I haven’t seen anyone do a writeup of an actual exploitation of this 0day yet, so I figured now would be a good time, since it’s getting so much publicity. It has just been announced that this is actively being exploited in the wild, which definitely makes it more serious than it was a day [...]
Posts Tagged ‘metasploit’
New Adobe 0day Demonstration
Posted: 9th September 2010 by Matt in hacks, news, securityTags: 0day, Adobe, adobe_cooltype_sing, advisory, cooltype, CVE-2010-2883, exploit, metasploit, Meterpreter, PDF
20
Alternative DLL Hijacking Method
Posted: 25th August 2010 by Matt in code, hacks, securityTags: Administrator, attack, dll, hijack, Hijacking, metasploit, Meterpreter, msf, msfconsole, msfpayload, vulnerability, webdav, webdav_dll_hijacker
UPDATE: One thing that I didn’t mention in this post is that these files do NOT have to be saved to a share. So long as the file and the DLL reside in the same directory (think USB stick), the exploitation will succeed. /UPDATE So, yesterday I wrote a post detailing the exploitation of this [...]
DLLHijackAuditKit v2
Posted: 25th August 2010 by Matt in hacks, news, securityTags: 0day, automated, dll, DLLHiJackAuditKit, exploit, hack, hd moore, hijack, metasploit, own, vulnerable, webdav, Windows
HD Moore (Metasploit) has just released an update to his original DLLHiJackAuditKit which further automates the process of discovering programs which are vulnerable to this attack. You can find his post here And here is the direct link to the zip file.
New DLL Hijacking Exploits (many!)
Posted: 24th August 2010 by Matt in code, hacks, news, securityTags: Administrator, attack, demo, demonstration, dll, example, examples, exploit, hijack, metasploit, Meterpreter, msf, msfconsole, network security audit, payload, tutorial, vulnerability, webdav_dll_hijacker, Windows, windows/browser/webdav_dll_hijacker
So, for those of you who do not follow the Metasploit project as closely as others, there was a new module included in the 10125 revision which came out on Monday. This module is kind of a huge deal, because it affects many, many Windows programs. I’ll demonstrate one in this post, but if you [...]
Windows ‘LNK’ Exploit Demonstration
Posted: 20th July 2010 by Matt in hacks, news, security, social engineeringTags: automated, browser, Command, exploit, LNK, metasploit, Microsoft, msf, msfconsole, network security audit, payload, remote, shell, Stuxnet, Temphid, URIPATH, victim, VirusBlokAda, vulnerable, W32.Stuxnet, W32.Temphid, Windows, wireless
Ok, so with all the hype surrounding this vulnerability, I figured that I would do a write up and give an example of how it works. Metasploit, as usual, makes it really simple. I really consider this to be a social engineering attack, because you need the victim to access a share. Yes, in the [...]
Metasploit 101 (Video)
Posted: 16th June 2010 by Matt in hacks, securityTags: aurora, automated, backtrack, browser, buffer overflow, exploit, hack, metasploit, tutorial, video
I came across this at Darknet Consulting today and decided that it was worthy of reposting here. It’s a pretty good introduction to Metasploit, but you probably wont learn anything new if you’ve used Metasploit in the past. If, however, you’ve heard about Metasploit, don’t know what it is, how it works, or what it [...]
Corporate Information Discovery [Part 2]
Posted: 26th May 2010 by Matt in hacks, securityTags: browser_autopwn, corporate, discovery, dns, engineering, hack, information, Lotus, metasploit, mimedefang, network, penetration, security, social, test, transfer, x_forwarded_for
View part 1 of this post here Ok, so we have lots of email addresses and names of employees.. but we know nothing of their network. And, again, because this is the preliminary discovery process, we’re going to avoid getting too aggressive. We just want to collect information at this point. First, lets take a [...]