Skip navigation
All Places > Metasploit > Blog > Authors techeditor

Metasploit

7 Posts authored by: techeditor

Originally Posted

 

When modifying Metasploit library code, you generally need to restart msfconsole to see the changes take effect. Although we've made some improvements in startup time, it's still not great, and waiting for the whole framework to load for a one-line change can be frustrating. Fortunately, Ruby has a simple way to reload a file: Kernel.load. Here's a simple example of how to use it:

 

 

##
# $Id$
##


load "./lib/rex/proto/my_new_protocol.rb"
load "./lib/msf/core/exploit/my_new_protocol.rb"


require 'msf/core'


class Metasploit3 < Msf::Exploit::Remote
  include Msf::Exploit::Remote::MyNewProtocol
  def initialize(info={})
    super(update_info(info,
      'Name' => "My New Protocol Exploit",
      'Description' => %q{ Exploits something in My New Protocol },
      # ...
    ))
  end

  def exploit
    MyNewProtocol.frobnicate(datastore["RHOST"])
  end

end

 

 

If my_new_protocol.rb defines any constants, Ruby will warn that they are being redefined. Generally this is harmless and you can ignore the warnings.

 

This simple technique can greatly decrease development time and works equally well when writing your own lib or modifying an existing one. When you're done with the exploit, simply replace the load lines with appropriate requires and send us a patch!

Originally Posted by Jen Ellis

 

In a couple of weeks, our very own @Mubix (AKA Rob Fuller to those who don’t live their life with an @ sign permanently attached to their name!) will be offering Metasploit-ation for the Nation.  Unlike that phrase – which I just made up – Mubix will actually be talking sense as he walks penetration testers through the delightful world of Metasploit Pro in a 4-hour in-depth training session.

 

Mubix took some time to answer a few questions below to give you a flavor of the training.  If you have any additional questions on this, please post them in the comments section below.

 

[Jen] What’s this all about then?


Mubix-150x150.png

 

[Mubix] This is going to be a 4-hour practical deep dive in which I’ll be showing people the essentials of penetration testing, as well as advanced techniques and uses of Metasploit.  The plan is for attendees to walk away with a deeper understanding of penetration testing and how Metasploit can help make their organization more successful with an efficient, effective and unparalleled penetration testing strategy.

 

 

[Jen] More specifically what will the course cover?

 

[Mubix] The course will cover the following topics:

 

o    Reconnaissance

o    Network Vulnerability Scanning

o    Maintaining Access & Privilege Escalation

o    Advanced Techniques

o    Pass the Hash Pivot Attacks

 

There’ll also be an opportunity for people to ask any questions they have about penetration testing and Metasploit.

 

[Jen] Who should attend the Metasploit Pro training?

 

[Mubix] The training is for anyone interested in penetration testing, from novices to pros.  I’m aiming to have something in there for everyone, whether you’re hoping to pick up the basics, or looking for some more advanced tricks and tips.

 

[Jen] What are the main details everyone needs to know?

 

[Mubix] Here you go:

 

What: 4-Hour Online Metasploit Pro Training with Mubix (Includes course materials)

 

When: May 26th, 11am-3pm Eastern

 

How Much: $1,000 / per person

 

How to Register: Please contact your Rapid7 Sales Representative or call 617.247.1717.

 

[Jen] Finally, can you tell us a bit more about yourself and why you’re the perfect person to introduce people to Metasploit Pro?!

 

[Mubix] I spent time doing Systems Administration, Incident Response, Security Infrastructure Design, and Penetration Testing in the DoD and Department of State. I’ve learned most of what I know on my own, from friends, and by just googling it. I have fun breaking into places but my passion comes in the constant challenges I’m faced with and the hi-demand problem solving that comes with Penetration Testing. Ultimately it’s about getting organizations better prepared for attacks, which may or may not come, but it’s better to run faster than the other guy.

 

To register for the training please contact your Rapid7 Sales Representative or call +1 (617) 247 1717.

Originally Posted

 

The Metasploit team has spent the last two months focused on one of the least-visible, but most important pieces of the Metasploit Framework; the session backend. Metasploit 3.7 represents a complete overhaul of how sessions are tracked within the framework and associated with the backend database. This release also significantly improves the staging process for the reverse_tcp stager and Meterpreter session initialization. Shell sessions now hold their output in a ring buffer, which allows us to easily view session history -- even if you don't have a database.

 

For information specific to the Metasploit Pro and Metasploit Express products, please see this blog post.

 

This overhaul increases performance in the presence of many sessions and allows for a larger number of concurrent incoming sessions in a more reliable manner. The Metasploit Console can now comfortably handle hundreds of sessions, an especially important consideration when running large-scale social engineering engagements. Several areas of database performance have seen significant improvements as well and importing large scan results is now up to four times faster.

 

Although much effort has gone into increasing performance with large numbers of hosts and sessions, sometimes small changes can mean a world of difference in usability. An example of such a change is msfpayload's new -h and -l options. Instead of always loading the entire framework when all you need is the list of output formats, msfpayload can now show you usage in less than a second.

 

This release also includes a long-awaited update to our SMB stack to enable signing. Thanks to some great work by Alexandre Maloteaux, you can now perform pass-the-hash and stolen password attacks against Windows 2008. Alexandre also added NTLM authentication support to the Microsoft SQL Server driver within Metasploit.

 

In addition to the core library improvements, this release comes with 35 new remote exploits thanks in large part to our two newest full time developers, bannedit and sinn3r.

 

More details about this release can be found in the 3.7.0 Release Notes. As always, the latest version is available from the Metasploit download page.

