Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Posted by Avik Sarkar On 2/24/2012 10:32:00 pm

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage
Earlier we haev discussed many times about one of the most famous and widely used exploitation framework named Metasploit. Yet again the Rapid 7 released another updated version of Metasploit. This update brings Metasploit to version 4.2.0, adding IPv6 support and virtualization target coverage. You'll also notice a new Product News section and update notification for our weekly updates. Since the last major release (4.1.0), added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads. 
Brief About Metasploit:- 
The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.
Module Changes:-
  •     Novell eDirectory eMBox Unauthenticated File Access
  •     JBoss Seam 2 Remote Command Execution
  •     NAT-PMP Port Mapper
  •     TFTP File Transfer Utility
  •     VMWare Power Off Virtual Machine
  •     VMWare Power On Virtual Machine
  •     VMWare Tag Virtual Machine
  •     VMWare Terminate ESX Login Sessions
  •     John the Ripper AIX Password Cracker
  •     7-Technologies IGSS 9 IGSSdataServer.exe DoS
  •     Microsoft IIS FTP Server <= 7.0 LIST Stack Exhaustion
  •     DNS and DNSSEC fuzzer
  •     CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure
  •     CorpWatch Company ID Information Search
  •     CorpWatch Company Name Information Search
  •     General Electric D20 Password Recovery
  •     NAT-PMP External Address Scanner
  •     Shodan Search
  •     H.323 Version Scanner
  •     Drupal Views Module Users Enumeration
  •     Ektron CMS400.NET Default Password Scanner
  •     Generic HTTP Directory Traversal Utility
  •     Microsoft IIS HTTP Internal IP Disclosure
  •     Outlook Web App (OWA) Brute Force Utility
  •     Squiz Matrix User Enumeration Scanner
  •     Sybase Easerver 6.3 Directory Traversal
  •     Yaws Web Server Directory Traversal
  •     OKI Printer Default Login Credential Scanner
  •     MSSQL Schema Dump
  •     MYSQL Schema Dump
  •     NAT-PMP External Port Scanner
  •     pcAnywhere TCP Service Discovery
  •     pcAnywhere UDP Service Discovery
  •     Postgres Schema Dump
  •     SSH Public Key Acceptance Scanner
  •     Telnet Service Encyption Key ID Overflow Detection
  •     IpSwitch WhatsUp Gold TFTP Directory Traversal
  •     VMWare ESX/ESXi Fingerprint Scanner
  •     VMWare Authentication Daemon Login Scanner
  •     VMWare Authentication Daemon Version Scanner
  •     VMWare Enumerate Permissions
  •     VMWare Enumerate Active Sessions
  •     VMWare Enumerate User Accounts
  •     VMWare Enumerate Virtual Machines
  •     VMWare Enumerate Host Details
  •     VMWare Web Login Scanner
  •     VMWare Screenshot Stealer
  •     Capture: HTTP JavaScript Keylogger
  •     Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION
  •     Asterisk Manager Login Utility
  •     FreeBSD Telnet Service Encryption Key ID Buffer Overflow
  •     Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow
  •     Java Applet Rhino Script Engine Remote Code Execution
  •     Family Connections less.php Remote Command Execution
  •     Gitorious Arbitrary Command Execution
  •     Horde 3.3.12 Backdoor Arbitrary PHP Code Execution
  •     OP5 license.php Remote Command Execution
  •     OP5 welcome Remote Command Execution
  •     Plone and Zope XMLTools Remote Command Execution
  •     PmWiki <= 2.2.34 pagelist.php Remote PHP Code Injection Exploit
  •     Support Incident Tracker <= 3.65 Remote Command Execution
  •     Splunk Search Remote Code Execution
  •     Traq admincp/common.php Remote Code Execution
  •     vBSEO <= 3.6.0 proc_deutf() Remote PHP Code Injection
  •     Mozilla Firefox 3.6.16 mChannel Use-After-Free
  •     CTEK SkyRouter 4200 and 4300 Command Execution
  •     Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
  •     Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute
  •     HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution
  •     Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control
  •     Java MixerSequencer Object GM_Song Structure Handling Vulnerability
  •     MS05-054 Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution
  •     MS12-004 midiOutPlayNextPolyEvent Heap Overflow
  •     Viscom Software Movie Player Pro SDK ActiveX 6.8
  •     Adobe Reader U3D Memory Corruption Vulnerability
  •     Aviosoft Digital TV Player Professional 1.0 Stack Buffer Overflow
  •     BS.Player 2.57 Buffer Overflow
  •     CCMPlayer 1.5 m3u Playlist Stack Based Buffer Overflow
  •     Free MP3 CD Ripper 1.1 WAV File Stack Buffer Overflow
  •     McAfee SaaS MyCioScan ShowReport Remote Command Execution
  •     Mini-Stream RM-MP3 Converter v3.1.2.1 PLS File Stack Buffer Overflow
  •     MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow
  •     Ability Server 2.34 STOR Command Stack Buffer Overflow
  •     AbsoluteFTP 1.9.6 - 2.2.10 LIST Command Remote Buffer Overflow
  •     Serv-U FTP Server < 4.2 Buffer Overflow
  •     HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow
  •     XAMPP WebDAV PHP Upload
  •     Avid Media Composer 5.5 - Avid Phonetic Indexer Buffer Overflow
  •     Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow
  •     HP Diagnostics Server magentservice.exe Overflow
  •     StreamDown 6.8.0 Buffer Overflow
  •     Wireshark console.lua Pre-Loading Script Execution
  •     Oracle Job Scheduler Named Pipe Command Execution
  •     SCADA 3S CoDeSys CmpWebServer <= v3.4 SP4 Patch 2 Stack Buffer Overflow
  •     Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57
  •     OpenTFTP SP 1.4 Error Packet Overflow
  •     AIX Gather Dump Password Hashes
  •     Linux Gather Saved mount.cifs/mount.smbfs Credentials
  •     Multi Gather VirtualBox VM Enumeration
  •     UNIX Gather .fetchmailrc Credentials
  •     Multi Gather VMWare VM Identification
  •     UNIX Gather .netrc Credentials
  •     Multi Gather Mozilla Thunderbird Signon Credential Collection
  •     Multiple Linux / Unix Post Sudo Upgrade Shell
  •     Windows Escalate SMB Icon LNK dropper
  •     Windows Escalate Get System via Administrator
  •     Windows Gather RazorSQL Credentials
  •     Windows Gather File and Registry Artifacts Enumeration
  •     Windows Gather Enumerate Computers
  •     Post Windows Gather Forensics Duqu Registry Check
  •     Windows Gather Privileges Enumeration
  •     Windows Manage Download and/or Execute
  •     Windows Manage Create Shadow Copy
  •     Windows Manage List Shadow Copies
  •     Windows Manage Mount Shadow Copy
  •     Windows Manage Set Shadow Copy Storage Space
  •     Windows Manage Get Shadow Copy Storage Info
  •     Windows Recon Computer Browser Discovery
  •     Windows Recon Resolve Hostname
  •     Windows Gather Wireless BSS Info
  •     Windows Gather Wireless Current Connection Info
  •     Windows Disconnect Wireless Connection
  •     Windows Gather Wireless Profile
For additional information click Here. To Download Metasploit version 4.2.0 for windows & Linux click Here.

