4 min
Exploits
My First Week at Metasploit
Hi all. I would like to take a minute to share some of my feelings about my
first week here as a full-time Metasploit exploit developer, and share some
exploit modules.
First of all, I would like to thank everyone on the the Metasploit team for
being so nice to me from the first week, and for helping me with anything I
need. They are definitely going easy on me during my first days! Their support
allowed me to build two exploits for the team during my first week here:
* batic_svg_java exploit
4 min
Metasploit
Top 10 Most Searched Metasploit Exploit and Auxiliary Modules
At Rapid7, we often get asked what the top 10 Metasploit modules are. This is a
hard question to answer: What does "top" mean anyway? Is it a personal opinion,
or what is being used in the industry? Because many Metasploit users work in
highly sensitive environments, and because we respect our users' privacy, the
product doesn't report any usage reports back to us.
We may have found a way to answer your questions: We looked at our
metasploit.com web server stats, specifically the Metasploit A
2 min
Metasploit
Weekly Metasploit Update: CCTV, SCADA, and More!
This week's update highlights Metasploit modules for embedded operating systems
(as opposed to the usual client or server targets), so let's hop to it.
Security Camera Hackers
On Tuesday, guest blogger Justin Cacak of Gotham Digital Science talked about
his module, cctv_dvr_login. The latest update for Metasploit has it now, so if
you happen to run into some of these devices, you can show off all your
Hollywood hacking skills by panning and zooming the security camera in the
executive washroom.
3 min
Metasploit
Hacking CCTV Security Video Surveillance Systems with Metasploit
From our guest blogger and Metasploit community contributor Justin Cacak at
Gotham Digital Science.
A new module for the Metasploit Framework, cctv_dvr_login
[http://metasploit.com/modules/auxiliary/scanner/misc/cctv_dvr_login], discovers
and tests the security of standalone CCTV (Closed Circuit Television) video
surveillance systems. Such systems are frequently deployed in retail stores,
living communities, personal residences, and business environments as part of
their physical security pro
1 min
Metasploit
Weekly Metasploit Update: Armitage, Psnuffle, and More
This week's update features a great big pile of Java source code, a makeover for
a perennial favorite feature, and a handful of new exploits. Read on, or just
skip all the yadda yadda and download Metasploit here.
Armitage Source
This week's biggest change in terms of LOC (lines of code) is the inclusion of
the Armitage source code, in external/source/armitage. For a while now, we've
been distributing Raphael Mudge's Armitage front-end for the Metasploit
Framework, but the source has been over
3 min
Metasploit
Weekly Metasploit Update: Back to Work!
Hey, it's the first post-Metasploit 4.3.0 update, which means that I'm back in
the blogging business. Huzzah!
We've all been heads-down for a while getting this bad boy
[http://www.metasploit.com/download/] out the door, so while there's not a ton
of new functionality to talk about this week, we do have some neat new modules,
and one API change for module developers.
Wake On LAN
"The most secure computer is the one that's not turned on," is an old computer
security adage, speaking to the compl
4 min
Metasploit
Weekly Metasploit Update: SCADA, Lab Gem, and Squid Pivoting
This week's update [http://www.metasploit.com/download/] is packed full of
awesome, and I don't use that term lightly.
SCADA Attacks, DigtialBond, and Metasploit
This week sees the addition of six new SCADA modules, targeting a variety of PLC
devices, including two new modules aimed at the Schneider Quantum programmable
logic controller (PLC). In order to give penetration testers the ability to
accurately assess SCADA infrastructure, Tod Beardsley (from Rapid7) and K. Reid
Wightman (from Digit
3 min
Metasploit
Weekly Metasploit Update: DNS Payloads, Exploit-DB, and More
This week we've got a nifty new shellcode delivery scheme, we've normalized on
Exploit-DB serial numbers, and a pile of new modules, so if you don't have
Metasploit yet, you can snag it here [http://www.metasploit.com/download/].
