Thoughts on Security
Archive for category Metasploit
Using the GUI in Metasploit 4.6
Posted by scriptjunkie in Metasploit on April 14, 2013
Unfortunately, Rapid7 recently informed me that they would no longer be including msfgui from the official distribution of Metasploit (along with Armitage). But don’t worry, because even though it is now a separate program, msfgui is still supported and still provides (in my humble opinion) the best way of harnessing all the power of Metasploit.
Saving shells with PrependMigrate
Posted by scriptjunkie in Metasploit on March 24, 2013
One of the more frustrating experiences in infosec is getting a session back – just to have it die a second later. Often, exploited processes are simply unstable; after smashing the heap or some other data structures, the process crashes not long after starting the shellcode. Sometimes the process freezes and the user exits the [...]
Shellcode sizes in Metasploit
Posted by scriptjunkie in Exploits, Metasploit on August 11, 2012
When working on DNS tunneling shellcode, I was wondering how small the shellcode needed to be to work with most exploits. In case you have the same question, this is how you find out how much space, for example, all Windows exploits have, or see how many exploits a given payload will work with, although [...]
Direct shellcode execution in MS Office macros
Posted by scriptjunkie in Exploits, Metasploit on January 22, 2012
Metasploit has for years supported encoding payloads into VBA code. (VBA, or Visual Basic for Applications, is the language that Microsoft Office macros are written in.) Macros are great for pentesters, since they don’t rely on a specific version, and they are a supported method of code execution that most people don’t realize and are [...]
Writing Meterpreter Extensions
Posted by scriptjunkie in Metasploit on August 27, 2011
Railgun and other meterpreter functionality is awesome and can do almost everything you would like on a compromised system, but sometimes, due to performance or bandwidth requirements or just weird threading issues, you need to be able to run compiled code on a target. You can upload an executable to a system and run that, [...]
Custom payloads in Metasploit 4
Posted by scriptjunkie in Metasploit on August 14, 2011
One of the key features of Metasploit is the customization of the framework; for example, different payloads can be generated with many different options and placed in any of a large number of exploits. Custom scripts can be written with many commands for automated post-exploit actions. Nevertheless, there have still been a number of customizations [...]
custom, executables, Metasploit, Metasploit 4, multipayload, payload, psexec
Network Nightmare – PXE talk at Defcon
Posted by scriptjunkie in Exploits, Metasploit on August 8, 2011
Hope you were able to see my talk at Defcon 19, Network Nightmare – Ruling the Nightlife Between Shutdown and Boot with PXEsploit. If not, you can see the slides here and watch the demos below. As a quick summary, the Preboot Execution Environment, available on almost all motherboards as “Network Boot,” provides a way [...]
Firefox Exploit Analyzed
Posted by scriptjunkie in Exploits, Metasploit on June 28, 2011
[I found some old posts lurking around my hard drive from a few months ago. This is no longer the newest or best Firefox exploit, but you might find it interesting] To learn a little bit more about exploit development and RE I took a look at the latest Firefox exploit in exploit-db ( http://www.exploit-db.com/exploits/15352/); [...]
ASLR, DEP, dll, exploit, exploit-db, firefox, Metasploit, Nobel, Peace Prize, retslide, reverse engineering, rop, stack pivot
System Kill
Posted by scriptjunkie in Metasploit on May 12, 2011
Most Metasploit modules are intended to be as “safe” as possible; to get access to a system and get information from it, hopefully without causing any serious crashes, all great for a pen test. But if you’re in a CTF or other competition, sometimes you are finished with the system you’re on and just want [...]
Why Encoding Does not Matter and How Metasploit Generates EXE’s
Posted by scriptjunkie in Metasploit on April 15, 2011
Payload executables generated by msfencode are commonly detected by antivirus engines, depending which antivirus engine is used. A common misconception is that the antivirus engines are actually detecting the shellcode, and therefore, the best way to avoid antivirus detection is to pick an encoder that the antivirus engine cannot handle, or encode many times. After [...]
antivirus, encoder, exe, malicious, msfencode, payload, shellcode
-
You are currently browsing the archives for the Metasploit category.
Featured Posts
- Authenticated Remote Code Execution Methods in Windows
- Running Code From A Non-Elevated Account At Any Time
- Ambush – A New Capability for Advanced Defense
- Malicious VM to Host Attacks
- Direct shellcode execution in MS Office macros
- Network Nightmare (Intel)
- Fragerizer – profile-guided load-order disk optimizer
- Original Source Forgery
- Writing Meterpreter Extensions
- Custom payloads in Metasploit 4
- Network Nightmare – PXE talk at Defcon
- Bypassing DEP/ASLR in browser exploits with McAfee and Symantec
- Firefox Exploit Analyzed
- Why Encoding Does not Matter and How Metasploit Generates EXE’s
- Shells, terminals, and sudo mitm
- Breaking mobile device crypto with chaos theory and hardware RNG’s
- Black Hat DC Presentation
- Command stagers in Windows
Twitter posts
- @jeremiahg the supposed file host has not been alive for at least a week http://t.co/8EF1ZyxAc0 so today's paste pointing to it is a fraud
- @vyrus001 ACL's are wonderful, deviously, evilly wonderful things. Especially useful for applying to backdoors to frustrate nccdc students.
Categories
- /dev/urandom (15)
- Crypto (1)
- Defense (5)
- Exploits (16)
- Metasploit (24)
- Uncategorized (6)
- Vulnerabilities (3)
- webapps (4)
Archives
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- October 2012
- September 2012
- August 2012
- July 2012
- May 2012
- April 2012
- January 2012
- December 2011
- September 2011
- August 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- October 2010
- September 2010
- August 2010
- July 2010
- May 2010
- April 2010
- March 2010
Ads