1 min
Haxmas
Metasploit's 12 Days of HaXmas
12 Days of HaXmas, Wrapped!
Over the actual Twelve Days of Christmas
, we here in Metasploit
Nation have been celebrating the 12 Days of HaXmas by bringing our blog readers
a fresh post about Metasploit (and hackery in general) every day for twelve days
straight, all tagged under HaXmas. That conveniently lists all 12 posts in
reverse order, so as you scroll through the titles, you can sing along:
On the 12th day of HaXmas, my true love g
8 min
Authentication
12 Days of HaXmas: Diving Into Git for Current and Future Metasploit Devs
This post is the eleventh in a series, 12 Days of HaXmas, where we take a look
at some of more notable advancements in the Metasploit Framework over the course
of 2013.
Make no mistake -- the initial learning curve for git and GitHub can be pretty
hairy. Way back in 2011, we made the initial move to GitHub for our source code
hosting, but it took us until 2013 to remove the last vestiges of our old SVN
infrastructure. In the meantime, we've picked up a fair amount of git and GitHub
smarts. For
4 min
Haxmas
12 Days of HaXmas: Exploiting (and Fixing) RJS Rails Info Leaks
This post is the fifth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements in the Metasploit Framework over the course of
2013.
Several weeks ago, Egor Homakov wrote a blog post
pointing out a common info leak vulnerability in many Rails apps that utilize
Remote JavaScript. The attack vector and implications can be hard to wrap your
head around, so in this post I'll explain ho
4 min
12 Days of HaXmas: Impress Your Family With Elite Metasploit Wizardry
This post is the fourth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements in the Metasploit Framework over the course of
2013.
Every year during a major holiday, we crawl out from our own bat cave and
actually spend time with our family and friends. People start asking you what
you do for a living? You respond with something you probably regret like "I am a
penetration tester.", because to an average person your job title probably
sounds no different than
3 min
Haxmas
12 Days of HaXmas: Meterpreter, Reloaded
This post is the third in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements in the Metasploit Framework over the course of
2013.
Over the last quarter of 2013, we here in the Democratic Freehold of Metasploit
found that we needed to modernize our flagship remote access toolkit (RAT),
Meterpreter. That started with cleaving Meterpreter out of the main Metasploit
repository and setting it up with its own repository
, and
1 min
UI Vulnerability Exception Query
Working in support, we receive a lot of request of extracting the vulnerability
exception data from the UI. With this query noted below and using our new SQL
Query export feature, you'll finally be able to obtain that data.
This query will provide you with:
* Exception Scope
* Additional Comments
* Submitted Data
* Submitted By
* Review Date
* Review By
* Review Comments
* Expiration Date
* Status of Exception
* Reason
* Vulnerability Title
* Nexpose ID.
SELECT
CASE
WHEN dve.s
4 min
Metasploit
Bypassing Adobe Reader Sandbox with Methods Used In The Wild
Recently, FireEye identified and shared information
about two vulnerabilities used in the wild to exploit Adobe Reader on Windows XP
SP3 systems. The vulnerabilities are:
* CVE-2013-3346 : An Use After Free on
Adobe Reader. Specifically in the handling of a ToolButton object, which can
be exploited through document's Java
3 min
Exploits
Metasploit Weekly Update: Adobe Reader Exploit and Post-Exploitation YouTube Broadcasting
New Adobe Reader ROP Gadgets
This week, Juan Vazquez put together a neat
one-two exploit punch that involves a somewhat recent Adobe Reader vulnerability
(disclosed back in mid-May) and a sandbox escape via a OS privilege escalation
bug. I won't give away the surprise there -- he'll have a blog post about it up
in a few hours. Part of the work, though, resulted in some new entries in
Metasploit's RopDB; specifically, for Adobe Reader versions 9, 10, and 11.
6 min
IT Ops
How to Configure Rsyslog with Any Log File; Agents Bad...No Agents Good...
Last week I wrote “In Defense of the Agent .”
One of the main advantages of using agents is the ability to easily get the
agent configured to monitor logs of any type
no matter where those logs live on
your file system. We posted the article on Reddit and there were some
interestingcomments
and
discussion – it’s fairly obvious that there is
2 min
API
SQL Export Report using the API
This morning we published the release of the new SQL Query Export
report. Simultaneously the Nexpose Gem
has released version 0.6.0
to support this new report format in all the reporting API calls (you must
update to this latest version to run the report). When the SQL Query Export is
paired with adhoc-report generation, you are a
3 min
ControlsInsight Year In Review
While many are already looking ahead and making security predictions for 2014
, it's also
important to pause and reflect on the year that's been. It's been a whirlwind
year for ControlsInsight. We developed and launched a new product from the
ground up - this in itself is an achievement that everyone involved should be
proud of.
Since launching in August, we've already released 7 product updates to quickly
make improvements based on us
3 min
IT Ops
5 Uses for Log Data That You Never Thought Of
When you think of logs, what do you think of? It’s most likely troubleshooting
software applications and the infrastructure that underlies them, keeping an eye
on your production apps…perhaps even database logs and some other things like
that. Traditional log management stuff…I’m guessing
it’s not sports cars, law enforcement, lighting, marketing metrics, and beer.
Well guess what? It can be!
1) Fact Check a Journalist
Back in February of 2013 The New York Times publis
2 min
Microsoft
December 2013 Patch Tuesday
One more go around the block for 2013 and like the last, late tropical storm of
the season, Microsoft is taking one last swipe and security and IT teams alike.
This Patch Tuesday features a solid 11 advisories affecting 6 different product
types. All supported versions of Windows, Office, Sharepoint, Exchange, Lync
and a mixed bag of developer tools are affected. 5 of the advisories are rated
critical, including one affecting Exchange and one affecting Sharepoint and
Lync, not to mention th
3 min
Exploits
Weekly Metasploit Update: New Meterpreter Extended API, Learning About HttpServer, HttpClient, and SAP
Meterpreter Extended API
This week, we've got some new hotness for Meterpreter in the form of OJ
TheColonial Reeves' new Extended API (extapi)
functionality. So far, the extended API is for Windows targets only (hint:
patches accepted), and here's the rundown of what's now available for your
post-exploitation delight:
* Clipboard Management: This allows for reading and writing from the target's
clipboard. This includes not only text, like you'd expect, but
2 min
Networking
Top 3 Reasons Small-to-Medium Businesses Fail at Security
Cyberattacks are on the rise with more sophisticated attack methods and social
engineering being employed against just about any entity with an Internet
presence. According to a recent study cited by the U.S. House Small Business
Subcommittee on Health and Technology, companies that were 250 persons or less
were the target of 20% of all cyberattacks. A more sobering claim of the study
is the roughly 60% of small businesses that close within 6 months following a
cyberattack.
While cyberattacks a