Posts tagged Metasploit

1 min Metasploit

Metasploit T-Shirt Design Contest: And the Winner is...

You have voted in large numbers – and the results are out: design #36 [/servlet/JiveServlet/downloadImage/38-5353-1228/36.png] is the winner of the Metasploit T-shirt design contest. Danny Chrastil submitted the winning design, featuring the Metasploit logo consisting of code from the payload osx/ppc/shell_reverse_tcp. The back shows the Metasploit splash screen cow, our legendary creature of mystery and superstition. A few words about the winner: Danny Chrastil aka @DisK0nn3cT is a web appl
1 min Metasploit

Be a Superhero: Design the New Metasploit Swag

Originally Posted  by Chris Kirsch Don't know what to wear for the next BlackHat conference? Afraid of going naked to B-Sides? We are too, so we decided to do something about it. We're getting ready to launch our own Metasploit designer clothes – and you're the designer! To start off our Metasploit swag store, we'd like you to design a T-shirt. You must submit your own, original design. To enter, add your design to our 99designs competition [https://99designs.com/t-shirt-design/contests/t-s
1 min Metasploit

Learn, Download & Contribute: The New Metasploit Website

Today, we relaunched the Metasploit.com site. We hope you'll find it as awesome as we do. The new site not only has updated looks, we've also rewritten much of its content and put it on a shiny new server to make it faster. We mainly focused on three aspects: learn, download & contribute: Learn – Many Metasploit newbies told us they found it hard to get started with the Metasploit Framework, so we took a fresh look at our website to design it so that new Metasploit Framework users would find i
2 min Metasploit

Metasploit Version 3.6 Delivers Enhanced Command-Line Options and PCI Peports

Originally Posted by Chris Kirsch All Metasploit editions are seeing an update to version 3.6 today, including an enhanced command-line feature set for increased proficiency and detailed PCI reports with pass/fail information for a comprehensive view of compliance posture with PCI regulations. Here's an overview of what's new: The new Metasploit Pro Console offers powerful new features that help professional penetration testers complete their job more efficiently in their preferred environmen
6 min Metasploit

Cisco IOS Penetration Testing with Metasploit

The Metasploit Framework and the commercial Metasploit products have always provided features for assessing the security of network devices. With the latest release, we took this a step further and focused on accelerating the penetration testing process for Cisco IOS devices. While the individual modules and supporting libraries were added to the open source framework, the commercial products can now chain these modules together to quickly compromise all vulnerable devices on the network. The sc
2 min Metasploit

Sesame Open: Auditing Password Security with Metasploit 3.5.1

Secret passwords don't only get you into Aladdin's cave or the tree house, but also into corporate networks and bank accounts. Yet, they are one of the weakest ways to protect access. Sure, there are better ways to secure access, such as smart cards or one-time password tokens, but these are still far from being deployed everywhere although the technology has matured considerably over the past years. Passwords are still the easiest way into a network. The new Metasploit version 3.5.1 adds a l
1 min Metasploit

Turning Your World Upside Down: Metasploit Ambigram Tattoos

Bill Swearingen aka hevnsnt blew us away by designing a Metasploit ambigram for the Metasploit Pro tattoo contest You may remember Roy's Metasploit tattoo [https://community.rapid7.com/blogs/rapid7/2010/11/01/we-weren-t-joking-when-we-said-tattoos/] a few weeks ago, which prompted our Metasploit [https://www.rapid7.com/products/metasploit/] tattoo competition. We thought it was a cute idea, expecting a few fun pictures with felt pen tattoos or tattoo photo montages of of the Metasploit logo. 
2 min Metasploit

How VPN pivoting creates an undetectable local network tap

Let's assume your goal for an external penetration test is to pwn the domain controller. Of course, the domain controller's IP address is not directly accessible from the Web, so how do you go about it? Seasoned pentesters already know the answer: they compromise a publicly accessible host and pivot to other machines and network segments until they reach the domain controller. It's the same concept as a frog trying to cross a pond by jumping from lily pad to lily pad. If you have already us
2 min Awards

We weren't joking when we said "tattoos"!

Be careful what we wish for: In 2006, HD Moore wrote a blog post [/2006/08/27/metasploit-framework-30-beta-2] about a redesign of the Metasploit Project, announcing that the new graphics “will be featured on tee shirts, posters, and tattoos over the coming year.” Well, you guys took a little longer than we thought but we now have our first Metasploit tattoo! Initially, we thought Roy Morris (aka @soundwave1234 [http://twitter.com/soundwave1234]) was joking when he tweeted to @hdmoore [htt
1 min Exploits

Take an Earlier Flight Home with the New Metasploit Pro

We love it, our beta testers loved it, and we trust you will as well: today we're introducing Metasploit Pro, our newest addition to the Metasploit family, made for penetration testers who need a bigger, and better, bag of tricks. Metasploit Pro provides advanced penetration testing capabilities, including web application exploitation and social engineering. The feedback from our beta testers has been fantastic, most people loved how easily they can conduct Web application scanning and exploi
1 min Metasploit

Metasploit Framework 3.4.1 Released!

The Metasploit Project is proud to announce the release of the Metasploit Framework version 3.4.1.  As always, you can get it from our downloads page [http://www.metasploit.com/framework/download/], for Windows or Linux.  This release sees the first official non-Windows Meterpreter payload, in PHP as discussed last month [/2010/06/14/meterpreter-for-pwned-home-pages].  Rest assured that more is in store for Meterpreter on other platforms.  A new extension called Railgun [http://mail.metasploit.c
3 min Metasploit

Approaching Metasploit 3.4.0 and Metasploit Express

Since mid-December, the Metasploit team has been working non-stop towards version 3.4.0 of the Metasploit Framework. The final release is still scheduled for mid-May, but I wanted to share some of the upcoming features, available today from the development tree. Version 3.4.0 includes major improvements to the Meterpreter payload, the expansion of the framework's brute force capabilities, and the complete overhaul of the backend database schema and event subsystem. In addition, more than 60 exp
3 min Metasploit

Metasploit Framework 3.3.3 Exploit Rankings

This morning we released version 3.3.3 [http://www.metasploit.com/framework/download/] of the Metasploit Framework - this release focuses on exploit rankings [https://community.rapid7.com/docs/DOC-1034], session automation, and bug fixes. The exploit rank indicates how reliable the exploit is and how likely it is for the exploit to have a negative impact on the target system. This ranking can be used to  prevent exploits below a certain rank from being used and limit the impact to a particular t
8 min Metasploit

Metasploit 3.0 Automated Exploitation

A recurring theme in my presentations about Metasploit 3.0 is the need for exploit automation. As of tonight, we finally have enough code to give a quick demonstration :-) Metasploit 3 uses the ActiveRecord [http://wiki.rubyonrails.org/rails/pages/ActiveRecord] module (part of RoR [http://rubyonrails.org/]) to provide an object-oriented interface to an arbitrary database service. Database support is enabled by installing RubyGems [http://www.rubygems.org/], ActiveRecord ("gem install activerec
4 min Metasploit

Post-Exploitation Fun in Metasploit 3.0

So what does it mean when we talk about all the cool automation support that Metasploit 3.0 has? Well, the answer is fairly broad. It means you can implement plugins and other tools that can be used to extend and automate a number of features included in the framework. By virtue of this fact, it means that you can extend and automate one of the areas that I personally find the most interesting: post-exploitation payloads. Spoonm and I recently completed a tour of duty describing some of the coo

Popular Topics

Tags