Archive for category Metasploit

Why Encoding Does not Matter and How Metasploit Generates EXE’s

The blog has moved to http://www.scriptjunkie.us/. If you have not moved your RSS feed over to http://www.scriptjunkie.us/feed/rss/ yet, it is about time. I will not cross-post links here for too long. http://www.scriptjunkie.us/2011/04/why-encoding-does-not-matter-and-how-metasploit-generates-exes/ Advertisements

, , , , , ,

Leave a comment

Java_signed_applet with RJB

I just wasted a lot of time trying to get the java_signed_applet exploit module working in Metasploit. Not that it doesn’t work by default, but you will get the warning [-] [-] The JDK failed to initialized: no such file to load — rjb [-] In order to dynamically sign the applet, you must install […]

, , , , , ,

Leave a comment

Black Hat DC Presentation

The materials in the presentation, including the exploits used, are downloadable here. Have fun counterattacking! Update: the actual slides are at http://scriptjunkie1.110mb.com/security/counterattack.pdf and paper is at http://scriptjunkie1.110mb.com/security/whitepaper.pdf.

, ,

Leave a comment

Expanding Metasploit RPC and GUI

If you’d like to extend Metasploit in some way (and it isn’t polished enough or applicable to all users to be put into the main framework code), a plugin is probably the best way to go. Many examples in the framework show how to add console commands, but if you want GUI integration, or integration […]

Leave a comment

Fun with lnk files

Stuxnet used an 0day .lnk icon dll-loading vulnerability to own its targets via thumb drives. But if you don’t have a fancy 0day, chances are, you can still get someone to open a link. Link files are great because they often escape the scrutiny of executable .exe files or batch scripts since they don’t directly […]

Leave a comment

Command stagers in Windows

Command injection/execution bugs are a relatively common vulnerability. For example, Internet Explorer, Google Chrome, and Mozilla Firefox have all had these problems, at least including common add-ons. (see http://www.securityfocus.com/archive/1/archive/1/499570/100/0/threaded, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5045, etc.) Many server-side scripts in webapps also suffer from the same issues. Against a Linux target, many exploitation possibilities abound, from staging a payload via […]

, , , , , , ,

Leave a comment

Team metasploit and msfgui on Windows

First, in answer to a common question, the new msfgui can be run on Windows if Java is installed by double-clicking (starting in your program files directory) \Metasploit\Framework3\msf3\data\gui\msfgui.jar so make a shortcut to that and place it on your desktop. Next think about the fact that Metasploit has more features and runs with less memory […]

Leave a comment

Insecure service permission privilege escalation

A number of metasploit modules already exist to escalate privileges based on insecurely installed services, such as the HP PML driver. But other services also suffer from the same problems and it is not worth making a new script for every obscure service; it would be easier to have one that could scan for such […]

Leave a comment

PXE exploitation

Update 2: See the latest, including the Defcon talk at my new blog: http://www.scriptjunkie.us/2011/08/network-nightmare/ Update: This complete attack, including the DHCP server, has been incorporated into Metasploit. Update and enjoy. The module is auxiliary/server/pxexploit PXE booting has been around for over a decade and is supported by most system BIOSs. And I have also seen […]

2 Comments

msfgui – now in metasploit

The new msfgui is now in metasploit; svn up your msf3/ directory to get it. There is also a good review at http://www.darkoperator.com/blog/2010/7/14/metasploit-new-gui.html Initial reception has been good, although a few bugs have popped up. It supports most scripts and most options on them via a right-click menu on a meterpreter session, generates a basic […]

Leave a comment