Posts by jcran

1 min Metasploit

Metasploit and PTES

One of our Metasploit contributers, Brandon Perry [http://twitter.com/#%21/brandonprry], has put together a document detailing the recently released Penetration Testing Execution Standard [http://www.pentest-standard.org/index.php/Main_Page](PTES) with the modules and functionality in the Framework. PTES is a push from a group of testers fed up with the lack of guidance and the disparate sources of basic penetration testing information. Brandon's document does a great job detailing disparate par

3 min Release Notes

Exploit for critical Java vulnerability added to Metasploit

@_sinn3r [http://twitter.com/_sinn3r] and Juan Vasquez [https://twitter.com/#!/_juan_vazquez_] recently released a module which exploits the Java vulnerability detailed here [http://schierlm.users.sourceforge.net/CVE-2011-3544.html] by mihi and by Brian Krebs here [http://krebsonsecurity.com/2011/11/new-java-attack-rolled-into-exploit-kits]. This is a big one.  To quote Krebs: "A new exploit that takes advantage of a recently-patched critical security flaw in Java is making the rounds in the cri

2 min Metasploit

Password Cracking in Metasploit with John the Ripper

HDM recently added password cracking functionality to Metasploit through the inclusion of John-the-Ripper in the Framework [http://dev.metasploit.com/redmine/projects/framework/repository/revisions/13135] . The 'auxiliary/analyze/jtr_crack_fast [http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/analyze/jtr_crack_fast.rb] ' module was created to facilitate JtR's usage in Framework and directly into Express/Pro's automated collection routine. The module works