2 min
Black Hat Race To Root Results
We had a good number of folks compete for prizes in the Race to Root competition
at this year's Black Hat, so thanks to everyone who came by. Three competitors
came out on top. Anders Hansen took first place! He'll be receiving both a
ProxMark3 (http://proxmark3.com/) and a MAKInterface Magstripe Reader/Writer,
Haikon Krohn took second place and will pick up a ProxMark3, and our third place
finalist (JT Taylor) will also be receiving a MAKInterface.
I was surprised by the number of folks who h
5 min
Shiny Old VxWorks Vulnerabilities
Back in June, I decided to spend some time looking at the VxWorks
operating system.
Specifically, I kept finding references to VxWorks-based devices running
firmware images with the debug service (WDB Agent) enabled, but I could not find
a description of the protocol or any estimates as to how prevalent this service
was. After a couple days of digging around and a couple more days of scanning, I
became aware of just how extensive this issu
2 min
W3AF: An Open Source Success Story
Today, as Rapid7 announced the sponsorship
of a
second open source project with its support of w3af
, I reflect back on my experience with Rapid7 over
the last 9 months. When I agreed to the acquisition of the Metasploit project by
Rapid7 in October last year it was with a lot of excitement but also with a
small leap of faith. In my initial blog post
from October 2
3 min
July Patch Tuesday Roundup
The highlight of Microsoft's security bulletins is the fix for Microsoft's
online help vulnerability (MS10-042) identified by Google security researcher,
Tavis Ormandy, which could allow an attacker to take control of a computer by
luring a computer user to a malicious Web site.
Also as Microsoft's July security bulletins also address vulnerabilities in
Windows XP, Josh Abraham, Rapid7 Security Researcher recommends that “customers
should keep in-mind that Windows XP SP2 is now end-of-life. Th
1 min
Metasploit
Metasploit Framework 3.4.1 Released!
The Metasploit Project is proud to announce the release of the Metasploit
Framework version 3.4.1. As always, you can get it from our downloads page
, for Windows or Linux. This
release sees the first official non-Windows Meterpreter payload, in PHP as
discussed last month . Rest
assured that more is in store for Meterpreter on other platforms. A new
extension called Railgun
2 min
Introducing Metasploitable
One of the questions that we often hear is "What systems can i use to test
against?" Based on this, we thought it would be a good idea throw together an
exploitable VM that you can use for testing purposes.
Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number
of vulnerable packages are included, including an install of tomcat 5.5 (with
weak credentials), distcc, tikiwiki, twiki, and an older mysql.
You can use most VMware products
2 min
Metasploit Framework 3.4.0 Released!
After five months of development, version 3.4.0 of the Metasploit Framework
has been released. Since the
last major release (3.3) over 100 new exploits have been added and over 200 bugs
have been fixed.
This release includes massive improvements to the Meterpreter payload; both in
terms of stability and features, thanks in large part to Stephen Fewer of
Harmony Security. The Meterpreter payload can now capture screenshots without
migrating, inc
2 min
May Patch Tuesday Roundup
Time for the May 2010 summary of the upcoming Microsoft Security Updates….
2 Advisories, with 2 Vulnerabilities covered. Both are rated as Critical.
The first one covering Outlook Express, Microsoft Mail, and Microsoft Live Mail
on all Windows Operating Systems (sans Server Core and Server Core for Windows
Server 2008 R2) and the second covering Microsoft Visual Basic for Applications.
Both Vulnerabilities allow for Remote Code Execution.
Heres a breakdown:
MS10-030 – Mail Server Integ
3 min
Metasploit
Approaching Metasploit 3.4.0 and Metasploit Express
Since mid-December, the Metasploit team has been working non-stop towards
version 3.4.0 of the Metasploit Framework. The final release is still scheduled
for mid-May, but I wanted to share some of the upcoming features, available
today from the development tree. Version 3.4.0 includes major improvements to
the Meterpreter payload, the expansion of the framework's brute force
capabilities, and the complete overhaul of the backend database schema and event
subsystem. In addition, more than 60 exp
3 min
April Microsoft Patch Tuesday Roundup
Time for this month's summary of the latest Microsoft Security updates …
11 advisories, with 25 vulnerabilities covered. 5 Critical; 5 Important; 1
Moderate. This is the heaviest April update we've seen; we generally see 5-8
updates in April and 25 vulnerabilities breaks the 2009 April record of 21.
The SMB DoS issue is being addressed, rated Important and affecting Windows
& Exchange. 2 issues affecting Office, both of which are rated Important.
The other 8 affect Windows with 5 Crit
3 min
Persistent Meterpreter over Reverse HTTPS
Botnet agents and malware go through inordinate lengths to hide their command
and control traffic. From a penetration testing perspective, emulating these
types of communication channels is possible, but often requires a custom toolkit
to be deployed to the target. In this post I will walk through using the
standard Metasploit Meterpreter payload as a persistent encrypted remote control
tool.
First things first, grab the latest version
of Metasplo
2 min
March Microsoft Out-Of-Band Patch Tuesday Roundup
Brief summary of today's Out-Of-Band Microsoft Security update …
1 Cumulative IE update, with 10 vulnerabilities covered. While Out-Of-Band
updates are not unheard of (this is the second one so far this year), 10
vulnerabilities covered is a lot.
Here's the breakdown:
MS10-018: Rated Critical. Cumulative update for Internet Explorer, covering 10
vulnerabilities:
CVE-2010-0267 (Uninitialized Memory Corruption)
CVE-2010-0488 (Post Encoding Information Disclosure)
CVE-2010-0489 (Race C
3 min
Microsoft
Visualizing Microsoft Security Bulletin Supersedence
I've always been a very visual person. As a young child, I had an interesting
ability to be able to subconsciously scan the landscape and immediately pick out
things that were out of place. On my way to work or otherwise driving around
town, my eyes are scanning the passenger's, rear-view and driver's side mirrors
every few seconds looking for things that make driving around Los Angeles
perilous.
When it comes to complex problems related to security, or even just things that
may present obst
2 min
Automating the Metasploit Console
The Metasploit Console (msfconsole) has supported the concept of resource files
for quite some time. A resource file is essentially a batch script for
Metasploit; using these files you can automate common tasks. If you create a
resource script called ~/.msf3/msfconsole.rc, it will automatically load each
time you start the msfconsole interface. This is a great way to automatically
connect to a database and set common parameters (setg PAYLOAD, etc). Until this
morning, however, resource scripts w
3 min
March Microsoft Patch Tuesday Roundup
Time once again for this month's summary of the latest Microsoft Security
updates …
2 advisories, with 8 vulnerabilities covered. This is the lightest March update
since Microsoft skipped March altogether back in 2007.
Here's the breakdown:
MS10-016: Rated Important. Potential Remote Code Execution in Windows Movie
Maker, covering 1 vulnerability: CVE-2010-0265 (Buffer Overflow in Movie Maker
and Producer). A few things to note about this one ...
First, Microsoft chose not to patch the
