4 min
Linux
Patching CVE-2017-7494 in Samba: It's the Circle of Life
With the scent of scorched internet still lingering in the air from the
WannaCry
Ransomworm
[http://community.rapid7.com/community/infosec/blog/2017/05/12/wanna-decryptor-wncry-ransomware-explained]
, today we see a new scary-and-potentially-incendiary bug hitting the twitter
news. The vulnerability - CVE-2017-7494
[https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2017-7494] -
affects versions 3.5 (released March 1, 2010) and onwards of Samba, the defacto
standard for providing Wind
3 min
Endpoint Security
Live Vulnerability Monitoring with Agents for Linux...and more
A few months ago, I shared news of the release of the macOS Insight Agent
[/2016/12/29/macos-agent-in-nexpose-now]. Today, I'm pleased to announce the
availability of the the Linux Agent within Rapid7's vulnerability management
solutions [https://rapid7.com/solutions/vulnerability-management/]. The arrival
of the Linux Agent completes the trilogy that Windows and macOS began in late
2016. For Rapid7 customers, all that really matters is you've got new
capabilities to add to your kit.
Introducin
2 min
Windows
Metasploit Framework Open Source Installers
Rapid7 has long supplied universal Metasploit installers for Linux and Windows.
These installers contain both the open source Metasploit Framework as well as
commercial extensions, which include a graphical user interface, metamodules,
wizards, social engineering tools and integration with other Rapid7 tools. While
these features are very useful, we recognized that they are not for everyone.
According to our recent survey of Metasploit Community users, most only used it
for the open source comp
2 min
Metasploit
Metasploit on Kali Linux 2.0
As you are aware, Kali 2.0
[https://www.kali.org/releases/kali-linux-20-released/] has been released this
week and getting quite a bit of attention, as it should. Folks behind Kali have
worked really hard to bring you the new version of Kali Linux that everyone is
excited about. If you have already started to play with the new version, you
probably have realized that something is different, that is; Metasploit
Community / Pro is no longer installed by default.
Where is Metasploit Community / Pr
4 min
Nexpose
GHOSTbuster: How to scan just for CVE-2015-0235 and keep your historical site data
A recently discovered severe vulnerability, nicknamed GHOST, can result in
remote code execution exploits on vulnerable systems. Affected systems should be
patched and rebooted immediately. Learn more about
[/2015/01/27/ghost-in-the-machine-is-cve-2015-0235-another-heartbleed]
CVE-2015-0235 and its risks
[/2015/01/27/ghost-in-the-machine-is-cve-2015-0235-another-heartbleed].
The Nexpose 5.12.0 content update provides coverage for the GHOST vulnerability.
Once the Nexpose 5.12.0 content update
3 min
Linux
GHOST in the Machine - Is CVE-2015-0235 another Heartbleed?
CVE-2015-0235 is a remote code execution vulnerability affecting Linux systems
using older versions of the GNU C Library (glibc versions less than 2.18). The
bug was discovered by researchers at Qualys and named GHOST in reference to the
_gethostbyname function (and possibly because it makes for some nice puns).
To be clear, this is NOT the end of the Internet as we know, nor is it further
evidence (after Stormaggedon) that the end of the world is nigh. It's also not
another Heartbleed. But it
2 min
Metasploit
msfconsole failing to start? Try 'msfconsole -n'
As part of the last release, the Metasploit Engineering team here at Rapid7 has
been on a path of refactoring in the Metasploit open source code in order to
make it more performant and to get toward a larger goal of eventually breaking
up the framework into a multitude of libraries that can be used and tested in a
standalone way.
This effort will make it easier to deliver features and respond to issues more
quickly, as well as ensure that regressions and bugs can get diagnosed, triaged,
and fix
5 min
Release Notes
Simplify Vulnerability Management with Nexpose 5.6
We are pleased to announce the next major release of Nexpose, version 5.6. This
release focuses on providing you the most impactful remediation steps to reduce
risk to your organization and extends our current configuration assessment
functionality.