DNS Payloads in TXT Records
To quote RFC 1464 [http://tools.ietf.org/html/rfc1464] describing DNS TXT
records, "it would be useful to take advantage of the widespread use and
scalability of the DNS to store information that has not been previously
defined." I don't kno
1 min
Metasploit
Identifying IPv6 Security Risks in IPv4 Networks: Tools
This post details some of the tools used in my recent IPv6 security testing
webcast [http://information.rapid7.com/WebcastOnDemand_IPv6.html] If you have
any specific questions, please open a Discussion
[https://community.rapid7.com/community/metasploit/content?filterID=content~objecttype~objecttype%5Bthread%5D]
thread.
A minimal IPv6 toolbox:
* A Linux-based operating system [http://www.ubuntu.com/] with IPv6 support
(BSD variants are great too)
* The IPv6 Attack Toolkit [http://www.thc
3 min
Metasploit
Weekly Metasploit Update: Spiceworks, AFP, RDP, and a New HTTP Downloader
After a couple of relatively light weeks (blame SXSW, I guess), this week's
update has quite a few neat new additions. As always, if you don't already have
Metasploit, what are you waiting for
[https://www.rapid7.com/products/metasploit/download/]? For the rest of us,
here's what's new.
Importapalooza
This week's update has support for importing asset lists exported from
Spiceworks, courtesy of Rapid7's Brandon Perry. Spiceworks is a free asset
management application used by tons of IT pros and
3 min
Metasploit
Weekly Metasploit Update: Session Smarts and GitHub
It's another Metasploit update, and it's headed straight for us!
Session Smarts
This week, Metasploit session management got a whole lot smarter. Here's the
scenario: As a penetration tester, you rook a bunch of people into clicking on
your browser-embedded Flash exploit [/2012/03/08/cve-2012-0754], sit back, and
watch the sessions rolling in. However, they're all behind a single NAT point,
so all your sessions appear to be terminating at a single IP address, and you
quickly lose track of who's
3 min
Metasploit
New Metasploit Swag Store Is Online
You may remember the awesome Metasploit T-shirt contest we ran in April of last
year [/2011/04/13/who-will-you-be-wearing-vote-for-the-new-metasploit-t-shirt].
We received a ton of submissions at the time and selected a winning T-shirt,
designed by Danny Chrastil.
It was a long and arduous journey for us to get the T-shirts printed and to get
the back-end systems up and running for the Metasploit Swag Store
[http://www.metasploit.com/wear-swag/]...but it's finally here. Yes, you'll
notice tha
2 min
Metasploit
Weekly Metasploit Update: Wmap, Console Search, and More!
In addition to the nuclear-powered exploit, we've got a new slew of updates,
fixes and modules this week for Metasploit, so let's jump right into the
highlights for this update.
Updated WMAP Plugin
Longtime community contributor Efrain Torres provided a much-anticipated update
to the Wmap plugin. Wmap automates up a bunch of web-based Metasploit modules
via the Metasploit console, from HTTP version scanning to file path bruteforcing
to blind SQL injection testing. If you're not already familiar
2 min
Metasploit
Weekly Metasploit Update: POSIX Meterpreter and New Exploits
This is a pretty modest update, since it's the first after our successful 4.2
release [https://www.rapid7.com/products/metasploit/download/] last week. Now
that 4.2 is out the door, we've been picking up on core framework development,
and of course, have a few new modules shipping out.
Meterpreter Updates
James "egyp7" Lee and community contributor mm__ have been banging on the POSIX
side of Meterpreter development this week, and have a couple of significant
enhancements to Linux Meterpreter. T
1 min
Metasploit
Free Microsoft Virtual Machines for Testing
I am often asked how security professionals and students can safely test
security software. My usual response is, they should create a virtual lab with
diverse operating systems for testing. The problem that many encounter is they
don't have licenses available to install the operating systems.
During my creating and testing the Metasploit Javascript Keylogger, I came
across free virtual machines from Microsoft that are sure to be useful to
security professionals, web designers, and web programm