3 min
Vulnerability Disclosure
How Poisonous is VENOM (CVE-2015-3456) to your Virtual Environments?
Today CrowdStrike disclosed VENOM [http://venom.crowdstrike.com/] (Virtualized
Environment Neglected Operations Manipulation) or CVE-2015-3456
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456], a vulnerability
that could allow an attacker with access to one virtual machine to compromise
the host system and access the data of other virtual machines. It's been a few
months since we've seen a branded and logo'd vulnerability disclosure, and the
main question everyone wants to know is wh
3 min
Weekly Metasploit Wrapup: Stageless Meterpreter and the Revenge of Stuxnet
Stageless Meterpreter
Remember the Metasploit Pop Quiz [/2015/02/26/weekly-metasploit-wrapup] we ran
about a month back? Well, we got tons of support from you, the Metasploit users,
and have been picking out what you want to see and have started turning those
wishes into reality. I know HD [https://twitter.com/hdmoore], Brent
[https://twitter.com/busterbcook], and OJ [https://twitter.com/TheColonial] are
working up a much more exhaustive blog post for next week to lay out what's
going where and
2 min
Android
R7-2015-02: Google Play Store X-Frame-Options (XFO) Gaps Enable Android Remote Code Execution (RCE)
Vulnerability Summary
Due to a lack of complete coverage for X-Frame-Options
[https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options] (XFO)
support on Google's Play Store [https://play.google.com/] web application
domain, a malicious user can leverage either a Cross-Site Scripting (XSS)
vulnerability in a particular area of the Google Play Store web application, or
a Universal XSS (UXSS) targeting affected browsers, to remotely install and
launch the main intent of an arbitrary Play S
6 min
Google No Longer Provides Patches for WebView Jelly Bean and Prior
Over the past year, independent researcher Rafay Baloch
[https://twitter.com/rafaybaloch] (of "Rafay's Hacking Articles") and Rapid7's
Joe Vennix [https://twitter.com/joevennix] have been knocking out Android
WebView exploits somewhat routinely, based both on published research and
original findings. Today, Metasploit ships with 11 such exploits, thanks to
Rafay, Joe, and the rest of the open source security community. Generally
speaking, these exploits affect "only" Android 4.3 and prior -- ei
3 min
Metasploit Weekly Wrapup: Get the 411
Metasploit Version 4.11 Released
This week, we released Metasploit version 4.11 to the world -- feel free to
download it here [http://www.rapid7.com/products/metasploit/download.jsp] if
you're the sort that prefers the binary install over the somewhat Byzantine
procedure for setting up a development environment [http://r-7.co/MSF-DEV].
Which you should be, because the binary installers (for Windows and Linux) have
all the dependencies baked in and you don't have to monkey around with much to
ge
3 min
Thank You! Five Years of Metasploit at Rapid7
On October 20, 2009 -- five years ago today -- Rapid7 acquired Metasploit. At
the time, there was skepticism about the deal, and what it would mean for
Metasploit and the open source community. The skepticism was, of course, fair.
If Rapid7 was going to fund (and therefore, control) the development of the
Metasploit Framework, why would anyone contribute to it any more? Why give away
work product for free when Rapid7 is just going to turn around and sell it?
Today, Metasploit is still actively
4 min
Events
More SNMP Information Leaks: CVE-2014-4862 and CVE-2014-4863
Today, Rapid7 would like to disclose a pair of newly discovered vulnerabilities
around consumer and SOHO-grade cable modems, the Arris DOCSIS 3.0 (aka,
Touchstone cable modems) and Netmaster Wireless Cable Modems. Both exposures
were discovered by Rapid7's Deral Percent_X [https://twitter.com/Percent_X]
Heiland and independent researcher Matthew Kienow. The duo plan to discuss these
and other common vulnerabilities and configuration issues at DerbyCon near the
end of September. In the meantime,
1 min
Metasploit
msfconsole failing to start? Try 'msfconsole -n'
As part of the last release, the Metasploit Engineering team here at Rapid7 has
been on a path of refactoring in the Metasploit open source code in order to
make it more performant and to get toward a larger goal of eventually breaking
up the framework into a multitude of libraries that can be used and tested in a
standalone way.
