Skip navigation
All Places > Metasploit > Blog > 2015 > December
2015

As a result of export restrictions placed on Metasploit Community and Pro trials, this year we have introduced some new systems to help process license requests. We have received a lot of questions about this, and this post will hopefully answer some of them for you. If you haven't read the original blog post about the export controls, please take a moment to review the information there on the updates and who is affected.

 

To help shed light on why some requests from those outside the U.S. or Canada for Metasploit Community or Pro license keys may be denied, below we list some common mistakes we've seen since this process began. To increase the likelihood of your request being quickly approved, be sure to avoid these pitfalls.

 

1) Supply a legitimate physical mailing address

All applications must include a valid physical mailing address, without exception. We frequently receive applications with blank information, gibberish, numbers, or dashes (e.g. -----,----- or 12345, 12345 or ghjghjgh, ghujhgjg).

  • Please only use Latin characters, without accents. Non-Latin characters, including Cyrillic, Arabic, Chinese, and Japanese characters, cannot be validated (e.g. 瑞安中心 6- 8海港路湾仔香港). Also, accents often render incorrectly, so please do not use any accented characters (e.g. 43 Rue Delarivi�re Lefoullon, Paris).
  • The address must be specific at a street level. Unfortunately geocodes to a neighborhood, city, or county level are not sufficient (e.g. Beijing, Beijing).
  • You must not be located in a U.S.-embargoed country: Cuba, Crimea, North Korea, Iran, Sudan, or Syria.

 

2) Disclose any government affiliations clearly in your application

In addition to address-related issues, we also have seen a number of problems relating to applications from government agencies. Sometimes we'll receive an application from an agency that either is not eligible for an exemption from export restrictions, or did not self-identify as a government agency when applying. In both cases these kinds of applications will be rejected.

 

We realize this application process may seem cumbersome and appreciate your patience as we process your license key request, as each application is manually and individually verified by a legal team. We only ask for information that is required by the U.S. Government export regulations, so please note that omitting or falsifying any information on the application form will most certainly invalidate your application.

 

As always, if you are outside the U.S. or Canada and interested in evaluating Metasploit Pro, don't hesitate to reach out to your Account Executive directly. We appreciate your cooperation as we work to comply with U.S. government regulations.

egypt

Weekly Metasploit Wrapup

Posted by egypt Employee Dec 17, 2015

Welcome to the last Metasploit update of the year! Since January 1st, 2015, we've had 6364 commits from 176 unique authors, closed 1119 Pull Requests, and added 323 modules. Thank you all for a great year! We couldn't have done it without you.

 

Sounds

 

The sounds plugin has been around for a long time, notifying hackers of new shells via their speakers since 2010. Recently, Wei sinn3r Chen gave it a makeover, replacing the old robotic voice with that of Offensive Security founder, Kali Linux Core Developer, and all-around cool guy Mati "muts" Aharoni. Now when you get a new session, you'll be treated to his sultry voice congratulating you and when an exploit fails, he'll encourage you to try harder. Just type "load sounds" in msfconsole to hear it in action.

 

New Modules

 

We have eight new modules this week -- 5 exploits and 3 post modules. Among them is an exploit for Jenkins that takes advantage of the java deserialization issue brought to the world's attention by FoxGlove Security a few weeks ago. More exploits for similar vulnerabilities are undoubtedly on the way.

 

Exploit modules

 

Auxiliary and post modules

 

Get it

As always, you can get all these modules and improvements with a simple msfupdate and the full diff is available on GitHub: 4.11.5-2015120901...4.11.5-2015121501

egypt

Weekly Metasploit Wrapup

Posted by egypt Employee Dec 11, 2015

Payloads

 

New in the latest Metasploit release are stageless HTTP and HTTPS payloads for Python for those times when you would rather have the whole thing in one file instead of having to stage it. For more on the advantages and quirks of stageless payloads, check out @OJ's post on the subject from when support was first added for Windows.

 

Exploit Modules

 

Does anybody remember that bash(1) bug from a little over a year ago? The one with environment variables getting executed as functions or something? Man, those celebrity bugs, they go off to rehab and everybody forgets about them. Well, Advantech forgot at least, since their EKI Modbus gateways use a vulnerable version of bash to serve cgi scripts. In all seriousness, Shellshock will be with us for a very long time, cropping up in production systems and embedded devices like this for many years to come. Despite the frequent comparison with Heartbleed because of the hype at the time, I personally think it's a much more useful bug. Full shell access is better than memory read access any day of the week.

 

So next time you're doing a pentest and you see something embedded, why not try a little Shellshock?

why-not-shellshock.png

 

Another fun module for this wrapup is for an old vulnerability, but part of a theme I always enjoy. For some background, chkrootkit(1) is a Linux security tool intended to discover whether a system is compromised via certain artifacts such as files commonly left around by worms. One of the checks it does is for a file named /tmp/update. Unfortunately, due to some missing quotes, vulnerable versions of chkrootkit won't just check for existence of that file, but will run it instead. As root. Now, I'd be remiss not to mention that this was patched by all the major distributions in mid-2014 and it's the kind of thing you don't usually find on embedded devices. So in contrast to bash, which is installed by default on just about every kind of device you can think of, you're not going to run into it all that often. It's still a fun bug.

 

Performance Improvements

 

Thanks to the work of community contributors Jon Cave and Meatballs, meterpreter file downloads and uploads have improved considerably. While there is still some room for improvement in this area, it's now possible to upload and download files in the tens of megabytes range in a reasonable amount of time across all the meterpreter implementations. Interestingly, Python meterpreter was the fastest in my testing, pulling down a 32MB file in 19 seconds, or roughly 13.47Mb/s.

 

Exploit modules

 

Auxiliary and post modules

 

Get It

 

As always, all the changes since the last wrapup can be had with a simple msfupdate and the full diff is available on github: 4.11.5-2015111801...4.11.5-2015120901

Filter Blog

By date: By tag: