Posts tagged Exploits

4 min Exploits

My First Week at Metasploit

Hi all. I would like to take a minute to share some of my feelings about my first week here as a full-time Metasploit exploit developer, and share some exploit modules. First of all, I would like to thank everyone on the the Metasploit team for being so nice to me from the first week, and for helping me with anything I need. They are definitely going easy on me during my first days! Their support allowed me to build two exploits for the team during my first week here: * batic_svg_java exploit
4 min Metasploit

Top 10 Most Searched Metasploit Exploit and Auxiliary Modules

At Rapid7, we often get asked what the top 10 Metasploit modules are. This is a hard question to answer: What does "top" mean anyway? Is it a personal opinion, or what is being used in the industry? Because many Metasploit users work in highly sensitive environments, and because we respect our users' privacy, the product doesn't report any usage reports back to us. We may have found a way to answer your questions: We looked at our metasploit.com web server stats, specifically the Metasploit A
3 min Metasploit

Hacking CCTV Security Video Surveillance Systems with Metasploit

From our guest blogger and Metasploit community contributor Justin Cacak at Gotham Digital Science. A new module for the Metasploit Framework, cctv_dvr_login [http://metasploit.com/modules/auxiliary/scanner/misc/cctv_dvr_login], discovers and tests the security of standalone CCTV (Closed Circuit Television) video surveillance systems. Such systems are frequently deployed in retail stores, living communities, personal residences, and business environments as part of their physical security pro
3 min Metasploit

The Art of Keylogging with Metasploit & Javascript

Rarely does a week go by without a friend or family member getting their login credentials compromised, then reused for malicious purposes. My wife is always on the lookout on Facebook, warning relatives and friends to change their passwords. Many people don't understand how their credentials get compromised. Password reuse on several websites is usually the culprit. Password reuse is a problem even if the website encrypts the passwords in their databases. An attacker only needs to insert some
4 min Nexpose

"Pass the hash" with Nexpose and Metasploit

I am proud to announce that Nexpose 5.1.0 now supports "pass the hash" [http://en.wikipedia.org/wiki/Pass_the_hash], a technique to remotely authenticate against a Windows machine (or any SMB/CIFS server) with the mere possession of LM/NTLM password hashes, without needing to crack or brute force them. Nexpose is able to use the hashes to perform credentialed scans to produce very detailed scan results of all sorts of local and remote vulnerabilities that may otherwise not be detectable. And pe
2 min Exploits

Metasploit Updated: Telnet Exploits, MSF Lab, and More

It's Wednesday, and while many of you are enjoying the week off between Christmas and New Years, we've been cranking out another Metasploit Update. Telnet Encrypt Option Scanner and Exploits I won't rehash this subject too much since HD already covered these modules in depth here [https://community.rapid7.com/community/solutions/metasploit/blog/2011/12/27/bsd-telnet-daemon-encrypt-key-id-overflow] and here [https://community.rapid7.com/community/solutions/metasploit/blog/2011/12/28/more-fun-wi
3 min Metasploit

Fun with BSD-derived Telnet Daemons

On December 23rd, the FreeBSD security team published an advisory [http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc] stating that a previously unknown vulnerability in the Telnet daemon was being exploited in the wild and that a patch had been issued. This vulnerability was interesting for three major reasons: 1. The code in question may be over 20 years old and affects most BSD-derived telnetd services 2. The overflow occurs in a structure with a function pointer store
3 min Release Notes

Exploit for critical Java vulnerability added to Metasploit

@_sinn3r [http://twitter.com/_sinn3r] and Juan Vasquez [https://twitter.com/#!/_juan_vazquez_] recently released a module which exploits the Java vulnerability detailed here [http://schierlm.users.sourceforge.net/CVE-2011-3544.html] by mihi and by Brian Krebs here [http://krebsonsecurity.com/2011/11/new-java-attack-rolled-into-exploit-kits]. This is a big one.  To quote Krebs: "A new exploit that takes advantage of a recently-patched critical security flaw in Java is making the rounds in the cri
2 min Microsoft

Microsoft Patch Tuesday - November 2011

November's Microsoft Patch Tuesday contains four bulletins: one “critical”, two “importants”, and one “moderate”. The majority of these bulletins relate to Microsoft's later versions of the OS, implying that the flaws they address were possibly introduced with Windows Vista. Generally more vulnerabilities are found in earlier versions of the OS, so this month is unusual. The critical bulletin – MS11-083 – is a TCP/IP based, specifically UDP, vulnerability which affects Vista, Windows 7, Server

2 min Exploits

Metasploit Bounty: Code, Sweat, and Tears

After more than 30 days of hardcore and intense exploit hunting, the Metasploit Bounty program has finally come to an end. First off, we'd like to say that even though the Metasploit Framework has made exploit development much easier, the process is not always an easy task. We're absolutely amazed how hard our participants tried to make magic happen. Often, the challenge begins with finding the vulnerable software. If you're lucky, you can find what you need from 3rd-party websites that mirror

11 min Metasploit

MS11-030: Exploitable or Not?

If you weren't already aware, Rapid7 is offering a bounty [/2011/06/14/metasploit-exploit-bounty-30-exploits-500000-in-5-weeks] for exploits that target a bunch of hand-selected, patched vulnerabilities. There are two lists to choose from, the Top 5 and the Top 25 [https://community.rapid7.com/docs/DOC-1467] . An exploit for an issue in the Top 5 list will receive a $500 bounty and one from the Top 25  list will fetch a $100 bounty. In addition to a monetary reward, a successful participant also
4 min Exploits

Recent Developments in Java Signed Applets

The best exploits are often not exploits at all -- they are code execution by design. One of my favorite examples of this is a signed java applet. If an applet is signed, the jvm allows it to run outside the normal security sandbox, giving it full access to do anything the user can do. Metasploit has supported using signed applets as a browser exploit for quite awhile, but over the last week there have been a couple of improvements that might help you get more shells. The first of these improve
4 min Metasploit

Introducing msfvenom

The Metasploit Framework has included the useful tools msfpayload and msfencode for quite sometime. These tools are extremely useful for generating payloads in various formats and encoding these payloads using various encoder modules. Now I would like to introduce a new tool which I have been working on for the past week, msfvenom. This tool combines all the functionality of msfpayload and msfencode in a single tool. Merging these two tools into a single tool just made sense. It standardizes

2 min Metasploit

Metasploit-ation for the Nation

In a couple of weeks, our very own @Mubix (AKA Rob Fuller to those who don't live their life with an @ sign permanently attached to their name!) will be offering Metasploit-ation for the Nation.  Unlike that phrase – which I just made up – Mubix will actually be talking sense as he walks penetration testers through the delightful world of Metasploit Pro in a 4-hour in-depth training session. Mubix took some time to answer a few questions below to give you a flavor of the training.  If you have

2 min Vulnerability Disclosure

March Patch Tuesday Roundup

Since Microsoft is on this new staggered pattern of releases, we can expect a feast or famine every other month...so get used to it. Depending on what side of the desk you sit on you can adjust the context. With that being said, this month's release brought us 3 patches addressing  4 vulnerabilities. I think we were all expecting to see the MHTML [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0096] protocol handler issue resolved, however it didn't make the cut. Make sure IE is in r

Popular Topics

Tags