Metasploit 3.7 Takes Aim at Apple iOS

The open source Metasploit vulnerability testing framework got a major overhaul this week with the release of Metasploit 3.7.
The Metasploit 3.7 release provides an enhanced session tracking backend that is intended to improve performance. Metasploit 3.7 also provides over 35 new exploit modules for security researchers to test, including new ones designed to test Apple's iOS mobile operating system security.
The Apple iOS Backup File Extraction module however is not an attack vector for directly exploiting iOS. Rather it is what is known as a post-exploitation module.
"The post-exploitation modules (post for short) are designed to run on systems that were compromised through another vector, whether its social engineering, a guessed password, or an unpatched vulnerability," HD Moore, Rapid7 chief security officer and Metasploit chief architect told InternetNews.com. "This module requires iTunes to be installed and for a backend to be accessible that has not been encrypted."

Apple's iOS was specifically targeted during this year's pw2own hacking challenge in which security researcher Charlie Miller was able to exploit the system. Apple has since patched the pw2own flaw.
"In large corporate environments, a single domain administrator login can yield access to hundreds of desktop systems, and the Metasploit Pro product makes it easy to scavenge these iTunes backup files from the entire network at once," Moore said.
Metasploit is a popular vulnerability testing frame and is available in Express, Pro and Open Source editions. The Metasploit 3.7 release follows the Metasploit 3.6 release, which came out in March and had a focus on compliance related issues.
With Metasploit 3.7, in addition to new exploit module, there is a focus on improving performance. The improvements to the session tracking system and the associated database in Metasploit 3.7, means that Metasploit is now faster.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Metasploit 3.7 Takes Aim at Apple iOS"https://www.voiceofgreyhat.com/2011/05/metasploit-37-takes-aim-at-apple-ios.html</a>

Metasploit declared $5,000.00, in 5 weeks for exploits Bug Bounty program

If you've got a way to crack Google Chrome, the Metasploit team wants to pay you for it. Today Rapid 7 announced that it has a total of $5000 in cash to reward to contributors who send in exploits for its Top 5 or Top 25 vulnerability lists. The exploits have to be submitted, and accepted, as modules under its standard Metasploit Framework license. 

Cash for bugs is a controversial but common way for security firms to encourage hackers to send exploits to the white hats. As far as Bug Bounty programs go, Metasploit's program is meager. But for an open source program that relies on contributions sent in for free, it's an interesting experiment. The program will end quickly, lasting only five weeks (July 20). One fun thing that the team is doing is letting people stake a claim to their exploit of choice from their Top 5 (prize is $500) or Top 25 (prize is $100) lists. After claiming an exploit, hackers get a week to submit their Metasploit module for their chosen bug. The prize money will "only be paid out to the first module contributor for a given vulnerability," the Metasploit team says.

And guess what? Denial of Service exploits won't qualify. Metasploit wants your bug to be able to do more than that. It should also bypass ASLR/DEP when applicable and be geared toward English-based targets. Metasploit wants hackers to follow its hacking guidelines and they cannot be residents of a US embargoed country.

All accepted submissions will not only win a bit of cash but their submissions will be made available to other Metasploit users, again under the Metasploit Framework license (3-clause BSD).

As I look at the list of 30 possible exploits while writing this blog post, I see that only two have been claimed so far. CVE/ZDI 2011-1218, Lotus Notes - Autonomy Keyview(.zip attachment), and an exploit not listed in the CVE database, known as " DATAC RealWin On_FC_CONNECT_FCS_LOGIN packet containing a long username." So plenty of room for participants remains.

The cash-for-bugs program is interesting, but the list of vulnerabilities for which Metasploit is seeking help is even more so.

The Top 5 are for specific holes in ...

1. Google Chrome (before 11.0.696.71)
2. Lotus Note
3. IBM Tivoli Directory Server
4. DNS
5. GDI

In the Top 25, the entries on the list that caught my eye include holes in JScript, VBScript Scripting Engines, JBOS, Oracle VM and Citrix, among others. (Yes, browsers are in there, too, including Firefox, Chrome and Opera).

Of course, if you do have a killer bug, particularly for some of the browsers like Firefox or Chrome you can perhaps earn more than $100 for it. Mozilla's Bug Bounty program pays up to $3000 cash reward and you get a Mozilla T-shirt. For web applications or services related security bugs, Mozilla pays from $500 to $3,000. In January, Google plunked out what was then a record reward, $3,133, to a hacker for reporting a flaw Chrome. (Google raised its bug bounty fee about a year ago, from $1,337 after Mozilla bumped up its reward rate to $3,000).