Originally Posted by Chris Kirsch

T-shirt-votes-171x300.jpg

 

You have voted in large numbers – and the results are out: design #36 is the winner of the Metasploit T-shirt design contest. Danny Chrastil submitted the winning design, featuring the Metasploit logo consisting of code from the payload osx/ppc/shell_reverse_tcp. The back shows the Metasploit splash screen cow, our legendary creature of mystery and superstition.

 

A few words about the winner: Danny Chrastil aka @DisK0nn3cT is a web applications developer and penetration tester from Denver, Colorado. He has been in web development for 7 years and in information security for 2 years now. Danny recently became a Metasploit user and admirer in 2010. When he’s not writing code or pen testing web applications, he is brushing up on his Metasploit Fu! Danny about the contest: “I was just trying to have fun with the design, I wanted to create something that looked cool but was also related to the awesome power of the Metasploit Framework.” Congratulations, Danny!

 

For those wondering how the votes turned out, I’ve posted the vote counts. We’ll also look into adding some of the other designs in the Metasploit store. Bear with us while we work out the details and stay posted for updates!

Originally Posted by Chris Kirsch

 

Wow – 87 entries for our T-Shirt competition in one week. We were very impressed with both quantity and quality of the entries we received for designing the new Metasploit T-shirt, which will be featured in the new Metasploit store.

 

Now, it’s your turn (again): We need you to vote for your favorite shirt. Starting with 87 entries, we conducted a quick office poll produce a shortlist of 15 for you to pick from. (Go here if you want to see all of them.)

 

Tremolo…. here they are (click on any image to enlarge it):

 

arrow-down Below – #12 by rezeusor: “There’s just something so wrong about being owned by an ASCII-art cow” (featuring the Metasploit cow)

 

121-300x148.jpg

 

arrow-down Below – #14 by rezeusor: “My cow ate your firewall… then I milked your passwords” (featuring the Metasploit cow)

 

141-300x148.jpg

 

arrow-down Below – #18 by Claire Medeiros: Her take on the Metasploit man

 

18.png

 

arrow-down Below – #24 by jayrn: Helicopter chase

 

241-300x291.jpg

 

arrow-down Below – #35 by Skip86: Metasploit shield with lightning bolts

 

351-300x292.jpg

 

arrow-down Below – #36 by Danny Chrastil: Exploit hex code as pattern for Metasploit logo (featuring Metasploit cow)

 

36-300x183.png

 

arrow-down Below – #39 by reeandra: The Metasploit Robot

 

391-300x280.jpg

 

arrow-down Below – #40 by rezeusor: “Where the real penetration testers hang their hats”

 

401-300x148.jpg

 

arrow-down Below – #44 by trevelyn412: “I got in”

 

44.png

 

arrow-down Below – #45 by reeandra: “I hack villains” (featuring the Metasploit robot)

 

451-300x203.jpg

 

arrow-down Below – #63 by gravisi: “I walk through firewalls”

 

631-300x253.jpg

 

arrow-down Below – #67 by gravisi: “I mind-control computers”

 

671-300x216.jpg

 

arrow-down Below – #72 by pan15: “Hack me if you can” (featuring the Metasploit ninja)

 

721-239x300.jpg

 

arrow-down Below – #73 by reeandra: “I hack villains” (featuring white hat)

 

731-300x259.jpg

 

arrow-down Below -  #77 by b0rsalin078: True Grit style

 

771-300x231.jpg

 

Selected your favorite? Great – here is how you vote: Tweet the following sentence, replacing [number] with your favorite design number:

 

Twitter icon I’m voting for Metasploit T-shirt design #[number]! http://bit.ly/e4wsPt #metasploitswag


The community vote closes at midnight on Thursday 21 April Eastern Time.

 

A word to the designers: Thanks for your submissions! Feel free to write comments to explain your designs.

Originally Posted  by Chris Kirsch

 

Design-your-own-Metasploit-T-Shirt-300x216.jpg

 

Don’t know what to wear for the next BlackHat conference? Afraid of going naked to B-Sides? We are too, so we decided to do something about it. We’re getting ready to launch our own Metasploit designer clothes – and you’re the designer!

 

To start off our Metasploit swag store, we’d like you to design a T-shirt. You must submit your own, original design. To enter, add your design to our 99designs competition and tweet the link with the hash tag #metasploitswag. The competition ends Tuesday, April 12, 2011 at 1:45pm Eastern – and there’s a $150 cash prize! If you have questions about the competition, simply tweet them using the hash tag #metasploitswag.

 

Believe it or not, we’re not doing this to get rich. All proceeds of the Metasploit swag store will be donated to charity. Which one? Why don’t you tell us. Tweet your favorite charity with the hash tag #metasploitcharity. You don’t have to submit a T-shirt design to participate.

techeditor

Happy April Fools Day!

Posted by techeditor Apr 1, 2011

Originally Posted

 

As some folks may have noticed, the startup process for the Metasploit Console (msfconsole) has changed this morning. Windows users are now greeted with a slightly different message than they are used to:

 

fools_windows.png

 

By the same token, Unix users will notice that the console has become a little more aggressive in terms of choosing targets on startup:

 

fools_linux.png

 

The April Fools code can be disabled by setting the 'NOFOOL' shell environment variable to any value. Unix users who want to see the Windows version can also set the 'WINFOOL' environment variable prior to starting msfconsole (and likewise for Windows users by setting 'LINFOOL').

 

That's it for this year, we hope you enjoyed it!

 

- The Metasploit Team

 

PS. We have a shiny a new web site as of this morning, no joke!

Filter Blog

By date: By tag: