1 min
Metasploit
Creating a FISMA report in Metasploit Pro
If you're working in IT security in U.S. federal government, chances are that
you have to comply with the Federal Information Security Management Act of 2002
(FISMA). With Metasploit Pro, you can generate FISMA compliance reports that map
penetration testing findings to controls, as recommended by Special Publication
800-53a (Appendix G) published by the National Institute of Standards and
Technology (NIST) and by Consensus Audit Guidelines issued by a number of
constituents including NIST and f
1 min
Metasploit
Pentest Web Servers You Didn't Know You Had
Most tools for web application security testing have the approach of going deep
into an application to uncover issues inside a single web application. There's
nothing wrong with this approach if you want to do a deep dive into one specific
web application, especially if it is a major application exposed on the Web. The
other approach is to see what web servers are running on a network and seeing if
they can be exploited with quick and scalable testing. This is the approach
Metasploit Pro takes.
3 min
Metasploit
How to leverage the command line in Metasploit Pro
"I'm more comfortable with the Metasploit command line," is an objection I often
hear from long-time Metasploit Framework users who are thinking about purchasing
a copy of Metasploit Pro or Metasploit Express. What many penetration testers
don't know is that you can use the command line in the commercial Metasploit
editions, and leverage their advantages at the same time.
Reporting: The commercial Metasploit editions include one-click reporting that
includes any work you have completed on the
1 min
Metasploit
Jumping to another network with VPN pivoting
VPN Pivoting is one of the best but also most elusive features in Metasploit
Pro, so the best way is to see it. That's why I've decided to post a snippet of
a recent webinar, where HD Moore shows this feature in action.
VPN pivoting enables users to route any network traffic through an exploited
host with two NICs to a different network. For example, you could run nmap,
Metasploit network discovery, or Nexpose vulnerability scans through the VPN
pivot. Using a TUN/TAP adaptor on the Metasploit
1 min
Penetration Testing
On-demand Webcast: How to Set Up a Penetration Testing Lab
The recording of the webinar "How to set up a penetration testing test lab" is
now online [http://www.rapid7.com/resources/webcast-pentest-lab.jsp]. Big thanks
to Matt for a great presentation, and huge thanks too all of the participants
for the great questions and input, which I've included in the Q&A transcription.
Webinar resources:
* Webinar recording [http://www.rapid7.com/resources/webcast-pentest-lab.jsp]
* Webinar slides [https://community.rapid7.com/docs/DOC-1625]
Related blog po
1 min
Penetration Testing
10 Places to Find Vulnerable Machines for Your Lab
It can sometimes be challenging to find vulnerable machines for your penetration
testing or vulnerability management lab. Here's a list of vulnerable machines
you should check out:
1. Metasploitable
[http://information.rapid7.com/download-metasploitable.html?LS=1631875&CS=web]
2. UltimateLAMP [http://ronaldbradford.com/tmp/UltimateLAMP-0.2.zip]
3. Web Security Dojo [http://sourceforge.net/projects/websecuritydojo/files/]
4. OWASP Hackademics
[https://code.google.com/p/owasp-ha
1 min
Penetration Testing
Using the <base> tag to clone a web page for social engineering attacks
Social engineering campaigns can be a lot more effective if you can impersonate
a well-known website that users trust. However, when you simply clone a website
by cutting-and-pasting the page source and putting it on your own server, your
links will stop working. Copying all links and images from the other site can be
cumbersome, but there's an alternative: the HTML <base> tag. It specifies a
default address/target for all links on a page; it is inserted into the head
element.
Let's say you've
1 min
Skills
Metasploit Tutorial: An introduction to Metasploit Community
Marcus J. Carey put together some great Metasploit Tutorial videos about
Metasploit Community that I want to share with you. Metasploit Community Edition
simplifies network discovery and vulnerability verification for specific
exploits, increasing the effectiveness of vulnerability scanners such as Nexpose
– for free. You can view these videos to get started with Metasploit Community,
or to get a first impression of the product.
If you don't have them already, download the free Metasploit Comm
3 min
Metasploit
Installing Metasploit Community Edition on BackTrack 5 R1
Update: I just published a new blog post for using Metasploit on BackTrack 5 R2
[/2012/05/30/install-metasploit-on-backtrack].
BackTrack 5 R1 comes pre-installed with Metasploit Framework 4.0. Unfortunately,
Metasploit Community, which brings a great new Web UI and other functionality,
was introduced in version 4.1, so it's not included by default. Updating
Metasploit Framework using the msfupdate command will not install the Web UI. In
addition, BT5 only makes the development trunk available,
1 min
Metasploit
Adding custom wordlists in Metasploit for brute force password audits
In any penetration test that involves brute forcing passwords, you may want to
increase your chances of a successful password audit by adding custom wordlists
specific to the organization that hired you. Some examples:
* If you are security testing a hospital, you may want to add a dictionary with
medical terms.
* If you're testing a German organization, users are likely to use German
passwords, so you should add a German wordlist.
* Another good idea is to build a custom wordlist b
2 min
Metasploit
Three Great New Metasploit Books
I've seen three great Metasploit books published lately. The one that most
people are probably already familiar with is Metasploit: The Penetration
Tester's Guide by David Kennedy, Jim O'Gorman, Devon Kearns and Mati Aharoni.
The book is very comprehensive, and packed full of great advice. David Kennedy
is Chief Information Security Officer at Diebold Incorporated and creator of the
Social-Engineer Toolkit (SET), Fast-Track, and other open source tools, so he
really knows his stuff. By the way,
1 min
Metasploit
Joshua Corman discovers HD Moore's Law
At Metricon6 and later on his blog Cognitive Dissidents
[http://cognitivedissidents.wordpress.com/2011/11/01/intro-to-hdmoores-law/],
Joshua Corman presented his latest discovery - HD Moore's Law:
"Casual Attacker power grows at the rate of Metasploit"
Which is basically a different way of saying that Metasploit is the minimum bar
you need to test for if you want to keep your network secure.
HD Moore created the Metasploit Project in 2003 to provide the security
community with a public resou
1 min
Penetration Testing
Getting Management Buy-In for Penetration Testing
I often hear from technical IT folks that communicating the benefit of a
penetration test is difficult, especially to a business audience. "You want me
to authorize you to break into my systems?" they ask.
We are all afraid of things we don't understand. This is why you should first
make your management comfortable with the concept of penetration testing. Why
don't you try this example: We should all visit our doctor for regular medical
check-ups, even when we feel healthy. This is the only way
2 min
Metasploit
PCI DIY: How to do an internal penetration test to satisfy PCI DSS requirement 11.3
If you're accepting or processing credit cards and are therefore subject to PCI
DSS, you'll likely be familiar with requirement 11.3, which demands that you
"perform penetration testing at least once a year, and after any significant
infrastructure or application upgrade or modification". What most companies
don't know is that you don't have to hire an external penetration testing
consultant - you can carry out the penetration test internally, providing you
follow some simple rules:
* Sufficie
1 min
Metasploit
How to update to Metasploit 4.0
If you're packing to go to Black Hat, Defcon or Security B-Sides in Las Vegas,
make sure you also download Metasploit 4.0 to entertain you on the plane ride.
If you missed the recent announcement, check out this blog post
[/2011/07/26/metasploit-pro-40-brings-greater-enterprise-integration-cloud-deployment-options-and-penetration-testing-automation]
for a list of new features.
The new version is now available for all editions, and here's how you upgrade:
* Metasploit Pro and Metasploit Expre