7 min
Metasploit
Metasploit Shellcode Grows Up: Encrypted and Authenticated C Shells
Introducing encrypted, compiled payloads in Metasploit Framework 5
8 min
Metasploit
Meterpreter Survey 2015: You spoke, we listened, then wrote a bunch of code.
The Survey
One month ago we asked the community for feedback about how they use Metasploit
and what they want to see in the Meterpreter payload suite going forward. Over
the course of a week we received over 400 responses and over 200 write-in
suggestions for new features. We have spent the last month parsing through your
responses, identifying dependencies, and actively delivering new features based
on your requests. These requests covered 20 different categories:
General Feedback Metasploit F
2 min
Payload
12 Days of HaXmas: Opening Up My Top Secret Metasploit Time Capsule
This post is the second in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014._
For today's HaXmas amusement, I have something fun to share with you all. So the
other day I was watching this movie called The Knowing
[https://www.youtube.com/watch?v=ikJ3t_tZf-E], an action-thriller starring
Nicolas Cage. The story of this movie begins with a school teacher telling the
students that as part of the s
3 min
Payload
Shellcode Golf: Every Byte is Sacred
Shellcode is an exercise in trade-offs.
To be really flexible and fit in the most exploits, shellcode must be small. On
the other side of the scale, there are certain features that you need or want,
each adding to the size. For instance, doing DNS resolution in the first stage
payload is useful, but (in Windows) requires adding 80 bytes to the stager. So
we have to balance size, which is very important for compatibility with some
exploits that have limited buffers to work with, with features a
2 min
Exploits
New Metasploit Payloads for Firefox Javascript Exploits
Those of you with a keen eye on metasploit-framework/master
[https://github.com/rapid7/metasploit-framework] will notice the addition of
three new payloads:
* firefox/shell_reverse_tcp
* firefox/shell_bind_tcp
* firefox/exec
These are Javascript payloads meant for executing in a privileged Javascript
context inside of Firefox. By calling certain native functions not meant to be
exposed to ordinary web content, a classic TCP command shell can be opened. To a
pentester, these payloads are use
5 min
Exploits
Stage Encoding -or- How I Learned to Stop Worrying and Love the String#<<Operator
As I mentioned in my post about compiling on the fly
[/2013/01/08/compiling-payloads-on-the-fly-for-postgresql], encoders' primary
purpose in life is to avoid bad characters in a payload. To recap, the main
reason a character is considered "bad" is that some aspect of the exploit makes
use of that character impossible. One reason this might be the case is when a
character gets stripped out or mangled along its journey through protocol
decoding. For example, in the telnet protocol, \xff is the I
2 min
Vulnerability Disclosure
March Patch Tuesday Roundup
Since Microsoft is on this new staggered pattern of releases, we can expect a
feast or famine every other month...so get used to it. Depending on what side of
the desk you sit on you can adjust the context. With that being said, this
month's release brought us 3 patches addressing 4 vulnerabilities. I think we
were all expecting to see the MHTML
[http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0096] protocol
handler issue resolved, however it didn't make the cut. Make sure IE is in
r
1 min
Metasploit
Help your new sweethearts call home to Metasploit
Setting listener host and ports for payloads in
Metasploit Pro
Life is full of disappointments: You spend a lot of time flirting with a cute
new machine, convince it to accept your payload, and never get a call back –
just because the big bad NAT is not letting your new sweetheart phone home.
That's why many of you broken hearted pentesters have asked us to make the
listener port and IP address for payloads configurable to ports that are usually
accessible, such as ports 80 and 443. This week'