Posts by HD Moore

3 min Metasploit

Fun with BSD-derived Telnet Daemons

On December 23rd, the FreeBSD security team published an advisory [http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc] stating that a previously unknown vulnerability in the Telnet daemon was being exploited in the wild and that a patch had been issued. This vulnerability was interesting for three major reasons: 1. The code in question may be over 20 years old and affects most BSD-derived telnetd services 2. The overflow occurs in a structure with a function pointer store

4 min Metasploit

Six Ways to Automate Metasploit

Onward Over the last few weeks the Metasploit team at Rapid7 has engaged in an overhaul of our development process. Our primary goals were to accelerate community collaboration and better define the scopes of our open source projects. The first step was to migrate all open source development to GitHub [/2011/11/10/git-while-the-gitting-is-good]. This has resulted in a flood of contributors [https://github.com/rapid7/metasploit-framework/contributors] and lots of great new features [/2011/12/05/

3 min Metasploit

Git while the gitting is good

The Metasploit Framework has grown in leaps and bounds: what used to be a small team of free-time developers is now an actual product team working for a real company. The community that contributes to the open source framework has continued to expand; instead of a few of active contributors, we now have over a dozen, not counting all of the drive-by-coders that submit patches and modules through the Redmine [https://dev.metasploit.com/redmine/projects/framework] tracking system. As the code bas

3 min Nexpose

Introducing Metasploit Community Edition!

The two-year anniversary of the Metasploit acquisition is coming up this week. Over the last two years we added a ridiculous amount of new code to the open source project, shipped dozens of new releases, and launched two commercial products. We could not have done this without the full support of the security community. In return, we wanted to share some of our commercial work with the security community at large. As of version 4.1 [http://www.metasploit.com/], we now include the Metasploit

1 min Metasploit

Metasploit, Scanners, and DNS

One of the awesome things about the Metasploit Framework (and Ruby in general) is that there is a strong focus on avoiding code duplication. This underlying philosophy is why we can manage a million-plus line code base with a relatively small team. In this post, I want to share a recent change which affects how hostnames with multiple A records are processed by modules using the Scanner mixin. Quite of a few of the web's "major" properties, such as google.com, return multiple IP addresses when

2 min

Morto: Another reason to secure local user accounts

A worm abusing the Remote Desktop service is making the rounds, currently named Morto [http://www.f-secure.com/weblog/archives/00002227.html]. This worm gains access by trying a small number of weak passwords for the local Administrator account. After compromising the server, the worm propogates using mapped shares and provides remote access to the worm's creator. Most public reports involve Morto gaining access to internet-facing servers, however it is likely that once Morto is behind a firewa

1 min Metasploit

Metasploit Exploit Bounty - Status Update

A few weeks ago the Metasploit team announced a bounty program [/2011/06/14/metasploit-exploit-bounty-30-exploits-500000-in-5-weeks] for a list of 30 vulnerabilities that were still missing Metasploit exploit modules. The results so far have been extremely positive and I wanted to take a minute to share some of the statistics. As of last night, there have been 27 participants in the bounty program resulting in 10 submissions, with 5 of those already comitted to the open source repository and t

5 min Metasploit

Meterpreter HTTP/HTTPS Communication

The Meterpreter payload within the Metasploit Framework (and used by Metasploit Pro) is an amazing toolkit for penetration testing and security assessments. Combined with the Ruby API on the Framework side and you have the simplicity of a scripting language with the power of a remote native process. These are the things that make scripts and Post modules great and what we showcase in the advanced post-exploit automation available today. Metasploit as a platform has always had a concept of an est

1 min Metasploit

Metasploit Framework Console Output Spooling

Sometimes little things can make a huge difference in usability -- the Metasploit Framework Console is a great interface for getting things done quickly, but so far, has been missing the capability to save command and module output to a file. We have a lot of small hacks that makes this possible for certain commands, such as the "-o" parameter to db_hosts and friends, but this didn't solve the issue of module output or general console logs. As of revision r13028 [http://dev.metasploit.com/redm

1 min Metasploit

Bounty: 30 Exploits, $5,000.00, in 5 weeks

The Metasploit team is excited to announce a new incentive for community exploit contributions: Cash! Running until July 20th, our Exploit Bounty program will pay out $5,000 in cash awards (in the form of American Express gift cards) to any community member that submits an accepted exploit module for an item from our Top 5 or Top 25 exploit lists [https://community.rapid7.com/docs/DOC-1467]. This is our way of saying thanks to the open source exploit development community and encouraging folks w

2 min

Announcing the Unstable Module Tree

Exploit reliability has been a primary goal of the Metasploit Framework since the beginning. We require all modules to be consistent, reliable, and in cases where targeting is tricky, for this to be reflected in the Exploit Rank and in the default target settings. This policy has resulted in us turning down community submissions and withholding exploits that just didn't quite make the cut for mass distribution. Over the years our core developers and contributors have amassed dozens of modules th