4 min
Metasploit
Introducing RubySMB: The Protocol Library Nobody Else Wanted To Write
The Server Message Block (SMB) protocol family is arguably one of the most
important network protocols to be conversant in as a security professional. It
carries the capability for File and Print Sharing, remote process execution, and
an entire system of Named Pipes that serve as access points to any number of
services running on a machine, such as Microsoft SQL Server. For users of
Metasploit [https://rapid7.com/products/metasploit/], they will know SMB as the
protocol used for PSExec
[https:/
4 min
Replacing Pedantry with Positive Interaction
The recent vBulletin hack is the most recent case of a compromise being labeled
as a ‘sophisticated attack.' Predictably, the internet exploded with people
complaining about this label, stating that it was just SQL Injection. The same
thing occurred with the news of the TalkTalk breach. Before that, the
Playstation Network breach comes to mind, although there have surely been many
in between. I will issue my mea culpa right now. I have publically blasted
people for this in the past. But today I
5 min
Metasploit
Safely Dumping Domain Hashes, with Meterpreter
UPDATE: It has been pointed out that there is prior work worth noting. This
blog
post
[http://www.dcortesi.com/blog/2005/03/22/using-shadow-copies-to-steal-the-sam/]
by Damon Cortesi [https://twitter.com/dacort] talked about using Volume Shadow
Copy to get the SAM file back in 2005. As with all things in our Industry, we
stand on the shoulders of those who came before us. We would certainly not want
to take away from anyone else's previous work and accomplishments.
Dumping the stored password
9 min
Metasploit
12 Days of HaXmas: Buffer Overflows Come and Go, Bad Passwords are Forever
This post is the fourth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014.
This summer, the Metasploit team began the large undertaking of reworking
credentials throughout the project. Metasploit, as you already know, began as a
collection of traditional exploits. Over the years it has grown into much more
than that. Credentials were first introduced into Metasploit in the form of
Auxiliary Sc
7 min
Metasploit
PSExec Demystified
Multiple modules inside the Metasploit Framework bear the title PSExec, which
may be confusing to some users.
When someone simply refers to “the PSExec module”, they typically mean
exploit/windows/smb/psexec, the original PSExec module. Other modules are more
recent additions, and make use of the PSExec technique in other ways. Here's a
quick overview of what these modules are for:
Metasploit Module
Purpose
Comment
exploit/windows/smb/psexec
Evading anti-virus detection
Service EXE
8 min
Metasploit
The Odd Couple: Metasploit and Antivirus Solutions
I hear a lot of questions concerning antivirus evasion with Metasploit, so I'd
like to share some the information critical to understanding this problem. This
blog post is not designed to give you surefire antivirus (AV) evasion
techniques, but rather to help you understand the fundamentals of the issue.
A Quick Glossary
Before we begin, let's define a few terms. This will be important for
understanding some of the things we will discuss.
Payload: A payload is the actual code that is being del
6 min
Metasploit
Abusing Windows Remote Management (WinRM) with Metasploit
Late one night at Derbycon [https://www.derbycon.com/], Mubix
[https://twitter.com/mubix] and I were discussing various techniques of mass
ownage. When Mubix told me about the WinRM service, I wondered: "Why don't we
have any Metasploit modules for this yet?" After I got back , I began digging.
WinRM/WinRS
WinRM is a remote management service for Windows that is installed but not
enabled by default in Windows XP and higher versions, but you can install it on
older operating systems as well. Win
8 min
Metasploit
Recon, Wireless, and Password Cracking
The Metasploit Framework continues to grow and expand with the support of the
community. There have been many new features added to the Metasploit Framework
over the past month. I am very excited to be able to share some of these new
developments with you.
Mubix's Recon Modules
Mubix's post-exploitation modules form his Derbycon talk are now in the
repository. The resolve_hostname module, originally called 'Dig', will take a
given hostname and resolve the IP address for that host from the windo