Archive for metasploit

You are browsing the archives of metasploit.

Metasploitable

Metasploit recently released version 3.4.0 of the Framework with many improvements and new exploits and a new commercial product, Metasploit Express. Today, they followed that up with a VM image that can be used as an exploitable practice target. Introducing Metasploitable – [metasploit.com] Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. […]

Metasploit Roundup

Here’s a roundup of recent metasploit techniques: Nessus Scanning through a Metasploit Meterpreter Session – [pauldotcom.com] Scenario: You are doing a penetration test. The client’s internet face is locked down pretty well. No services are exposed externally and only HTTP/HTTPS are allowed OUT of the corporate firewall. You email in a carefully crafted email with […]

Meterpreter Persistence

The Metasploit Framework is a framework that enables penetration testing by combining modular packages of exploit code, payloads and tools such as Meterpreter that allow the tester to maintain access, collect information on the target system and execute pivot attacks against other systems. This script helps the tester by maintaining backdoor access. Meterpreter Persistence – […]

SMB2 Threat

The SMBv2 vulnerability that has been lurking for several weeks now has exploit code available from both Canvas and Metasploit: Remote exploit released for Windows Vista SMB2 worm hole – [zdnet.com] [Canvas] Security researchers at penetration testing firm Immunity have created a reliable remote exploit capable of spawning a worm through an unpatched security hole […]

15 Minute Pen Test

These two videos from “The Ethical Hacker Network” show Ryan Linn demonstrating basic penetration testing techniques with nmap, nessus, metasploit, ophcrack and some command line actions. Video: The 15-Minute Network Pen Test Part 1 – [ethicalhacker.net] The first video takes the viewer through the initial network recon stage of pen testing and then follows up […]

War dialing

War dialing gets an upgrade This interesting story has implications for VOIP, SCADA and maybe more. The co-founder of the Metasploit Project aims to upgrade wardialers this week, speeding surveys of blocks of phone numbers using voice-over-IP lines and storing data on who — or what — answers the phone at each number. Dubbed Warvox, […]

Backtrack

Backtrack is live CD (bootable) that is a compilation of network security tools. Based on SLAX, Backtrack 3 currently has over 300 tools. Backtrack is available from remote-exploit.org Every package, kernel configuration and script is optimized to be used by security penetration testers. Patches and automation have been added, applied or developed to provide a […]

Metasploit

Metasploit is an exploitation framework. That means it offers a framework from which to launch exploit code that can be used for the penetration of computer systems. It has a large list of exploits and a variety of payloads to be delivered by the exploit. The Metasploit Project The Metasploit Framework What is it? The […]