logo


Category: tools | Posted by Avatar Staff 21 days ago
Via: http://blog.metasploit.com | Tags: ms metasploit smb relay comments Discuss  
Today, Microsoft released bulletin MS08-068, which addresses a well-known flaw in the SMB authentication protocol. This attack was first publicly documented by Sir Dystic during @tlantacon in 2001 and implemented in Metasploit 3 in July of 2007. The attack abuses a design flaw in how SMB/NTLM authentication is implemented and works as follows.The SMB client tries to access a remote SMB service on an attacker's machine. A user can be forced to access the SMB resource if they are running Internet Explorer or read more »
addto Add this link to... report Bury 
Category: tools | Posted by Avatar Staff 51 days ago
Via: http://blog.metasploit.com | Tags: uninformed journal volume comments Discuss  
The Uninformed Journal has released volume 10! Skywing wrote a great article on bypassing client-side restrictions on the GPS device for the HTC Titan. Skape rocks it yet again with a new technique for bypassing malware unpackers using dual memory mappings. Mxatone digs into three vulnerabilities in win32k.sys that were patched with MS08-025 and demonstrates how to find and exploit bugs in this subsystem. Finally, I wrote an article on penetration testing IPv6 nodes on the local network, which is a detaile read more »
addto Add this link to... report Bury 
Category: tools | Posted by Avatar Staff 54 days ago
Via: http://blog.metasploit.com | Tags: metasploit bsd licensing comments Discuss  
The slides from the talk egypt and I gave at SecTOR 2008 are now online. One of the highlights was a change in licensing -- instead of the existing EULA-like license, the 3.2 release will be provided under the 3-clause BSD license. The text below is an extended version of a rant I shared with Kelly Jackson Higgins over at Dark Reading.The original version of Metasploit (1.0 and 2.x) was available dual-licensed under the GPL and Perl Artistic License. The goal was to make the framework interoperable with ot read more »
addto Add this link to... report Bury 
Category: tools | Posted by Avatar Staff 69 days ago
Via: http://blog.metasploit.com | Tags: metasploit comments Discuss  
Silence can mean one of two things - the project is dead, or we are working on some really big things and aren't quite ready to announce them. Well, the project is not dead :-) In the next two weeks, some major changes will be announced that cover the source code, development team, and licensing of the Metasploit Framework. Folks who have been following the development tree may not be suprised, but we are taking some giant steps forward from the 3.1 release.In the meantime, users should stay away from Ruby read more »
addto Add this link to... report Bury 
Category: tools | Posted by Avatar Staff 99 days ago
Via: http://blog.metasploit.com | Tags: improved windbg opcode searching comments Discuss  
Goaded by some coworkers about the opcode searching functionality of windbg prompted me to add a new option to jutsu today: searchOpcodeYou can search for sets of instructions in conjunction, it will assemble them, providing you the machine code, then search for the instructions in executable memory. Instructions are delimited by pipes. I plan to add some limited wildcard functionality in the near future as well.0:000> !jutsu searchOpcode pop ecx | pop ecx | ret[J] Searching for:> pop ecx > pop ecx > r read more »
addto Add this link to... report Bury 
Category: tools | Posted by Avatar Staff 99 days ago
Via: http://blog.metasploit.com | Tags: improved windbg opcode searching comments Discuss  
Goaded by some coworkers about the opcode searching functionality of windbg prompted me to add a new option to jutsu today: searchOpcodeYou can search for sets of instructions in conjunction, it will assemble them, providing you the machine code, then search for the instructions in executable memory. Instructions are delimited by pipes. I plan to add some limited wildcard functionality in the near future as well.0:000> !jutsu searchOpcode pop ecx | pop ecx | ret[J] Searching for:> pop ecx > pop ecx > r read more »
addto Add this link to... report Bury 
Category: tools | Posted by Avatar Staff 104 days ago
Via: http://blog.metasploit.com | Tags: byakugan windbg plugin released comments Discuss  
Today, HD merged in an amalgamation of windbg tools and plugins with a funny name into the main metasploit tree. We've been working on this collection for awhile now, and currently it represents (I think) a good step towards turning windbg from simply a good debugger into a powerful platform for exploit development.The work that's currently released includes: tenketsu - the vista heap emulator/visualizer which allows you to track how input to a program effects the heap in real time.jutsu - a set of tools read more »
addto Add this link to... report Bury 
Category: tools | Posted by Avatar Staff 117 days ago
Via: http://blog.metasploit.com | Tags: karmetasploit wireless fun comments Discuss  
I just posted the first public documentation on Karmetasploit. This project is a combination of Dino Dai Zovi and Shane Macaulay's KARMA and the Metasploit Framework. The result is an extremely effective way to absorb information and remote shells from the wireless-enabled machines around you. This first version is still a proof-of-concept, but it already has an impressive feature list: - Capture POP3 and IMAP4 passwords (clear-text and SSL) - Accept outbound email sent over SMTP - Parse out FTP and HTTP l read more »
addto Add this link to... report Bury 
Category: tools | Posted by Avatar Staff 120 days ago
Via: http://blog.metasploit.com | Tags: best open source software awards comments Discuss  
InfoWorld has just released the Best of Open Source Software Awards. The Metasploit Framework received an award in the category of Best of open source in security:"When we first saw Metasploit back in 2004 at the DefCon hacker conference, we knew it would become a staple for security professionals the world over. And sure enough, Metasploit has become the de facto standard attack and penetration toolkit. Extremely extensible, and constantly updated to home in on the latest server and host vulnerabilities, read more »
addto Add this link to... report Bury 
Category: tools | Posted by Avatar Staff 123 days ago
Via: http://blog.metasploit.com | Tags: dns multiple race exploiter comments Discuss  
AR of Securebits released a new DNS poisoning tool today. The DNS Multiple Race Exploiter is unique in that it can overwrite any A record by using a CNAME response. This differs from any of the existing public tools (including those in Metasploit, which only poison uncached "A" records and "NS" records). Note for lazy IPS/IDS developers, this tool uses a static TTL of 0x7BEDABED in all spoofed replies. read more »
addto Add this link to... report Bury 
Category: tools | Posted by Avatar Staff 126 days ago
Via: http://blog.metasploit.com | Tags: checking cache poisoning comments Discuss  
After seeing the SBC/ATT server for Austin get poisoned, serve up advertisements, and eventually get taken offline, I decided to add a module to compare DNS results between two servers. In the following example, the ".gov" TLD has been poisoned with the bailiwicked_domain Metasploit module:msf > use auxiliary/spoof/dns/compare_resultsmsf auxiliary(compare_results) > set BASEDNS 4.2.2.3BASEDNS => 4.2.2.3msf auxiliary(compare_results) > set TARGDNS poisoned.serverTARDNS => poisoned.servermsf a read more »
addto Add this link to... report Bury