3 min
Metasploit
The Forgotten Spying Feature: Metasploit's Mic Recording Command
About two years ago, Metasploit implemented
the microphone recording feature to stdapi thanks to Matthew Weeks
. And then almost a year ago, we actually
lost that command
due to a typo. We, and apparently everyone else, never noticed that until I was
looking at th
2 min
Weekly Update: Metasploit 4.5.1, MSFUpdate, and More Wordpress Hijinks
MSFUpdate
This week, we've addressed the changes introduced by Metasploit 4.5 on the
command line updater, msfupdate. You can read about it over here
, but the gist of it is, if you
want to continue using msfupdate, you will want to take a few tens of seconds to
activate your Metasploit installation, or get yourself moved over to a fully
functional git clone of the Metasploit Framework. And speaking of updates...
Update to 4.5.1
Lately, Metasploit u
5 min
Product Updates
Update to the Metasploit Updates and msfupdate
The Short Story
In order to use the binary installer's msfupdate, you need to first register
your Metasploit installation. In nearly all cases, this means visiting
https://localhost:3790 and filling out the form. No
money, no dense acceptable use policy, just register and go. Want more detail
and alternatives? Read on.
Background
A little over a year ago, Metasploit primary development switched to Git as a
source control platform and GitHub as our primary source hos
1 min
Metasploit
Hacking like it's 1985: Rooting the Cisco Prime LAN Management Solution
On January 9th Cisco released advisory cisco-sa-20130109
to address a vulnerability in the "rsh" service running on their Cisco Prime LAN
Management Solution virtual appliance. The bug is as bad as it gets - anyone who
can access the rsh service can execute commands as the root user account without
authentication. The example below demonstrates how to exploit this flaw using
Metasploit.
First off, the
1 min
Video Tutorial: Introduction to Burp-Suite 1.5 Web Pen Testing Proxy
Author: webpwnized (Twitter: @webpwnized)
Tool: Burp-Suite 1.5 Free Edition
Length: ~1 hour
After installing Burp-Suite, this video covers how to configure the proxy to
intercept, pause, alter, and test requests and responses between a web browser
and a web server (web site).
Much of the basic functionality and some more advanced settings are reviewed
including the Target, Proxy, Sequencer, Repeater, Intruder, and Decoder tab.
While there are many more settings and features than can be covere
5 min
Exploits
Exploiting Ruby on Rails with Metasploit (CVE-2013-0156)
Background
Earlier this week, a critical security flaw
in Ruby on Rails (RoR) was identified that could expose an application to remote
code execution, SQL injection
, and denial of
service attacks. Ruby on Rails is a popular web application framework that is
used by both web sites and web-enabled products and this flaw is by far the
worst
2 min
Metasploit
Weekly Metasploit Update: Rails Scanning, ZDI, and Exploit Dev
Rails Injection Bug
The big news this week turned out to be the new Rails injection bug, aka,
CVE-2013-0156, which you can read about in detail over on HD Moore's blog post.
Soon after the vulnerability was disclosed, @hdmoore had a functional auxiliary
scanner module put together, so as of this moment, you're encouraged to scan the
heck out of your environment, repeatedly, for vulnerable Rails apps. Every Rails
application developed and deployed is vulnerable to this (absent a fix or
workaround
4 min
Metasploit
Serialization Mischief in Ruby Land (CVE-2013-0156)
This afternoon a particularly scary advisory
was posted to the Ruby on Rails (RoR) security discussion list. The summary is
that the XML processor in RoR can be tricked into decoding the request as a YAML
document or as a Ruby Symbol, both of which can expose the application to remote
code execution or SQL injection. A gentleman by the name of Felix Wilhelm went
into detail
4 min
Penetration Testing
Free Metasploit Penetration Testing Lab in the Cloud
No matter whether you're taking your first steps with Metasploit or if you're
already a pro, you need to practice, practice, practice your skillz. Setting up
a penetration testing lab can be time-consuming and expensive (unless you have
the hardware already), so I was very excited to learn about a new, free service
called Hack A Server, which offers vulnerable machines for you to pwn in the
cloud. The service only required that I download and launch a VPN configuration
to connect to the vulnerab
3 min
Metasploit
Using BackTrack 5 R3 with Metasploit Community or Metasploit Pro
Update: Kali Linux now superseded BackTrack as a platform. We strongly recommend
using Kali Linux over BackTrack if you are going to run Metasploit. More info
here
.
As of version 5 R3, BackTrack comes pre-installed with Metasploit 4.4, so it's
now easier to use Metasploit Community Edition or Metasploit Pro on BackTrack.
Here is how it's done:
* After BackTrack boots, enter startx t
6 min
Guide to monitoring JVM Memory usage
This guide is designed to show a few techniques to monitor how the Java Virtual
Machine (JVM) memory is used. When Nexpose starts, it takes a 75% sized chunk of
the available memory. The memory utilization graph of your system will just
appear to flat-line.** But what does it really do with all that memory?
Hopefully by the end of this guide you will have a better idea of what goes on
under that line and be able to tweak your systems to maximum efficiency.**
How does memory usage work with the
5 min
Exploits
Security Death Match: Open Source vs. Pay-for-Play Exploit Packs
In the blue corner: an open-source exploit pack. In the red corner: a
pay-for-play incumbent. As a security professional trying to defend your
enterprise against attacks, which corner do you bet on for your penetration
tests?
What's the goal of the game?
Okay, this is a loaded question, because it really depends on what your goal is.
If you are like 99% of enterprises, you'll want to protect against the biggest
and most likely risks. If you are the 1% that comprise defense contractors and
the
2 min
Metasploit
How Metasploit's 3-Step Quality Assurance Process Gives You Peace Of Mind
Metasploit exploits undergo a rigorous 3-step quality assurance process so you
have the peace of mind that exploits will work correctly and not affect
production systems on your next assignment.
Step 1: Rapid7 Code Review
Many of the Metasploit exploits are contributed by Metasploit's community of
over 175,000 users, making Metasploit the de-facto standard for exploit
development. This is a unique ecosystem that benefits all members of the
community because every Metasploit user is a “sensor”
8 min
Metasploit
New Metasploit Exploit: Crystal Reports Viewer CVE-2010-2590
In this blog post we would like to share some details about the exploit for
CVE-2010-2590, which we released in the last Metasploit update. This module
exploits a heap-based buffer overflow, discovered by Dmitriy Pletnev, in the
CrystalReports12.CrystalPrintControl.1 ActiveX control included in
PrintControl.dll. This control is shipped with the Crystal Reports Viewer, as
installed by default with Crystal Reports 2008. While this is a vulnerability
from the end of 2010, its exploitation has some
2 min
Metasploit
Weekly Metasploit Update: CrystalReports and Testing Discipline
Dissecting CrystalPrintControl
This week's update is, by all accounts, pretty light. This may be the first
update we've shipped that has exactly one new module. To make up for the lack
of quantity, though, we've got some quality for you, oh boy.
If it's snowy and blustery where you live, grab yourself a cup of hot cocoa,
gather the kids, and watch their little eyes twinkle in the firelight as you
regale them with the classic fable of how Metasploit Exploitation Elf Juan
@_juan_vazquez