com/?author=3211] developer huh?
Well you are in luck because I have been working on an an "in-depth" exploit
development tutorial series that takes users behind the scenes on the process
of exploit development and metasploit module creation. This series has been
specifically designed with you "the community" in mind. It will cover step by
step detail and explanation. This post is meant to be
3 min
Exploits
Press F5 for root shell
As HD mentioned [/2012/06/11/scanning-for-vulnerable-f5-bigips-with-metasploit],
F5 has been inadvertently shipping a static ssh key that can be used to
authenticate as root on many of their BigIP devices. Shortly after the advisory,
an anonymous contributor hooked us up with the private key.
Getting down to business, here it is in action:
18:42:35 0 exploit(f5_bigip_known_privkey) > exploit
[ ] Successful login
[*] Found shell.
[*] Command shell session 3 opened ([redacted]
2 min
Metasploit
Creating a PCI 11.3 Penetration Testing Report in Metasploit
PCI DSS Requirement 11.3 requires that you "perform penetration testing at least
once a year, and after any significant infrastructure or application upgrade or
modification". You can either conduct this PCI penetration test in-house
[/2011/10/20/pci-diy-how-to-do-an-internal-pentest-to-satisfy-pci-dss-requirement-113]
or hire a third-party security assessment. Metasploit Pro offers a PCI reporting
template, which helps you in both of those cases. If you are conducting the
penetration test in
3 min
Metasploit
New Critical Microsoft IE Zero-Day Exploits in Metasploit
We've been noticing a lot of exploit activities against Microsoft
vulnerabilities lately. We decided to look into some of these attacks, and
released two modules for CVE-2012-1889
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1889] and CVE-2012-1875
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1875] within a week of
the vulnerabilities' publication for our users to test their systems. Please
note that both are very important to any organization using Windows, because one
of
3 min
Metasploit
Weekly Metasploit Update: Encrypted Java Meterpreter, MS98-004, and New Modules!
When it rains, it pours. We released Metasploitable Version 2
[/2012/06/13/introducing-metasploitable-2] , published a technique for scanning
vulnerable F5 gear
[/2012/06/11/scanning-for-vulnerable-f5-bigips-with-metasploit] , and put out a
module to exploit MySQL's tragically comic authentication bypass problem
[/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql], all in
addition to cooking up this week's update. So, kind of a busy week around here.
You're welcome. (:
Encryp