2 min
Metasploit
Weekly Update: Fun with ZPanel, MoinMoin, and FreeBSD
Chaining Zpanel Exploits for Remote Root
ZPanel is a fun, open source web hosting control panel, written in code
auditors' favorite language, PHP. For bonus points, ZPanel likes to do some
things as root, so it installs a nifty little setuid binary called 'zsudo' that
does pretty much what you might expect from a utility of that name -- without
authentication. In the wake of some harsh words on reddit and elsewhere in
regard to the character of ZPanel's development team, the project came to the
13 min
Metasploit
From the Wild to Metasploit: Exploit for MoinMoin Wiki (CVE-2012-6081)
Recently we've added to Metasploit a module for CVE-2012-6081,
an arbitrary file
upload vulnerability affecting to the version 1.9.5 (patched!) of the MoinMoin
Wiki software. In this blog entry we would like to share
both the vulnerability details and how this one was converted in RCE (exploited
in the wild!) because the exploitation is quite interesting, where several
details must have into account to successful e
2 min
Product Updates
Weekly Update: Smaller is Better
In this week's episode, the role of Tod Beardsley will be played by egypt.
Smaller is better
Perhaps the most prominent addition to the framework this week is not an
addition at all, but rather a deletion. We've been working toward a slimmer,
more manageable source tree for a while now, and as part of that effort, we
recently removed a pile of old-and-busted unit tests. This update goes a bit
further, moving source code for some compiled payloads into seperate
repositories. Metasploit's version
7 min
XSS
Cross-site Scripting (XSS) Attacks vs SQL Injection Attacks (SQLi)
A common misunderstanding in the world of Web Application Security is the
difference between the consequences of a cross-site scripting
vulnerability and
the consequences of an SQL Injection Attacks (SQLi)
. We can even go a
step back and say the misunderstanding is on a much broader level; the
difference in consequences between a client-side exploitable vulnerability and a
ser
2 min
Video Tutorial - Installing Kali Linux on Bootable, Persistent USB
Author: Jeremy Druin (webpwnized)
Twitter: @webpwnized
Title: Installing Persistent Kali Linux on Bootable USB Flash Drive
From: ISSA KY June 2013 Workshop
Recorded By: Adrian Crenshaw (@irongeek_adc)
This video covers the installation of Kali Linux on a USB drive. Additionally,
setting up persistence on a separate partition is reviewed including how the
persistence works. A Kali Linux virtual machine is used to create the USB.
The workshop was done to support the Long family. Johnny Long
4 min
Custom Vulnerability Checks using Nexpose's Vulnerability Schemas
Over the years, several documents have been written about how to write custom
vulnerability checks in Nexpose. The most important of these include one about
the various components of a vulnerability check
, one
that
gives examples of common vulnerability checking techniques
,
and another about converting NASL checks to something compatible with Nexpo
1 min
Patch Tuesday - June Edition
The top patching priority in this month's MS Tuesday is MS13-051 which is a
vulnerability affecting Office 2003 for PCs and Office 2011 for Mac. This issue
is seeing limited, targeted exploitation in the wild and the only reason
Microsoft hasn't tagged it as a “Critical” issue is the limited number of
affected platforms. Exploitation of this issue requires the user to interact
with a malicious document.
The kernel elevation of privilege issue disclosed by Google researcher Tavis
Ormandy bug i
6 min
Nexpose
Guide to HTTP Header Configuration
Guide to HTTP Header Configuration
This guide is designed to show how to setup an authenticated web application
scan using HTTP Headers using Metasploit as the target web application. We will
also go over using the Firebug and Cookie Importer Add-ons in firefox to
manually test HTTP headers.
The first thing we want to do is open Firefox and download the ‘Cookie Importer'
and ‘Firebug' Add-ons.
Now that we have our Add-ons installed we will want to restart our brower and
then start
3 min
Product Updates
Weekly Update: The Nginx Exploit and Continuous Testing
Nginx Exploit for CVE-2013-2028
The most exciting element of this week's update is the new exploit for Nginx
which exercises the vulnerability described by CVE-2013-2028
. The
Metasploit module was written by Metasploit community contributors hal and
saelo, and exploits Greg McManus's bug across a bunch of versions on a few
pre-compiled Linux targets. We don't often come across remote, server-side stack
buffer overflows in popul
3 min
Authentication
John the Ripper 1.8.0
Hi,
Concluding phase one of the Magnificent7 project, I've released John the Ripper
1.8.0 today. This version
number reflects that we view this as a major release, considering that version
1.7 came out in early 2006 - more than 7 years ago - and there have been only
(many) minor releases during those years (the latest of them being 1.7.9).
Curiously, it's also been a little over 7 years between versions 1.6 (late 1998)
and 1.7, so it was t
1 min
SecurityStreet Talks - Houston
Join UHY Advisors and Rapid7 for an afternoon of learning, networking and
discussion with your peers from the Houston security community.
Presenters include Zate Berg, Internal Security Manager at Rapid7, Chris Ward
with Vinson & Elkins LLP, Security Evangelist's Quincy Jackson and Kenneth
Sayles, and more. The afternoon will consist of short, 30-45 minute
presentations focused on hacking industrial control systems, building risk
management methodologies, security philosophy and information sec
2 min
IT Ops
Heroku Account Consolidation-Single View of all your Logs
If you host multiple apps on Heroku, you know the pain of having to log in to a
separate add-on account for each of your Heroku apps. Whether you’re monitoring
several different production applications, have separate apps for your
production, staging, and test environments, or are a consultant in charge of
administering separate applications for each of your clients you know how
irritating it can be to constantly have to switch between accounts.
This is particularly annoying when you’re trying
3 min
Metasploit
Weekly Update: 4.6.1, ColdFusion Exploit, and SVN Lockdown
Metasploit 4.6.1 Released
This week's update bumps the patch version of Metasploit to 4.6.1 (for installed
versions of Metasploit). The major change here is the ability to install
Metasploit on Windows 8 and Windows Server 2012. That meant we had to fiddle
with the installer and a few of Metasploit Pro's dependencies to get that all
working correctly, and that led to skipping last week's release so we could be
sure all the moving parts lined up correctly.
This release also fixes a few minor iss
3 min
Metasploit
Git Clone Metasploit; Don't SVN Checkout
TL;DR: Please stop using SVN with
svn co https://www.metasploit.com/svn/framework3/trunk
and start using the GitHub repo with
git clone git://github.com/rapid7/metasploit-framework
As of today, a few of you may notice that an attempt to update Metasploit
Framework over SVN (instead of git or msfupdate) results in an authentication
request. If you try to SVN checkout on Windows, using TortoiseSVN, you will see
a pop up much like this:
For command line people, if you try to 'svn co' or 'svn
2 min
Nexpose
Nexpose 5.6 - Top Remediation Reports - Reports that provide the biggest bang for your buck
Nexpose 5.6, in case you haven't heard, added the Top Remediation report
templates. Why is this a game changer??? Because now you can view security from
an actionable lens that focuses and expands to fit your needs. The report
orders the remediations according to their effect on your organization, rolling
up solutions across assets and allowing you to take the most impactful steps
available. What does this mean for you? Well instead of asking "what is wrong",
you can now ask "what should I do".