Posts Tagged Metasploit

Using the GUI in Metasploit 4.6

Posted by scriptjunkie in Metasploit on April 14, 2013

Unfortunately, Rapid7 recently informed me that they would no longer be including msfgui from the official distribution of Metasploit (along with Armitage). But don’t worry, because even though it is now a separate program, msfgui is still supported and still provides (in my humble opinion) the best way of harnessing all the power of Metasploit.

, , ,

8 Comments

Custom payloads in Metasploit 4

Posted by scriptjunkie in Metasploit on August 14, 2011

One of the key features of Metasploit is the customization of the framework; for example, different payloads can be generated with many different options and placed in any of a large number of exploits. Custom scripts can be written with many commands for automated post-exploit actions. Nevertheless, there have still been a number of customizations […]

, , , , , ,

3 Comments

Firefox Exploit Analyzed

Posted by scriptjunkie in Exploits, Metasploit on June 28, 2011

[I found some old posts lurking around my hard drive from a few months ago. This is no longer the newest or best Firefox exploit, but you might find it interesting] To learn a little bit more about exploit development and RE I took a look at the latest Firefox exploit in exploit-db ( http://www.exploit-db.com/exploits/15352/); […]

, , , , , , , , , , , ,

No Comments

Java_signed_applet with RJB

Posted by scriptjunkie in Exploits, Metasploit on March 6, 2011

I just wasted a lot of time trying to get the java_signed_applet exploit module working in Metasploit. Not that it doesn’t work by default, but you will get the warning [-] [-] The JDK failed to initialized: no such file to load — rjb [-] In order to dynamically sign the applet, you must install […]

, , , , , ,

No Comments

Command stagers in Windows

Posted by scriptjunkie in Exploits, Metasploit on September 27, 2010

Update: these command stagers have been integrated into metasploit Command injection/execution bugs are a relatively common vulnerability. For example, Internet Explorer, Google Chrome, and Mozilla Firefox have all had these problems, at least including common add-ons. (see http://www.securityfocus.com/archive/1/archive/1/499570/100/0/threaded, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5045, etc.) Many server-side scripts in webapps also suffer from the same issues. Against a Linux target, […]

, , , , , , ,

No Comments

EXE injection plus

Posted by scriptjunkie in Metasploit on March 26, 2010

For those interested in metasploit (or whatever) payload injection into EXE files, the metasploit patch (now posted http://www.metasploit.com/redmine/projects/framework/repository/revisions/8896) is based on one case, albeit the most likely to work, of my original program in C and Win32 API. This original program also can embed the payload if it fits into unused space at the end of a code section, which […]

, ,

No Comments

Metasploit EXE code injection

Posted by scriptjunkie in Metasploit on March 22, 2010

I recently posed a patch to inject an arbitrary metasploit payload into a win32 exe while attempting to not affect the behavior of the host exe. I’m not the best ruby ninja, but I do at least know a little about the PE format. https://metasploit.com/redmine/issues/1244#change-3739 the patch: https://metasploit.com/redmine/attachments/196/inject.patch Payload is run in a separate thread. […]

, ,

No Comments

Shellcode API hashes

Posted by scriptjunkie in Metasploit on March 5, 2010

For all you shellcoders out there; to make Windows API calling easier, you can use Stephen Fewer’s block_api.asm in the Metasploit tree. http://www.metasploit.com/redmine/projects/framework/repository/revisions/8160/entry/external/source/shellcode/windows/x86/src/block/block_api.asm But you need the function hashes, which if you don’t have the DLL on your current OS, or the python file, or something like that can be annoying. So I posted a […]

, , ,

No Comments