Tag Archives: metasploit

Metasploit Framework 3.3.3 comes with exploit rankings

0
Posted by Tech Paranoia on December 24, 2009 – 3:00 pm
Filed under Software
Tagged as

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide.

The framework is written in the Ruby programming language and includes components written in C and assembler.

Metasploit 3.3.3 release notes:

All exploits now contain a ranking that indicates how dangerous the default settings are to the target host.

The search command now takes a -r option to specify a minimum ranking of modules to return.

The db_autopwn and nexpose_scan commands now take a -R option to specify a minimum ranking of modules to run.

The InitialAutoRunScript option has been added to Meterpreter, providing a way for exploits to specify required post-exploit tasks (migrate out of a dying process).

jRuby 1.4.0 can be used to run some parts of the framework, however it is not supported or recommended at this time.

The sessions command can now run a single command (-c) or a script (-s) on all open sessions at once.

The Win32 EXE template is now smaller (37k from 88k).

Metasploit

Source: Help Net Security

Metasploit releases IE attack, but it’s unreliable

0
Posted by Tech Paranoia on November 30, 2009 – 10:00 am
Filed under Hacks
Tagged as , ,

Developers of the open-source Metasploit penetration testing toolkit have released code that can compromise Microsoft’s Internet Explorer browser, but the software is not as reliable as first thought.

The code exploits an Internet Explorer bug that was disclosed last Friday in a proof-of-concept attack posted to the Bugtraq mailing list. That first code was unreliable, but security experts worried that someone would soon develop a better version that would be adopted by cyber-criminals.

More at: ComputerWorld

Penetration Testing Grows Up

0
Posted by Tech Paranoia on November 19, 2009 – 11:30 am
Filed under Security, Software
Tagged as ,

Penetration testing, once considered a risky practice for the enterprise and even a tool for evil hacking purposes, is becoming more of an accepted mainstream process in the enterprise mainly due to compliance requirements, more automated, user-friendly tools — and most recently, the imminent arrival of a commercial offering based on the popular open-source Metasploit tool.

Rapid7′s purchase of the Metasploit Project last month and its hiring of the renowned creator of Metasploit, HD Moore, demonstrate just how far penetration testing has come during the past 18 months, security analysts say. While some organizations still confuse penetration testing with the more pervasive vulnerability scanning, which searches for and pinpoints specific vulnerabilities and weaknesses, penetration testing is finally about to enter a new phase of commercial deployment, experts say.

Penetration testing basically puts the tester in the shoes of a would-be attacker, using exploits and attack combinations against a network or application to find where the actual exploitable weaknesses lay.

Source: DarkReading

Metasploit Framework 3.3 released

0
Posted by Tech Paranoia on November 17, 2009 – 12:00 pm
Filed under Hacks, Software
Tagged as

A new version of the Metasploit Framework is available here