3 min
Exploits
5 Tips to Ensure Safe Penetration Tests with Metasploit
Experienced penetration testers know what to look out for when testing
production systems so they don't disrupt operations. Here's our guide to ensure
smooth sailing.
Vulnerabilities are unintentional APIs
In my warped view of the world, vulnerabilities are APIs that weren't entirely
intended by the developer. They hey are also undocumented and unsupported. Some
of these vulnerabilities are exploited more reliably than others, and there are
essentially three vectors to rank them:
* Exploit s
2 min
Metasploit
Introduction to Metasploit Hooks
Metasploit provides many ways to simplify your life as a module developer. One
of the less well-known of these is the presence of various hooks you can use for
processing things at important stages of the module's lifetime. The basic one
that anyone who has written an exploit will be familiar with is exploit, which
is called when the user types the exploit command. That method is common to all
exploit modules. Aux and post modules have an analogous run method. Common to
all the runnable modules
8 min
Metasploit
The Odd Couple: Metasploit and Antivirus Solutions
I hear a lot of questions concerning antivirus evasion with Metasploit, so I'd
like to share some the information critical to understanding this problem. This
blog post is not designed to give you surefire antivirus (AV) evasion
techniques, but rather to help you understand the fundamentals of the issue.
A Quick Glossary
Before we begin, let's define a few terms. This will be important for
understanding some of the things we will discuss.
Payload: A payload is the actual code that is being del
3 min
Metasploit
Weekly Metasploit Update: Exploit Dev How-to and InfoSec Targets
Metasploit 4.5 has been out for a few days, so it's high time for an update.
Let's hop to it!
1000th Exploit: Freefloat FTP WMI
I often hear the question, "How do I get started on writing exploits?" Well, I'd
like to point you to Metasploit's 1000th exploit (future Hacker Jeopardy
contestants, take note): On December 7, 2012, Wei "sinn3r" Chen and Juan Vazquez
committed FreeFloat FTP Server Arbitrary File Upload
. Now,
as
4 min
Exploits
November Exploit Trends: Apache Killer Exploit New to List
This month was a quiet one on the Metasploit Top Ten List. Each month we compile
a list of the most searched exploit and auxiliary modules from our exploit
database . To protect user's privacy, the statistics
come from analyzing webserver logs of searches, not from monitoring Metasploit
usage.
The only new addition to the list this month is an old Apache Killer exploit.
Read on for the rest of November's exploit and auxiliary modules with commentary
by Metasploit's o
2 min
Nexpose
Introducing Nexpose 5.5 - CIS, USGCB 2, Enhanced Reporting, and Data Scalability
For those of you that don't know me, I head up the Nexpose engineering team, and
we are excited to introduce the latest release, Nexpose 5.5. This release
focuses on meeting three big needs that we've heard about from our customers.
The first is configuration assessment. This is a big deal for organizations that
are subject to regulatory or internal standards that require confirmation of
specific configurations of IT assets, such as USGCB 2.0. For those
organizations, proving compliance is pain
2 min
Metasploit Hits 1000 Exploits
Along with today's 4.5 release
,
Metasploit hit a thousand exploits.
So, what does that mean? Well, let's take a look, historically.
When Metasploit 1.0 was released on October 6, 2003, it boasted all of 11
exploits, according to this mailing list post
. Now, this is 9 years ago,
so an announcement on a mailing list of more than one exploit was pretty novel,
and "a ton
15 min
Malware
Skynet, a Tor-powered botnet straight from Reddit
While wandering through the dark alleys of the Internet we encountered an
unusual malware artifact, something that we never observed before that gave us
fun while we meticulously dissected it until late night.
The more we spent time looking at it, the more it started to look unusually
familiar. As a matter of fact it turned out being the exact same botnet that an
audacious Reddit user of possible German origin named “throwaway236236”
described in a very popular I Am A thread you can read here
2 min
What would Trinity do with Kingcope's SSH 0day?
Citizens of the Matrix,
Today, I'd like to inform you that there is a Tectia SSH 0day vulnerability
discovered by security researcher "Kingcope "... or
really, we suspect his real name is Mr. Thomas Anderson
. The vulnerability itself
allows any remote user to bypass login if a USERAUTH CHANGE REQUEST is sent
before password authentication, and then gain access as root. Please note as of
now, there is no official patc
2 min
A New Look for Rapid7
Today we unveiled a new logo, website and brand identity for Rapid7. We didn't
make a subtle change, as many companies do. We purposefully made sweeping
changes because we don't like to do anything half way. Yet our new brand bridges
our history and our future.
Our company was founded upon a simple premise: IT security is a complex
challenge, but the solutions designed to address it shouldn't be. We believed
then, and we believe now, that IT security solutions should make your work
easier, mo
2 min
Metasploit
Weekly Metasploit Update: OpenVAS, SAP, NetIQ, and More!
Now that I've consumed a significant percentage of my own weight in turkey
(seriously, it was something like five percent), it's time to shake off the
tryptophan and get this week's update out the door.
Attacking Security Infrastructure: OpenVAS
This week's update features three new module for bruteforcing three different
OpenVAS authentication mechanisms, all provided by community contributor Vlatko
@k0st Kosturjak. OpenVAS is an open source security
management stac
2 min
IT Ops
Getting terminal colors right
As a part of our work on ANSI escape code coloring, I looked in detail at
default colors used in different command line terminals. It appears form the
Wikipedia article that colors
are set at their brightest level with minor variances across implementations:
Adapting these color schemes gives the result as in the following picture:
If you try to read the te
2 min
Metasploit
Weekly Metasploit Update: Web Libs, SAP, ZDI, and More!
Fresh Web Libs
As we head into the holiday season here in the U.S., Metasploit core developers
Tasos @Zap0tek Laskos and James @Egyp7
Lee finished up a refresh of the Metasploit fork of
the Anemone libraries, which is what we use for basic web spidering. You can
read up on it here . The Metasploit fork isn't
too far off of Chris Kite's mainline distribution, but does account for
Metasploit's Rex sockets, ad
18 min
New 0day Exploits: Novell File Reporter Vulnerabilities
Today, we present to you several new vulnerabilities discovered in Novell File
Reporter 1.0.2, which "helps organizations more effectively manage network
storage by providing administrators the ability to access comprehensive network
storage information so that they can determine the best means of addressing
their storage content". Following our standard disclosure policy, we notified
both Novell and CERT.
Vulnerabilities Summary
The four vulnerabilities presented have been found in the same co
4 min
Metasploit
Weekly Metasploit Update: WinRM x2, ADDP, RealPort, CI and BDD
WinRM, Part Two
In the last Metasploit update blog post, we talked about the work from
Metasploit core contributors @TheLightCosine
, @mubix and @_sinn3r on
leveraging WinRM / WinRS. As of this update, Metasploit users can now execute
WQL queries
, execute
commands ,
an