Posts tagged Linux

4 min Linux

Patching CVE-2017-7494 in Samba: It's the Circle of Life

With the scent of scorched internet still lingering in the air from the WannaCry Ransomworm [] , today we see a new scary-and-potentially-incendiary bug hitting the twitter news. The vulnerability - CVE-2017-7494 [] - affects versions 3.5 (released March 1, 2010) and onwards of Samba, the defacto standard for providing Wind

3 min Endpoints

Live Vulnerability Monitoring with Agents for Linux...and more

A few months ago, I shared news of the release of the macOS Insight Agent [/2016/12/29/macos-agent-in-nexpose-now]. Today, I'm pleased to announce the availability of the the Linux Agent within Rapid7's vulnerability management solutions []. The arrival of the Linux Agent completes the trilogy that Windows and macOS began in late 2016. For Rapid7 customers, all that really matters is you've got new capabilities to add to your kit. Introducin

2 min Metasploit

Now Officially Supporting Kali Linux 2.0

In August, we were getting a lot of questions about Kali 2. I have answered some questions in Metasploit on Kali Linux 2.0 [/2015/08/12/metasploit-on-kali-linux-20] blog post in the past. Today, I am pleased to announce that we extend our official platform support to three new operating systems which are now listed in Metasploit System Requirements [] page: * Kali Linux 2.0 * Red Hat Enterprise Server 7.1 or later * Microsoft W

2 min Windows

Metasploit Framework Open Source Installers

Rapid7 has long supplied universal Metasploit installers for Linux and Windows. These installers contain both the open source Metasploit Framework as well as commercial extensions, which include a graphical user interface, metamodules, wizards, social engineering tools and integration with other Rapid7 tools. While these features are very useful, we recognized that they are not for everyone. According to our recent survey of Metasploit Community users, most only used it for the open source comp

2 min Metasploit

Metasploit on Kali Linux 2.0

As you are aware, Kali 2.0 [] has been released this week and getting quite a bit of attention, as it should. Folks behind Kali have worked really hard to bring you the new version of Kali Linux that everyone is excited about. If you have already started to play with the new version, you probably have realized that something is different, that is; Metasploit Community / Pro is no longer installed by default. Where is Metasploit Community / Pr

3 min Linux

Weekly Metasploit Wrapup: Tons of Blogs, Kali Dev, and Nothing Suspicious Here

Blogsplosion! If you've been following along, you'll have noticed that we published just about a post a day here this week, which makes my job of bringing the weekly update to you, dear reader, that much easier. So, I'll keep this week's update pretty short. Here's a link farm covering what was discussed from Joe [], OJ [], sinn3r [], and HD []. They're all really fun and informative

4 min Nexpose

GHOSTbuster: How to scan just for CVE-2015-0235 and keep your historical site data

A recently discovered severe vulnerability, nicknamed GHOST, can result in remote code execution exploits on vulnerable systems. Affected systems should be patched and rebooted immediately. Learn more about [/2015/01/27/ghost-in-the-machine-is-cve-2015-0235-another-heartbleed] CVE-2015-0235 and its risks [/2015/01/27/ghost-in-the-machine-is-cve-2015-0235-another-heartbleed]. The Nexpose 5.12.0 content update provides coverage for the GHOST vulnerability. Once the Nexpose 5.12.0 content update

3 min Linux

GHOST in the Machine - Is CVE-2015-0235 another Heartbleed?

CVE-2015-0235 is a remote code execution vulnerability affecting Linux systems using older versions of the GNU C Library (glibc versions less than 2.18). The bug was discovered by researchers at Qualys and named GHOST in reference to the _gethostbyname function (and possibly because it makes for some nice puns). To be clear, this is NOT the end of the Internet as we know, nor is it further evidence (after Stormaggedon) that the end of the world is nigh. It's also not another Heartbleed. But it

6 min Linux

12 Days of HaXmas: Meterpreter migration for Linux!

This post is the eleventh in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014. Hello everyone and Happy HaXmas (again) and New Year! On this HaXmas I would like to share with all you a new feature which I'm personally very happy with. It's nothing super new and has limitations, but it's the first meterpreter feature where I've been collaborating I feel really happy of sharing it with all you: su

6 min Linux

Bash-ing Into Your Network & Investigating CVE-2014-6271

[UPDATE September 29, 2014: Since our last update on this blog post, four new CVEs that track ShellShock/bash bug-related issues have been announced. A new patch [] was released on Saturday September 27 that addressed the more critical CVEs (CVE-2014-6277 and CVE-2014-6278). In sum: If you applied the ShellShock-related patches before Saturday September 27, you likely need to apply this new patch [http://lcamtuf.blogspo

2 min Metasploit

msfconsole failing to start? Try 'msfconsole -n'

As part of the last release, the Metasploit Engineering team here at Rapid7 has been on a path of refactoring in the Metasploit open source code in order to make it more performant and to get toward a larger goal of eventually breaking up the framework into a multitude of libraries that can be used and tested in a standalone way. This effort will make it easier to deliver features and respond to issues more quickly, as well as ensure that regressions and bugs can get diagnosed, triaged, and fix

4 min Metasploit

Rapid7 Free Tools - Download Today!

Hello all, It's your friendly neighborhood Community Manager again, this time reaching out to talk about something that should be of interest to all of you; Rapid7's suite of Free Security Tools []. If you're a one man shop, trying to make sure you're as buttoned up as possible, or a giant organization just looking to do some validation and double checking, I'm sure one or more of these tools would be an excellent addition to your existing security

3 min Product Updates

Weekly Update: Metasploit Pro on Chromebook, Galaxy Tab, and a Batch of New ZDI Exploits

Vegas Time! Like the rest of the information security industry, we're buttoning down for the annual pilgramage to Vegas next week. This means collecting up all our new community-sourced swag [/2013/07/16/metasploit-design-contest-winners], finishing up training and presentation material, figuring out what the heck to do with our phones to avoid casual ownage, and test driving our new Chromebook builds of Metasploit Pro. They're pretty sweet. The latest update for ARM-arch Kali should run withou

2 min Nexpose

Nexpose 5.6 - CIS RHEL Certified!

Nexpose 5.6, released last week, builds on our USGCB, FDCC, and CIS Windows certifications by adding CIS certified assessment of Red Hat Enterprise Linux systems. Nexpose 5.6 includes the CIS "Level I" and "Level II" policies for RHEL 4, 5, & 6.  This means you can now use Rapid7's integrated vulnerability and configuration management [] solution to assess the configuration of your RHEL desktops and servers. The CIS RHEL policies are included by default in

5 min Release Notes

Simplify Vulnerability Management with Nexpose 5.6

We are pleased to announce the next major release of Nexpose, version 5.6.  This release focuses on providing you the most impactful remediation steps to reduce risk to your organization and extends our current configuration assessment functionality. New Look and Feel The most visible change in Nexpose 5.6 is the new look and feel of the user interface.  The action header is now smaller to maximize screen space and usability, and the new colour scheme makes it easier to focus on important areas