Metasploit Weekly Wrapup

Ghost...what???hdm recently provided a new exploit module for a type confusion vulnerability that exists in Ghostscript versions 9.21 and earlier, allowing remote code execution on the target. And to "kick it up a notch", this exploit got itself a snazzy logo which also contains the exploit:(spoiler alert: it's called GhostButt)Forever…

Metasploit Wrapup, 4.14.4 through 4.14.11

Editor's Note: While this edition of the Metasploit Wrapup is a little late (my fault, sorry), we're super excited that it's our first ever Metasploit Wrapup to be authored by an non-Rapid7 contributor. We'd like to thank claudijd -long-time Metasploit contributor, Mozilla security wrangler, and overall nice guy - for…

Metasploit, [REDACTED] Edition

Why should [REDACTED] have all the fun with spiffy codenames for their exploits? As of today, Metasploit is taking a page from [REDACTED], and equipping all Metasploit modules with equally fear-and-awe-inspiring codenames. Sure, there are catchy names for vulnerabilities -- we remember you fondly, Badblock -- but clearly, unique names…

Metasploit Wrapup

Faster, Meterpreter, KILL! KILL!You can now search for and kill processes by name in Meterpreter with the new pgrep and pkill commands. They both have flags similar to the older ps command, allowing you to filter by architecture (-a), user (-u), or to show only child processes of the current…

Exploiting Macros via Email with Metasploit Pro Social Engineering

Currently, phishing is seen as one of the largest infiltration points for businesses around the globe, but there is more to social engineering than just phishing. Attackers may use email and USB keys to deliver malicious files to users in the hopes of gaining access to an organization’s network. Users…

Metasploit’s RF Transceiver Capabilities

The rise of the Internet of ThingsWe spend a lot of time monitoring our corporate networks. We have many tools to detect strange behaviors. We scan for vulnerabilities. We measure our exposure constantly. However, we often fail to recognize the small (and sometimes big) Internet of Things (IoT) devices that…

Metasploit, Google Summer of Code, and You!

Spend the summer with Metasploit I'm proud to announce that the Metasploit Project has been accepted as a mentor organization in the Google Summer of Code! For those unfamiliar with the program, their about page sums it up nicely:Google Summer of Code is a global program focused on introducing students to…

Metasploit Weekly Wrapup

The last couple of weeks in the infosec world have appeared busier, and buzzier, than most others.  It seems almost futile to pry everyone away from the current drama--that being the bombshell revelation that intelligence agencies collect intelligence--long enough to have them read our dev blog.  Regardless, we've been busy…

Attacking Microsoft Office & OpenOffice with Metasploit Macro Exploits

It is fair to say that Microsoft Office and OpenOffice are some of the most popular applications in the world. We use them for writing papers, making slides for presentations, analyzing sales or financial data, and more. This software is so important to businesses that, even in developing countries, workers…

Bye Empire, Hello Nebula Exploit Kit.

Nebula LogoWhile Empire (RIG-E) disappeared at the end of December after 4 months of activityIllustration of  the last month of witnessed Activity for Empireon 2017-02-17 an advert for a new exploit kit dubbed Nebula appeared underground.------Selling EK Nebula------Nebula Exploit kitFeatures:-Automatic domain scanning and generating (99% FUD)-API rotator domains-Exploit rate tested in…

Bye Empire, Hello Nebula Exploit Kit.

Nebula LogoWhile Empire (RIG-E) disappeared at the end of December after 4 month of activityIllustration of  the last month of witnessed Activity for Empireon 2017-02-17 an advert for a new exploit kit dubbed Nebula appeared underground.------Selling EK Nebula------Nebula Exploit kitFeatures:-Automatic domain scanning and generating (99% FUD)-API rotator domains-Exploit rate tested in…

Introducing the Metasploit Vulnerable Service Emulator

Penetration testing with Metasploit made easy. Millions of IT professionals all over the world want to get into the hot field of security, and Metasploit is a great place to start. Metasploit Framework is free, used by more penetration testers than any other tool, and helps you understand security from the…

Attacking Microsoft Office & OpenOffice with Metasploit Macro Exploits

It is fair to say that Microsoft Office and OpenOffice are some of the most popular applications in the world. We use them for writing papers, making slides for presentations, analyzing sales or financial data, and more. This software is so important to businesses that, even in developing countries, workers…