This effort will make it easier to deliver features and respond to issues more
quickly, as well as ensure that regressions and bugs can get diagnosed, triaged,
and fix
2 min
Events
Metasploit Race to Root and Loginpalooza
Race to Root
Unless you've gotten to this blog by freak accident, you are certain to be aware
that next week is Black Hat USA 2014, and of course, we'll be there. You can
find us at Booth #541, where we'll be running the Metasploit Race to Root, using
the latest pre-release build of Metasploit Pro.
Now, this is not just a contest to see who can get their badge scanned the
fastest. Oh no. This is a real, hands-on micro-sized capture the flag
competition, run by our capable and talented in-house
3 min
Events
Weekly Metasploit Update: Countdown to DEFCON
Don't Be (too) Naked in Vegas
Wow, it's exactly two more weeks today until DEFCON. While Rapid7 has had a
vendor presence at Black Hat for many years (at booth #541), this year is, I
believe, the first time that we'll have a vendor table at DEFCON. I'm super
stoked about both gigs, since the Black Hat booth will give us an opportunity to
unload give away a fresh new batch of Metasploit T-Shirt Design contest
[http://99designs.com/t-shirt-design/contests/metasploit-design-contest-375195/brief]
3 min
Metasploit
Weekly Metasploit Update: Embedded Device Attacks and Automated Syntax Analysis
D-Link Embedded Device Shells
This week, esteemed Metasploit [https://www.metasploit.com/download/]
contributor @m-1-k-3 [https://github.com/m-1-k-3] has been at it again with his
valiant personal crusade against insecure SOHO (small office/home office)
embedded devices with known vulnerabilities. We have a new trio of modules that
target D-Link gear, based on the research released by Craig Heffner and Zachary
Cutlip, which exploit two bugs present in the DSP-W215 Smart Plug, and one UPnP
comma
2 min
Weekly Metasploit Update: Another Meterpreter Evasion Option
Hopping Meterpreter Through PHP
This week, Metasploit landed and shipped the new Reverse HTTP hop stager
[https://github.com/rapid7/metasploit-framework/pull/2809] for Meterpreter
payloads, which opens up yet another avenue for pivoting about the Internet to
connect to your various and sundry Meterpreter shells. This is kind of a huge
deal.
For starters, this obviously helps with crossing artificial borders between
networks. You may have an engagement target that has a vulnerable web server in
3 min
Metasploit Weekly Update: Blinding Defenders by Poking at Wireshark
The Wireshark DoS Module
This week, we have an interesting new module from Metasploit community
contributor JoseMi [https://github.com/jholgui], which exercises a (seeming)
denial-of-service (DoS) condition in a Wireshark dissector responsible for
decoding CAPWAP packets. No, I've never heard of CAPWAP either, but Wikipedia's
article [https://en.wikipedia.org/wiki/Capwap], now I'm an expert! At any rate,
it's not a protocol that you would expect to find really anywhere, given that
no
real wir
1 min
Metasploit
2014 Metasploit T-Shirt Design Contest
Hey Hacker-Designers!
Remember about this time last year, we kicked off the Metasploit T-Shirt design
contest
[/2013/05/03/metasploits-10th-anniversary-laptop-decal-design-competition]to
commemorate our shipping of 1,000 exploits and Metasploit's 10th Anniversary?
Turns out, we had so many good designs
[/2013/07/16/metasploit-design-contest-winners] and so much fun with that that
we're doing it again this year. So let's see, what reason can we contrive this
year...
We have 1,294 exploits now
3 min
Exploits
Metasploit's Brand New Heartbleed Scanner Module (CVE-2014-0160)
Is the Internet down? Metasploit publishes module for Heartbleed
If you read this blog at all regularly, you're quite likely the sort of Internet
citizen who has heard about the Heartbleed attack and grasp how serious this bug
is. It's suffice to say that it's a Big Deal -- one of those once-a-year bugs
that kicks everyone in security into action. OpenSSL underpins much of the
security of the Internet, so widespread bugs in these critical libraries affects
everyone.
The subsequently published