2 min
Nexpose
Nexpose Gem 1.0 Released
As of April 8th, 2015, version 1.0 of the Nexpose gem (nexpose-client) is
available.
Big Numbers Mean Big Changes
Nexpose 5.13 brings new API 2.1 features and following on that the 1.0 version
of the Nexpose gem uses these new features. Because of this, the new version of
the gem includes some changes that are not backwards compatible with older
versions of the gem or Nexpose. A migration guide is available
[https://github.com/rapid7/nexpose-client/wiki/Conversion-Guide%3A-0.9.x-to-1.0.0]
to h
2 min
Ruby on Rails
Metasploit Framework Rails 4.0 Upgrade
It is always a running battle to keep an application's backend up to date with
various technologies. Today, we are excited to announce that Metasploit
Framework now ships with Rails 4.0. Upgrades like this are sometimes hard to get
excited about because if everything goes well, users should see no difference.
There are many reasons to upgrade to Rails 4, though.
Why Upgrade
Here are the important reasons to upgrade from our perspective:
* Security is a big part of why we have to keep our code
7 min
Ruby on Rails
Not Reinventing The Wheel: The Metasploit Rails::Application in 4.10
In Metasploit 4.10, we converted Metasploit Framework (and prosvc in Metasploit
Commercial Editions) to be a full-fledged Rails::Application. You may be
wondering why Metasploit Framework and prosvc, should be Rails applications when
they aren't serving up web pages. It all has to do with not reinventing the
wheel and very useful parts of Rails, Rails::Railtie and Rails::Engine.
Rails 3.0 infrastructure
Since Rails 3.0, Rails has been broken into multiple gems that didn't require
each other a
4 min
Ruby on Rails
12 Days of HaXmas: Exploiting (and Fixing) RJS Rails Info Leaks
This post is the fifth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements in the Metasploit Framework over the course of
2013.
Several weeks ago, Egor Homakov wrote a blog post
[http://homakov.blogspot.com/2013/11/rjs-leaking-vulnerability-in-multiple.html]
pointing out a common info leak vulnerability in many Rails apps that utilize
Remote JavaScript. The attack vector and implications can be hard to wrap your
head around, so in this post I'll explain ho
5 min
Open Source
Weekly Update: OpSec in Open Source Projects
The weekly Metasploit update is out, and I wanted to highlight three modules
that landed in the last week, all of which target open source software. It's
easy to drink the FOSS Kool-Aid, and talk about how it's more inherently secure
than secret source software, but sadly, security is Hard Work, even in
happy-hippie open source land.
OpenX Backdoored
First, a little background -- Heise Security reported that the OpenX open source
ad server got itself backdoored
[http://www.heise.de/security/mel
3 min
Metasploit
Weekly Update: Introducing Metasploit 4.5.3
Version bump to Metasploit 4.5.3
This week, we've incremented the Metasploit version number by one trivial point
to 4.5.3 -- this was mainly done to ensure that new users get the fixes for the
four
[https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8]
most
[https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI]
recent
[https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI]
vulnerabilities
[https
3 min
Metasploit
Weekly Update: UPnP, Another Rails Exploit, and Auditing Joomla
UPnP Scanning
The big news this week are the UPnP / SSDP vulnerability announcements
[/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play] that
we've been coordinating between CERT/CC, open source vendors, and device
manufacturers over the last couple months. We have a pretty excellent white
paper on the subject, written by Metasploit founder and international
superhacker HD Moore [https://twitter.com/hdmoore], so I won't attempt to rehash
that here, but the TL;DR of what you
1 min
Exploits
Serialization Mischief Redux: Exploit for Ruby on Rails CVE-2013-0333
This afternoon, another scary advisory
[https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo]
was posted to the Ruby on Rails security discussion list. Fortunately, this one
doesn't affect any Metasploit products. The previous advisory
[https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion]
(that HD talked about here
[/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156]) dealt with
Rails parameter parsing of XML from a POS
5 min
Exploits
Exploiting Ruby on Rails with Metasploit (CVE-2013-0156)
Background
Earlier this week, a critical security flaw
[/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156] in Ruby on Rails
(RoR) was identified that could expose an application to remote code execution,
SQL injection, and denial of service attacks. Ruby on Rails is a popular web
application framework that is used by both web sites and web-enabled products
and this flaw is by far the worst security problem to surface in this framework
to date. If you are interested in the details of
4 min
Metasploit
Serialization Mischief in Ruby Land (CVE-2013-0156)
This afternoon a particularly scary advisory
[https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion]
was posted to the Ruby on Rails (RoR) security discussion list. The summary is
that the XML processor in RoR can be tricked into decoding the request as a YAML
document or as a Ruby Symbol, both of which can expose the application to remote
code execution or SQL injection. A gentleman by the name of Felix Wilhelm went
into detail [http://www.insinuator.net/2013/01/r
3 min
Metasploit
Weekly Metasploit Update: Mac OSX 64-Bit Payloads and More!
In addition to the frankly killer 0-day in RateMyPet, we have a couple other
things going on in Metasploit land.
Mac OSX 64-Bit Payloads
Probably the most significant add this week is Metasploit community contributor
Nemo's two new 64-bit payloads for Mac OSX targets. While OSX isn't the most
popular target on the block, we do have a steadily growing collection of
exploits targeting Apple platforms, so bringing 64-Bit platforms into the fold
of assessable targets is kind of a big deal. Thanks N