 -Source (rapid7)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

SriLanka Under Cyber Attack-3 Bank & 7 Govt Websites Hacked By H4x0rL1f3

Posted by Avik Sarkar On 2/24/2012 10:02:00 pm

SriLanka Under Cyber Attack-3 Bank & 7 Govt Websites Hacked By H4x0rL1f3
SriLanka is facing massive cyber attack, a hacker named H4x0rL1f3 from Pakistan has hacked the offcial websites of three SriLankan bank (USAID, MCB Bank Limited, & Union Bank of SriLanka) and seven other high profile websites of SriLanka Govt. The list of all those hacked sites & deface mirrors can be found on a pasetbin release by the hacker.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hackers Champions League 2011 Result

Posted by Avik Sarkar On 2/24/2012 09:19:00 pm

Hackers Champions League 2011 Result

Finally the result of long awaited Hackers Champions League 2011 is here. Being the organizer its our pleasure to declare the result. We are very much delighted to have massive response from the whole spectrum. Not only in Asia Pacific but also hackers around the globe gladly taken part in this event, submitted their papers. The average quality of the papers ware very good and also we believe that the object of conduction the event get success. VOGH wants to thank Innobuzz Knowledge Solution for their co-operation. Our sincere thanks and regards goes to the honorable judges & Mr. Ankit Oberoi. Hackers Champions League Judges Panel have selected 30 papers and all those researchers who submitted those papers will be honored by Hackers Champions League Team & will get certificates & Ethical hacking Training From Innobuzz Knowledge Solution. 

