2 min
Metasploit
Weekly Metasploit Update: All Your Auth Are Belong To Us
This week, with RSA 2012 fast approaching and the final touches on Metasploit
version 4.2 getting nailed down, we've been in a code freeze for core Metasploit
functionality. However, that doesn't apply to the parade of modules, so here's
what's in store for the next -- and quite likely last -- update for Metasploit
4.1.
Authentication Credential Gathering and Testing
Jon Hart has been on fire with new Metasploit contributions -- this week, he's
come up with a trio of credential snarfing post mo
7 min
IT Ops
Digging into Engine Yard Logs
I’ve recently been playing with a number of PAAS platforms, and its bringing me
back somewhat to my days toying with J2EE application servers, JDBC drivers,
Relational DBs etc. Oh how I remember deploying servers and databases and then
checking out my shiny new application, remember the J2EE petstore
anyone?? 🙂
However the big difference with PAAS, over old school application servers is
that you do not need to spend a few days configuring them
3 min
Product Updates
What is this whole updating thing anyways?
Nexpose by default is programmed to reach out on startup and every six hours
afterward to the Rapid 7 update servers. At this time Nexpose checks for any new
product and vulnerability content updates. If any updates are available Nexpose
attempts to download and apply the data to the Security Console and local Scan
Engine. The Security Console also sends updates to any distributed Scan Engines
to which it is connected.
How do I disable automatic product updates?
The Security Console offers a fe
2 min
Metasploit
Getting The Most Out of Metasploit: Pentesting, Password Auditing, and Vulnerability Validation
When we talk to Metasploit users, they usually use it for either penetration
testing, password auditing or vulnerability validation, but few use it for more
than one of these purposes. By leveraging your investment in Metasploit, you can
triple-dip at the same price - no extra licenses needed.
Penetration Testing
With penetration testing, you can identify issues in your security
infrastructure that could lead to a data breach. Weaknesses you can identify
include exploitable vulnerabilities, we
2 min
Metasploit
Weekly Metasploit Update: New Payloads, New Modules, and PCAnywhere, Anywhere
PCAnywhere, Anywhere
The big news this week centered around Symantec's pcAnywhere. For starters,
there's a new ZDI advisory
for a buffer overflow
in the username field. More notably, though, was the advice in a Symantec white
paper which advises customers to "disable or remove Access Server and use remote
sessions via secure VPN tunnels." So, while the Metasploit elves bang away at a
proper buffer overflow module, HD Moore busted out a pa
2 min
Nexpose
How to Exploit A Single Vulnerability with Metasploit Pro
Metasploit Pro's smart exploitation function is great if you want to get a
session quickly and don't care about being "noisy" on the network, but there are
certain situations where you may want to use just one exploit:
* You're conducting a penetration test and want to exploit just one
vulnerability so you don't draw too much attention (i.e. you want to use a
sniper rifle, not a machine gun)
* You're a vulnerability manager and want to validate just one vulnerability to
know whether
3 min
Release Notes
Nexpose Reaches OWASP Top10 Coverage
Rapid7 is proud to announce that Nexpose's 5.1 web application scanning
capabilities can now detect all types of vulnerabilities in OWASP's Top10
! We've
completed this task with the addition of two new vulnerability checks, A5:
Cross-Site Request Forgery (CSRF)
and A8: Failure to Restrict
URL
Access . The next paragraphs
will describe
1 min
How to Import Vulnerability Scanner Reports Into Metasploit
It's easy to import third-party vulnerability scanning results into Metasploit.
These formats are supported:
* Acunetix XML
* Amap Log
* Appscan XML
* Burp Session XML
* Core Impact Pro XML
* Foundstone Network Inventory XML
* IP Address List
* Libpcap
* Microsoft MBSA SecScan XML
* nCircle IP360 (XMLv3 & ASPL)
* Metasploit PWDump Export
* Metasploit Zip Export
* Metasploit XML
* NetSparker XML
* Nessus XML (v1 & v2)
* Nexpose Simple XML
* Nexpose XML Export
* Nmap XML
* Qu
2 min
Nexpose
Find Vulnerable pcAnywhere Installations with DAGs
On Monday, Symantec made the rare decision
to tell their customer base to either uninstall or disable their remote control
software suite pcAnywhere . Symantec made
this decision because their users were at risk to be exploited by publicly known
vulnerabilities that they had not been able to create a patch for yet. This
recommendation to disable software due to act
4 min
Nexpose
"Pass the hash" with Nexpose and Metasploit
I am proud to announce that Nexpose 5.1.0 now supports "pass the hash"
, a technique to remotely
authenticate against a Windows machine (or any SMB/CIFS server) with the mere
possession of LM/NTLM password hashes, without needing to crack or brute force
them. Nexpose is able to use the hashes to perform credentialed scans to produce
very detailed scan results of all sorts of local and remote vulnerabilities that
may otherwise not be detectable.
And pe
2 min
Metasploit
Remote-Controlling Metasploit Through APIs
Metasploit offers some great ways to automate its functionality through a
programming interface. Metasploit users have built custom tools and processes
based on this functionality, saving them time to conduct repetitive tasks, or
enabling them to schedule automated tasks. Our most advanced customers have even
intgrated Metasploit Pro into their enterprise security infrastructure to
automatically verify the exploitability of vulnerabilities to make their
vulnerability management program more ef
2 min
Metasploit
Weekly Metasploit Update: Subverting NATs, 64-bit LoadLibrary Support, and More!
NAT-PMP'ing is now easy
This week, we have three new modules and an accompanying Rex protocol parser for
the NAT Port-Mapping Protocol (NAT-PMP
), the ad-hoc router
management protocol favored by Apple. Over the weekend, Rapid7 Lead Security
Engineer and confessed protocol nerd Jon Hart forgot the password to a
little-used Airport base station, so rather than merely resetting the device, he
instead busted out a trio of Metasploit modules t
5 min
Security Research: Video Conferencing Equipment Firewalls
Update: David Maldow of Human Productivity Lab wrote a response to the NYT
article that presented an industry perspective on our findings. Mythical
Videoconferencing Hackers and why we stand behind our claims.
Introduction
Today's issue of the New York Times contains an article
describing the results of research I conducted over the last three months. In
short, a large portion of vid
4 min
Metasploit
Metasploit Updated: Forensics, SCADA, SSH Public Keys, and More
Been a busy week here at Metasploit, so let's get to it.
Forensics-Centric Updates
New this week is Brandon Perry's offline Windows registry enhancements.
Featuring a pile of extensions to Rex (Metasploit's general purpose parsing
library) and the tools/reg.rb utility, this update builds on TheLightCosine's
ShadowCopy library and makes life a lot easier for the forensics investigator
looking to parse through Windows registry hives. Brandon goes into the technical
details over here
2 min
Get CPE Credits For Attending Free Rapid7 Online Webinars
Hopefully you're enjoying our webinars for their content, but did you know that
you're eligible to receive 1 CPE credit per webinar you attend? There's no need
to send us your CISSP number, just self-report in the (ISC)2 portal.
Here's how you do it (click on the images to enlarge):
1. Ensure you archive your webinar registration confirmation email in case you
get audited in the future.
2. Login into the (ISC)2 website and click on Submit CPEs.
3. On the next screen, scroll to the v