New Look and Feel
The most visible change in Nexpose 5.6 is the new look and feel of the user
interface. The action header is now smaller to maximize screen space and
usability, and the new colour scheme makes it easier to focus on important areas
3 min
Metasploit
Metasploit Now Supports Kali Linux, the Evolution of BackTrack
Today, our friends at Offensive Security announced Kali Linux
[http://www.kali.org/offensive-security-introduces-kali-linux/], which is based
on the philosophy of an offensive approach to security. While defensive
solutions are important to protect your network, it is critical to step into the
shoes of an attacker to see if they're working. Kali Linux is a security
auditing toolkit that enables you just that: test the security of your network
defenses before others do.
Kali is a free, open sour
5 min
Product Updates
Update to the Metasploit Updates and msfupdate
The Short Story
In order to use the binary installer's msfupdate, you need to first register
your Metasploit installation. In nearly all cases, this means visiting
https://localhost:3790 [https://localhost:3790/] and filling out the form. No
money, no dense acceptable use policy, just register and go. Want more detail
and alternatives? Read on.
Background
A little over a year ago, Metasploit primary development switched to Git
[/2011/11/10/git-while-the-gitting-is-good] as a source control p
3 min
Metasploit
Using BackTrack 5 R3 with Metasploit Community or Metasploit Pro
Update: Kali Linux now superseded BackTrack as a platform. We strongly recommend
using Kali Linux over BackTrack if you are going to run Metasploit. More info
here [/2013/03/13/metasploit-now-supports-kali-linux-the-evolution-of-backtrack]
.
As of version 5 R3, BackTrack comes pre-installed with Metasploit 4.4, so it's
now easier to use Metasploit Community Edition or Metasploit Pro on BackTrack.
Here is how it's done:
* After BackTrack boots, enter startx to get into the UI.
* Install Bac
3 min
Metasploit
Using BackTrack 5 R2 with Metasploit Community or Metasploit Pro
As of version 5 R2, BackTrack comes pre-installed with Metasploit 4.1.4, so it's
now easier to use Metasploit Community Edition or Metasploit Pro on BackTrack.
Here is how it's done:
* After BackTrack boots, enter startx to get into the UI.
* Install BackTrack in a virtual machine using the Install BackTrack icon in
the top left corner. This is recommended so that Metasploit remembers its
product key; otherwise, you would have to register Metasploit each time.
* Log in with user root,
6 min
Nexpose
Integrating Nexpose Community and Metasploit Community in Backtrack 5 R2
I recently packaged up the new Nexpose release so that Backtrack users can have
an up-to-date version of Nexpose, straight from the Backtrack repos. This seemed
like a great time to also go over installing Nexpose Community and integrating
it with the already-installed Metasploit Community.
1. Getting Started
Before we get started, I would recommend grabbing a copy of Backtrack 5 R2
64-bit. The machine you want to use will need to have at a minimum 2GB of RAM
and at least 5GB space on the hard
5 min
Metasploit
Adventures in the Windows NT Registry: A step into the world of Forensics and Information Gathering
As of a few days ago [https://github.com/rapid7/metasploit-framework/pull/98],
the Metasploit Framework has full read-only access to offline registry hives.
Within Rex you will now find a Rex::Registry namespace that will allow you to
load and parse offline NT registry hives (includes Windows 2000 and up),
implemented in pure Ruby. This is a great addition to the framework because it
allows you to be sneakier and more stealthy while gathering information on a
remote computer. You no longer need
2 min
Metasploit
More Fun with BSD-derived Telnet Daemons
In my last post [/2011/12/28/bsd-telnet-daemon-encrypt-key-id-overflow], I
discussed the recent BSD telnetd vulnerability and demonstrated the scanner
module added to the Metasploit Framework. Since then, two new exploit modules
have been released; one for FreeBSD versions 5.3 - 8.2
[https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/freebsd/telnet/telnet_encrypt_keyid.rb]
and another for Red Hat Enterprise Linux 3
[https://github.com/rapid7/metasploit-framework/blob/ma