Top 10 Researcher:-
  1. VIVEK.R
  2. MANOJ.A
  3. Hitcher
  4. Prayas Kulshrestha
  5. KAUSHAL JANGID
  6. Nan Al Zain
  7. Wen Yang
  8. Ankit Solanki
  9. J. Thomas
  10. Akshay Yewale 
The Full List Can Be Found Here
Earlier we have told that The main aim of conducting Hackers Champions League (HCL 2011) is to enrich the Cyber Security. So at the very end of this event Team HCL & Team VOGH is honoring Mr. Ashish Mistry (Information Security Researcher) for his Hcon Security Testing Framework & Mr. Ardit Ferizi for his remarkable contribution in cyber security.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NSA Is Suspecting That Anonymous Could Shutdown The Entire U.S. Power Grid

Posted by Avik Sarkar On 2/23/2012 07:01:00 pm

NSA Is Suspecting That Anonymous Could Shutdown The Entire U.S. Power Grid
Earlier we have covered that Researchers at the Massachusetts Institute of Technology told that U.S. power grid needs cyber security protection. Now the US Govt is suspecting that 'Hactivist' Anonymous may target this vulnerable point and shut down the entire U.S. power grid within the next two years. General Keith Alexander The head of the National Security Agency has warned- that the hacker collective group Anonymous may be able to bring about a limited national power outage through a cyber attack. In the meeting at White House has relayed his concerns. Though he has not publicly expressed his concerns about the potential for Anonymous to disrupt power supplies, he has warned publicly about an emerging ability by cyber attackers to disable or even damage computer networks. Still Anonymous has never indicated to perform cyber attack against US power grid, but in the last week they have called Operation Global Blackout, a plan to shut down the Internet on March 31. And the security experts are suspecting that while executing that attack Anon may target the US power grid.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hacker Stolen More Than 6k Login Details Of A Pron Site

Posted by Avik Sarkar On 2/23/2012 06:44:00 pm

Hacker Stolen More Than 6k Login Details Of A Pron Site

Some unnamed hacker has hacked into YouPorn.com, one of the largest and most popular porn site of Europe. The hacker has hacked & exposed more than 6000 login details of that site. All those hacked Login details (Email-id & passwords) are openly posted on a pastebin release by the attacker. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Red Hat Enterprise Linux (RHEL) 5.8 Released

Posted by Avik Sarkar On 2/23/2012 06:44:00 pm

Red Hat Enterprise Linux (RHEL) 5.8 Released 

Red Hat announced the general availability of Red Hat Enterprise Linux 5.8 operating system with new and improved functionality for enhanced performance, flexibility, and security. The release of Red Hat Enterprise Linux 5.8 is part of the ongoing value delivered to customers during the recently-extended 10 year life cycle. With this release Red Hat has provided customers with the eighth "minor release" of Red Hat Enterprise Linux (RHEL) 5.
Red Hat Enterprise Linux 5.8 Include:-

Virtualization
  • KVM scalability enhancements increasing the maximum supported virtual guest size from 128 to 256 virtual CPUs furthering the reach of virtualization deployments to large-scale workloads.
  • KVM enhancements include improved guest boot times and improved clock and timer support. The KVM hypervisor has updated real time clock (RTC) support to improve the performance of Red Hat Enterprise Linux 6 guests on Red Hat Enterprise Linux 5 KVM hosts.
  • Additional KVM improvements increase the manageability and stability of KVM hosts and Red Hat Enterprise Linux guests. Many of these enhancements are in support of Red Hat Enterprise Virtualization 3.0.
  • Xen enhancements provide improved guest performance, improved logging for debug, and virtual disk re-sizing while a guest is running.

Hardware Support and Streamlined Installation
  • Support for Power Management Quality of Service (QoS) provides automatic power management at the device level for managing latency and throughput based on QoS needs. During critical production windows, system administrators can enforce a high-performance, low-latency mode.
  • New iotop support enables the monitoring of I/O resources, such as storage devices, at the process level, providing insight into potential performance issues.
  • PCI-e 3.0 enablement provides support for new and emerging PCI-e 3.0 adapters.
  • Network, storage and graphic driver enhancements for recent hardware.
  • The configuration of IP over Infiniband (IPoIB) adapters is now supported by the system installer, making installation of Infiniband adapters easier.

Security Management
  • OpenSCAP (Open Security Content Automation Protocol) support is now compliant with the SCAP 1.1 (Security Content Automation Protocol) specification, the most recent standard framework defined by National Institute of Standards and Technology (NIST) for creating a standardized approach for maintaining secure systems.
  • Red Hat Enterprise Linux 5 has been tested to the United States Government Configuration Board (USGCB) baseline and now meets the USGCB recommendations for government agencies following USGCB guidance for secure configuration policies.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search