2 min
Exploits
Metasploit Bounty: Code, Sweat, and Tears
After more than 30 days of hardcore and intense exploit hunting, the Metasploit
Bounty program has finally come to an end. First off, we'd like to say that even
though the Metasploit Framework has made exploit development much easier, the
process is not always an easy task. We're absolutely amazed how hard our
participants tried to make magic happen.
Often, the challenge begins with finding the vulnerable software. If you're
lucky, you can find what you need from 3rd-party websites that mirror
3 min
IT Ops
Caching AJAX Responses in JavaScript
Ajax is a great tool for creating responsive dynamic web pages. Although Ajax
updates are usually much faster than page reloads, there is still considerable
delay when considering Ajax for pages that require real-time responses (content
updating in real time).
This gets even more complicated in fully dynamic user interfaces. Interfaces
structured within web pages with URLs that allow for anchor and back button
navigation and which require real time updating, in particular, can suffer from
repea
3 min
Compliance
Disclosure, Destruction, and Denial
A few years ago while I was working at Defense Cybercrime Center (DC3), one of
my colleagues Terrence Lillard talked about the DDD triad in regards to what
attackers want to do to organization's assets. I haven't heard anyone outside of
him using that term, but I think it's worth sharing. I participated in an
awesome mini-conference event last week with the Metasploit Developement team
and this came up during my talk on Risk Management. When I asked the audience of
seasoned security practicioner
2 min
Patch Tuesday
July Patch Tuesday
Only four bulletins in July's Patch Tuesday, but patching a not insignificant 22
vulnerabilities. Only one of the bulletins is classified “critical”: MS11-053.
This should be taken seriously as it can allow remote command execution to
clients on Windows 7 and Windows Vista. This could affect both consumer and
corporate users.
In addition, wireless vulnerabilities like this one (MS11-053) are always
considered quite sexy because if successfully exploited they allow attackers to
do anything the
2 min
Events
The Security Confab
On the homepage of the 5th Annual Security Confab, a sort of mission statement
for the event is provided with a simple explanation of the meaning of the word
“confab”:
CONFAB -noun
1. a gathering to talk informally; converse; chat
I think this is important. The event's main theme is “The Evolving Threat
Landscape” and at Rapid7 we're pretty vocal about how important we think
collaboration is in addressing this, so it's good to see and attend events that
aim to create an opportunit
2 min
Metasploit
Testing Snort IDS with Metasploit vSploit Modules
One of my key objectives for developing the new vSploit modules
was to test network devices such as Snort . Snort or Cisco
enterprise
products are widely deployed in enterprises, so Snort can safely be considered
the de-facto standard when it comes to intrusion detection systems (IDS). So
much
1 min
Metasploit
Metasploit Exploit Bounty - Status Update
A few weeks ago the Metasploit team announced a bounty program
for a list
of 30 vulnerabilities that were still missing Metasploit exploit modules. The
results so far have been extremely positive and I wanted to take a minute to
share some of the statistics.
As of last night, there have been 27 participants in the bounty program
resulting in 10 submissions, with 5 of those already comitted to the open source
repository and t
5 min
Metasploit
Meterpreter HTTP/HTTPS Communication
The Meterpreter payload within the Metasploit Framework (and used by Metasploit
Pro) is an amazing toolkit for penetration testing and security assessments.
Combined with the Ruby API on the Framework side and you have the simplicity of
a scripting language with the power of a remote native process. These are the
things that make scripts and Post modules great and what we showcase in the
advanced post-exploit automation available today. Metasploit as a platform has
always had a concept of an est
11 min
Metasploit
MS11-030: Exploitable or Not?
If you weren't already aware, Rapid7 is offering a bounty
for
exploits that target a bunch of hand-selected, patched vulnerabilities. There
are two lists to choose from, the Top 5 and the Top 25
. An exploit for an issue in the
Top 5 list will receive a $500 bounty and one from the Top 25 list will fetch a
$100 bounty. In addition to a monetary reward, a successful participant also
1 min
Metasploit
Metasploit Framework Console Output Spooling
Sometimes little things can make a huge difference in usability -- the
Metasploit Framework Console is a great interface for getting things done
quickly, but so far, has been missing the capability to save command and module
output to a file. We have a lot of small hacks that makes this possible for
certain commands, such as the "-o" parameter to db_hosts and friends, but this
didn't solve the issue of module output or general console logs.
As of revision r13028 the console now supports the sp
1 min
Introducing Cocktails with Customers
The title of my post today may lead you to think we're promoting yet another of
our famous parties. I'm sure it won't be long until that's the case
(particularly with the likes of BlackHat and B-Sides just around the corner),
but for today my focus is firmly on this blog. I wanted to take a couple of
minutes to introduce a new series of posts from Jen Benson on Rapid7's customer
engagement. Jen is titling this series Cocktails with Customers and if any of
our customers are in the LA area near he
1 min
Release Notes
Metasploit Framework 3.7.2 Released!
It's that time again! The Metasploit team is proud to announce the immediate
release of the latest version of the
Metasploit Framework, 3.7.2. Today's release includes eleven new exploit modules
and fifteen post modules for your pwning pleasure. Adding to Metasploit's
well-known hashdump capabilities, now you can easily steal password hashes from
Linux, OSX, and Solaris. As an added bonus, if any of the passwords were hashed
with crypt_blowfish (which is the d
1 min
Patch Tuesday
June Patch Tuesday
This month's Patch Tuesday was another biggie: 16 bulletins addressing 34
vulnerabilities across IE, Office and Windows...
Top of the list of things to watch out for are two “critical” bulletins:
MS11-050 and MS11-52. These are are effectively attacker's delight since they
are browser based, which are the most coveted exploits. They affect Internet
Explorer 6,7, and 8: and once these vulnerabilities are weaponized they will be
a significant problem as many organizations give their users admi
1 min
Metasploit
Emulating ZeuS DNS Traffic with Metasploit Framework
vSploit Modules will be released at DEFCON
This is a follow-up post for vSploit - Virtualizing Intrusion & Exploitation
Attributes with Metasploit Framework
about using Metasploit as a way to test network infrastructure countermeasures
and coverage. I mentioned obtaining list of suspicious domains to use for
testing organization's networking intellig
2 min
Metasploit
vSploit - Virtualizing Intrusion & Exploitation Attributes with Metasploit Framework
Many organizations are making significant investments in technologies in order
to tell if they have been compromised; however, frequently they find out when it
is too late. There are several network-based attributes that, when combined,
indicate possible compromises have taken place. Many pentesters are successful
at compromising hosts; however, commonly they are restricted in what they can
and can't do. There needs to be a way that they can sucessfully mimick threats
and scenarios, even when re