Posts tagged Product Updates

4 min Product Updates

Weekly Update: Adventures in Unstable, DoS'ing UPnP for Good, and Secret AWK Shells

Stable is for Suckers! Today on the Freenode IRC [] channel #metasploit, a user was asking about our old SVN repository for "unstable" Metasploit modules. He was lamenting its loss, since we recently shut down our SVN services (described in this blog post [/2013/05/22/weekly-update]on May 22, 2013). Fear not, danger-seekers! "Unstable" does live on in the form of a GitHub branch. You can check it out at, and

3 min Product Updates

Weekly Update: Apache Struts Exploit, Android Meterpreter, and New Payloads

Apache Struts Exploit This week's update includes an exploit for a pretty recent vulnerability in Apache Struts, thanks to community contributor Richard @Console [] Hicks. The struts_include_param module exercises the vulnerability described at OSVDB 93645 [], disclosed on May 23, 2013, a bare two weeks ago, and originally discovered by Eric Kobrin and Douglad Rodrigues. The reason why I bring this up is not just because it's a solid exploit f

3 min Product Updates

Weekly Update: The Nginx Exploit and Continuous Testing

Nginx Exploit for CVE-2013-2028 The most exciting element of this week's update is the new exploit for Nginx which exercises the vulnerability described by CVE-2013-2028 []. The Metasploit module was written by Metasploit community contributors hal and saelo, and exploits Greg McManus's bug across a bunch of versions on a few pre-compiled Linux targets. We don't often come across remote, server-side stack buffer overflows in popul

3 min Metasploit

Weekly Update: 4.6.1, ColdFusion Exploit, and SVN Lockdown

Metasploit 4.6.1 Released This week's update bumps the patch version of Metasploit to 4.6.1 (for installed versions of Metasploit). The major change here is the ability to install Metasploit on Windows 8 and Windows Server 2012. That meant we had to fiddle with the installer and a few of Metasploit Pro's dependencies to get that all working correctly, and that led to skipping last week's release so we could be sure all the moving parts lined up correctly. This release also fixes a few minor iss

3 min Product Updates

Weekly Update: Pull Request Wrangling

Pull Requests: Want to help? Metasploit has a first world problem: We get so much code from contributors out in the world, it gets hard to keep up. Most open source projects aren't popular enough to warrant more than three or four contributors, total. Metasploit has over two hundred, last I checked. We're no Rails (those guys have over 2,000 contributors), but for security software, that's not too bad. The problem is, our backlog of outstanding pull requests [

2 min Product Updates

Weekly Update: Sport Fishing for Exploits and Improved Java Hackery

Java Payload Cleanup If you've been watching the Metasploit source repository [], you will have noticed some movement in Java Payload land -- specifically, PR#1217 [], which landed this week. Thanks to the refactoring efforts of Michael @mihi42 [] Schriel, testing by @Meatballs [], and integration from James @egyp7 [

12 min Metasploit

Metasploit 4.6.0 Released!

We just released Metasploit 4.6.0, so applying this week's update will get you the brand new version. While Chris has a delightful blog post [/2013/04/10/metasploit-adds-owasp-top-10-2013-and-penetration-test-wizards] of what all is new in Metasploit Pro, let's take a look at what's exciting and new between Metasploit 4.5.0 and today's update to 4.6.0. 138 new modules First off, the hacker elves have been cranking out a ton of module content since we released 4.5.0 back in December, 2012. Betw

3 min Product Updates

Weekly Update: Minecraft RAT Attacks, PHP Shell Games, and MongoDB

Minecraft-Vectored Malware Metasploit exploit developer Juan @_juan_vazquez_ [], while trawling the Internet for the next hot exploit, came across this pastie [] describing a Java exploit which takes advantage of a vulnerability in Java's Color Management classes. Turns out, this is also one of the vulns being exploited in McRat, a Trojan targeting Windows-based Minecraft players (that's what the "Mc" stands for). McRat is compe

2 min Product Updates

Weekly Update: Hollywood Hacking and More Java Exploits

Hollywood Hacking: Tapping Webcams and Mics This week's update has two new post modules for Metasploit, which enables the creative pen-tester to hit that creeper vibe so often missing on a typical engagement, both by Metasploit exploit dev Wei @_sinn3r [] Chen. They're both post-exploitation modules, so they presume you already have a session on the target via some other exploit. First up is a webcam control module, which can take a snapshot using the target's webcam.

5 min Product Updates

Update to the Metasploit Updates and msfupdate

The Short Story In order to use the binary installer's msfupdate, you need to first register your Metasploit installation. In nearly all cases, this means visiting https://localhost:3790 [https://localhost:3790/] and filling out the form. No money, no dense acceptable use policy, just register and go. Want more detail and alternatives? Read on. Background A little over a year ago, Metasploit primary development switched to Git [/2011/11/10/git-while-the-gitting-is-good] as a source control p

4 min Product Updates

Weekly Metasploit Update: Two Dozen New Modules

The Vegas and vacation season is behind us, so it's time to release our first post-4.4.0 update. Here we go! Exploit Tsunami A few factors conspired to make this update more module-heavy than usual. We released Metasploit 4.4 [/2012/07/17/risk-validation-and-verification-in-vulnerability-management-with-metasploit] in mid-July. Historically, a dot version release of Metasploit means that we spend a little post-release time closing out bugs, performing some internal housekeeping that we'd been

3 min Release Notes

Security Configuration assessment capabilities that meet your needs with Nexpose 5.4

A new great looking feature in our configuration assessment component has been added in Nexpose 5.4: the ability to customize policies to meet your unique contextual needs, i.e. are specific to your environment. You are now going to be able to copy a built-in policy, edit its configuration including the policy checks values to test your assets for compliance. This flexibility allows for custom, accurate and relevant configuration assessment. Configuration assessment is important to assess the r

3 min Metasploit

Weekly Metasploit Update: Zero Days, Deprecated Commands, and More!

This week's release sees a quiet vulnerability fix, an exploit against an unpatched vulnerability in Microsoft's XML Core Services, and some helpful new/old commands, as well as the usual pile of exploity goodness you've come to expect from the Metasploit kitchen. Vulnerabilities? In My Metasploit? It's more likely than you think. Like all reasonably complex software packages, Metasploit occasionally ships with security vulnerabilities. Lucky for us, our user base tends to be pretty sophisticat

3 min Metasploit

Weekly Metasploit Update: Encrypted Java Meterpreter, MS98-004, and New Modules!

When it rains, it pours. We released Metasploitable Version 2 [/2012/06/13/introducing-metasploitable-2] , published a technique for scanning vulnerable F5 gear [/2012/06/11/scanning-for-vulnerable-f5-bigips-with-metasploit] , and put out a module to exploit MySQL's tragically comic authentication bypass problem [/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql], all in addition to cooking up this week's update. So, kind of a busy week around here. You're welcome. (: Encryp

5 min Metasploit

Weekly Metasploit Update: Citrix Opcodes, Hash Collisions, and More!

This week's update has a nice new asymmetric DoS condition module, a bunch of churn in Metasploit's Rails components, and some new Citrix attacks, so let's get right into it. Fuzzing for Citrix Opcodes This week's update includes three new exploits for Citrix Provisioning Services, the solution by Citrix "to stream a single desktop image to create multiple virtual desktops on one or more servers in a data center" (vendor quote [