Search Results for: metasploit
Metasploit Meterpreter and NAT
Professional pentesters typically use a host that is connected directly to the internet, has a public IP address, and is not hindered by any firewalls or NAT devices to perform their audit. Hacking “naked” is considered to be the easiest way to perform a penetration test that involves getting shells back. Not everyone has the […]
Metasploit Bounty – the Good, the Bad and the Ugly
On June 14, 2011 HD Moore announced the Metasploit Bounty contest, offering a cash incentive for specific vulnerabilities to be submitted as modules in the Metasploit Framework. Titled “30 exploits, $5000 in 5 weeks”, a post on the Rapid7 blog lists the 30 “bounties” selected by the MSF team, waiting for someone to claim and submit a working exploit module.
Continue reading
Metasploit module : HTTP Form field fuzzer
Introduction About a month after releasing an ftp client fuzzer module for Metasploit, I decided to release yet another fuzzer module I have been working on over the last few weeks. This new module can be used to audit web servers/web server plugins/components/filters, by fuzzing form fields and optionally fuzz some header fields. While this […]
Death of an ftp client / Birth of Metasploit modules
Over the past few weeks, Corelan Team has given its undivided attention to fuzzing ftp client applications.
Using a custom built ftp client fuzzer, now part of the Metasploit framework, the team has audited several ftp clients and applications that use an embedded client ftp component. One example of such an application is a tool that would synchronize / backup data from a computer to a remote ftp server.
The 3 main audit/attack vectors that were used during the “project” were
send back overly long responses to ftp commands / requests sent by the ftp client to the server
send back a file/directory listing that contains overly long file/folder names
try to download a file that has an overly long filename.
Continue reading
Metasploit Project acquired by Rapid7
Just a few moments ago, Neil Roiter has reported on SearchSecurity that The Metasploit Project (and the Metasploit Framework) has been acquired by Rapid7, a network vulnerability management vendor. This news has been confirmed by Rapid7 (see website) and by Metasploit (see blog) A podcast of a discussion (on the acquisition) between HD Moore and […]
Fuzzing with Metasploit : Simple FTP fuzzer
Just wanted to drop a quick note about the release of another free script. This time I’ve written a simple FTP fuzzer (with a little help from HDMoore) in Metasploit. You can read more about it (and download the script) at http://www.corelan.be:8800/index.php/my-free-tools/security/metasploit/simple-ftp-fuzzer-metasploit-module/ This is why I like Metasploit so much… :-) Update : after running […]
Simple FTP Fuzzer – Metasploit Module
If you want to show your respect for my free tools and free support, please consider a small donation : Download : Update (July 2010) : the ftp fuzzer has been merged into the Metasploit tree. You do no longer need to download the script here. If you are using the latest version of Metasploit […]
Exploit writing tutorial part 4 : From Exploit to Metasploit – The basics
In the first parts of the exploit writing tutorial, I have discussed some common vulnerabilities that can lead to 2 types of exploits : stack based buffer overflows (with direct EIP overwrite), and stack based buffer overflows that take advantage of SEH chains. In my examples, I have used perl to demonstrate how to build […]
How to become a pentester
Intro I receive a lot of emails. (Please don’t make it worse, thanks!) Unfortunately I don’t have as much spare time as I used to, or would like to, so I often have no other choice than to redirect questions to our forums or our IRC channel (#corelan on freenode), hoping that other members […]
Donate
Your donation will help funding server hosting.
