Thoughts on Security
Archive for category Metasploit
System Kill
Posted by scriptjunkie in Metasploit on May 12, 2011
Most Metasploit modules are intended to be as “safe” as possible; to get access to a system and get information from it, hopefully without causing any serious crashes, all great for a pen test. But if you’re in a CTF or other competition, sometimes you are finished with the system you’re on and just want […]
Why Encoding Does not Matter and How Metasploit Generates EXE’s
Posted by scriptjunkie in Metasploit on April 15, 2011
Payload executables generated by msfencode are commonly detected by antivirus engines, depending which antivirus engine is used. A common misconception is that the antivirus engines are actually detecting the shellcode, and therefore, the best way to avoid antivirus detection is to pick an encoder that the antivirus engine cannot handle, or encode many times. After […]
antivirus, encoder, exe, malicious, msfencode, payload, shellcode
Java_signed_applet with RJB
Posted by scriptjunkie in Exploits, Metasploit on March 6, 2011
I just wasted a lot of time trying to get the java_signed_applet exploit module working in Metasploit. Not that it doesn’t work by default, but you will get the warning [-] [-] The JDK failed to initialized: no such file to load — rjb [-] In order to dynamically sign the applet, you must install […]
applet, gem, java, java_signed_applet, Metasploit, rjb, ruby
Black Hat DC Presentation
Posted by scriptjunkie in Exploits, Metasploit, Vulnerabilities on January 18, 2011
The materials in the presentation, including the exploits used, are downloadable here. Have fun counterattacking! Update: the actual slides are at http://www.scriptjunkie.us/files/counterattack.pdf and paper is at http://www.scriptjunkie.us/files/bhdc2011whitepaper.pdf.
Expanding Metasploit RPC and GUI
Posted by scriptjunkie in Metasploit on January 10, 2011
If you’d like to extend Metasploit in some way (and it isn’t polished enough or applicable to all users to be put into the main framework code), a plugin is probably the best way to go. Many examples in the framework show how to add console commands, but if you want GUI integration, or integration […]
Fun with lnk files
Posted by scriptjunkie in Exploits, Metasploit on October 16, 2010
Stuxnet used an 0day .lnk icon dll-loading vulnerability to own its targets via thumb drives. But if you don’t have a fancy 0day, chances are, you can still get someone to open a link. Link files are great because they often escape the scrutiny of executable .exe files or batch scripts since they don’t directly […]
Command stagers in Windows
Posted by scriptjunkie in Exploits, Metasploit on September 27, 2010
Update: these command stagers have been integrated into metasploit Command injection/execution bugs are a relatively common vulnerability. For example, Internet Explorer, Google Chrome, and Mozilla Firefox have all had these problems, at least including common add-ons. (see http://www.securityfocus.com/archive/1/archive/1/499570/100/0/threaded, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5045, etc.) Many server-side scripts in webapps also suffer from the same issues. Against a Linux target, […]
CMD, command, exploit, Metasploit, stager, vbs, vbscript, windows
Team metasploit and msfgui on Windows
Posted by scriptjunkie in /dev/urandom, Metasploit on September 21, 2010
First, in answer to a common question, the new msfgui can be run on Windows if Java is installed by double-clicking (starting in your program files directory) MetasploitFramework3msf3dataguimsfgui.jar so make a shortcut to that and place it on your desktop. Next think about the fact that Metasploit has more features and runs with less memory […]
Insecure service permission privilege escalation
Posted by scriptjunkie in Exploits, Metasploit on August 22, 2010
A number of metasploit modules already exist to escalate privileges based on insecurely installed services, such as the HP PML driver. But other services also suffer from the same problems and it is not worth making a new script for every obscure service; it would be easier to have one that could scan for such […]
PXE exploitation
Posted by scriptjunkie in /dev/urandom, Exploits, Metasploit on July 30, 2010
Update: This complete attack, including the DHCP server, has been incorporated into Metasploit. Update and enjoy. The module is auxiliary/server/pxexploit PXE booting has been around for over a decade and is supported by most system BIOSs. And I have also seen it left on in production environments. Although it is very convenient for mass OS […]
-
You are currently browsing the archives for the Metasploit category.
Featured Posts
- Exploiting Ammyy Admin – developing an 0day
- Red Teaming the CCDC
- Installing Linux on a Live Windows System
- Adding Easy SSL Client Authentication To Any Webapp
- Remote Desktop and Die – How to RDP Faster Without Getting Robbed
- Fixing Pass The Hash and 14 Other Problems
- Saving shells with PrependMigrate
- Authenticated Remote Code Execution Methods in Windows
- Running Code From A Non-Elevated Account At Any Time
- Ambush – A New Capability for Advanced Defense
- Malicious VM to Host Attacks
- Direct shellcode execution in MS Office macros
- Original Source Forgery
- Writing Meterpreter Extensions
- Network Nightmare – PXE talk at Defcon
- Bypassing DEP/ASLR in browser exploits with McAfee and Symantec
- Firefox Exploit Analyzed
- Why Encoding Does not Matter and How Metasploit Generates EXE’s
- Shells, terminals, and sudo mitm
- Breaking mobile device crypto with chaos theory and hardware RNG’s
- Black Hat DC Presentation
- Command stagers in Windows
Categories
- /dev/urandom (21)
- CCDC (1)
- Crypto (3)
- Defense (19)
- Exploits (17)
- Legal thoughts (1)
- Metasploit (26)
- Uncategorized (32)
- Vulnerabilities (3)
- webapps (7)
Archives
- November 2021
- September 2021
- February 2021
- April 2020
- February 2020
- January 2020
- December 2019
- May 2019
- July 2018
- March 2018
- August 2017
- July 2017
- April 2017
- March 2017
- January 2017
- October 2016
- September 2016
- August 2016
- June 2016
- March 2016
- January 2016
- November 2015
- October 2015
- September 2015
- July 2015
- May 2015
- January 2015
- October 2014
- September 2014
- July 2014
- May 2014
- March 2014
- February 2014
- December 2013
- November 2013
- October 2013
- September 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- October 2012
- September 2012
- August 2012
- July 2012
- May 2012
- April 2012
- January 2012
- December 2011
- September 2011
- August 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- October 2010
- September 2010
- August 2010
- July 2010
- May 2010
- April 2010
- March 2010