Posts by Egypt

1 min Metasploit

Progress on the Internet

The Internet has made a lot of progress in the last few years. Censorship has been virtually eliminated. Youtube comments are universally insightful. The people owning networks and dropping docs are now only occasionally on the FBI payroll. Published breaches are at an all-time low. Everyone is running IPv6. In light of all this progress, it is with a heavy heart that we must announce the demise of IPv4 support in all Metasploit products. This decision has been in the offing for several years,

1 min Metasploit

New Sectools.org List is Out

Sectools.org, from our friends at the Nmap project, has updated its list of the best security tools [http://sectools.org/]. I'm proud to say Metasploit has come in second among an entire ecosystem of awesome tools. Many of our favorite tools that make use of Metasploit are represented as well, including BeEF, Nexpose, and Social Engineer Toolkit. John the Ripper and w3af, two open source projects that Rapid7 supports through sponsorship, also made the list. This is a great resource for people

1 min Events

Derbycon was awesome

Derbycon was a blast, easily the best conference I have attended in a while. My favorite part of going to cons is meeting folks with great ideas and the average awesomeness of Derbycon attendees was astounding. I also got to meet several people I've only known through IRC, which is always fun. My presentation, "The State of the Framework Address", covered some history (both about Metasploit and my own personal journey to becoming a developer), some current features, and a few goals for the fut

3 min Release Notes

Metasploit Framework 4.0 Released!

It's been a long road to 4.0. The first 3.0 release was almost 5 years ago and the first release under the Rapid7 banner was almost 2 years ago. Since then, Metasploit has really spread its wings. When 3.0 was released, it was under a EULA-like license with specific restrictions against using it in commercial products. Over time, the reasons for that decision became less important and the need for more flexibility came to the fore; in 2008, we released Metasploit 3.2 under a 3-clause BSD licen

4 min

Metasploit 4.0: The Database as a core feature

Early in the 3.x days, metasploit had support for using databases through plugins.  As the project grew, it became clear that tighter database integration was necessary for keeping track of the large amount of information a pentester might encounter during an engagement.  To support that, we moved database functionality into the core, to be available whenever a database was connected and later added postgres to the installer so that functionality could be used out of the box.  Still, the command

3 min Javascript

Javascript Obfuscation in Metasploit

As of this writing, Metasploit has 152 browser exploits. Of those, 116 use javascript either to trigger the vulnerability or as a means to control the memory layout of the browser process [1]. Right now most of that javascript is static. That makes it easier for anti-virus and IDS folks to signature. That makes it less likely for you to get a shell. Skape recognized this problem several years ago and added Rex::Exploitation::ObfuscateJS to address it. This first-gen obfuscator was based on sub

1 min Release Notes

Metasploit Framework 3.7.2 Released!

It's that time again! The Metasploit team is proud to announce the immediate release of the latest version [http://metasploit.com/download/] of the Metasploit Framework, 3.7.2. Today's release includes eleven new exploit modules and fifteen post modules for your pwning pleasure. Adding to Metasploit's well-known hashdump capabilities, now you can easily steal password hashes from Linux, OSX, and Solaris. As an added bonus, if any of the passwords were hashed with crypt_blowfish (which is the d

5 min Exploits

Recent Developments in Java Signed Applets

The best exploits are often not exploits at all -- they are code execution by design. One of my favorite examples of this is a signed java applet. If an applet is signed, the jvm allows it to run outside the normal security sandbox, giving it full access to do anything the user can do. Metasploit has supported using signed applets as a browser exploit for quite awhile, but over the last week there have been a couple of improvements that might help you get more shells. The first of these improve

1 min Metasploit

Using Kernel.load to speed up exploit dev

When modifying Metasploit library code, you generally need to restart msfconsole to see the changes take effect. Although we've made some improvements in startup time, it's still not great, and waiting for the whole framework to load for a one-line change can be frustrating. Fortunately, Ruby has a simple way to reload a file: Kernel.load [http://www.ruby-doc.org/core/classes/Kernel.html#M001417]. Here's a simple example of how to use it: ## # $Id$ ## load "./lib/rex/proto/my_new_pr