TippingPoint, known as one of the founders of the bug bounty concept, not only pays cash (as much as $5,000 for your zero-day), but it also awards bonus points in a scheme more complicated than an airline mileage rewards program. Participants earn points for referring others into the program, for each zero-day they submit and so on. These points gain you bonuses for your hacks, and other goodies like all-expense-paid trips to hacker conferences like Black Hat.

Who knew hacking could be so rewarding?

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Metasploit declared $5,000.00, in 5 weeks for exploits Bug Bounty program"https://www.voiceofgreyhat.com/2011/06/metasploit-declared-500000-in-5-weeks.html</a>

Metasploit Pro (Community Edition of Metasploit)

US security company Rapid7 has announced the launch of a Community Edition of the popular Metasploit exploit framework. According to Rapid7 Chief Security Officer and Metasploit Creator HD Moore, "The best way to tackle the increasing information security challenge is to share knowledge between practitioners, open source projects and commercial vendors."

The Community Edition is free for personal and professional use, combining the open source version of the framework with several of the features found in Metasploit Pro, to provide "an entry-level response to the evolving threat landscape". It includes "a basic version" of the commercial graphical user interface which is aimed at making it easier for users to get started with vulnerability verification and security assessments.

According to Rapid 7:-

Metasploit Pro helps enterprise defenders prevent data breaches by efficiently prioritizing vulnerabilities, verifying controls and mitigation strategies, and conducting real-world, collaborative, broad-scope penetration tests to improve your security risk intelligence.

Prevent data breaches:-

Metasploit Pro helps you improve your enterprise vulnerability management program and test how well your perimeter holds up against real world attacks:

• Identify critical vulnerabilities that could lead to a data breach so you know what to patch first
• Reduce the effort required for penetration testing, enabling you to test more systems more frequently
• Discover weak trust models caused by shared credentials that are vulnerable to brute forcing and harvesting
• Locate exposed, sensitive information with automated post-exploitation file system searches

Prioritize Vulnerabilities:-

Metasploit Pro makes your security and operations team more efficient because it helps you prioritize the vulnerabilities reported by your vulnerability scanner:

• Import vulnerability management reports from more than a dozen third-party applications and verify their findings to eliminate false positives
• Integrate with your in-house Nexpose infrastructure to kick off new scans and access real-time vulnerability findings (requires Nexpose)
• Focus on remediating critical vulnerabilities to reduce exposure and reduce mitigation costs
• Prove exploitability to application owners to expedite remediation

Verify controls and mitigation efforts:-

Metasploit Pro helps you verify that your remediation effort, such as a patch, new firewall rule or IPS configuration, actually stops the vulnerability from being exploited.

• Re-run exploits after mitigation to verify its effectiveness in preventing a data breach
• Enable the IT operations team or your client to verify whether controls and mitigations were successful by handing them a replay script that re-traces the steps you took to exploit the vulnerability
• Draw on the Nexpose vulnerability database to read up on ways to remediate vulnerabilities (requires Nexpose)

For more information about Metasploit Pro Click Here

To Download Metasploit Click Here

-News Source (Rapid 7)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Metasploit Pro (Community Edition of Metasploit)"https://www.voiceofgreyhat.com/2011/10/metasploit-pro-community-edition-of.html</a>

Armitage (Graphical Cyber Attack Management Tool for Metasploit) 09.26.11 Released

Armitage 09.26.11 released.

Description:-
Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you.

Official change log for Armitage 09.26.11:-

• Improved performance when launching exploits and other modules that open a new tab.

• Launching an exploit will only open a tab when fewer than four hosts are highlighted. If four or more are highlighted, then Armitage will use the old behavior of silently launching each exploit. [You're supposed to be able to attack hundreds of hosts at once--hence my desire to add this caveat]

• When launching an exploit in the background, Armitage will show a dialog indicating that the exploit was launched against X hosts.

• You may now drag and drop Armitage tabs to rearrange their order.

• Armitage “show all commands” option (for better exploit feedback) is now on by default.

• You may now right-click a screenshot/webcam shot to zoom in or out on the image. The zoom-level stays fixed (in case you refresh the image later)

• Added a menu to the X button in the tabs. Through this menu you may open the current tab in its own window or close all like tabs.

• Updated Hosts -> Import Hosts to reflect the current importable file types.

• Added View -> Reporting -> Export Data to dump most Metasploit tables into TSV and XML files suitable for parsing (by you!) into a report format of some sort.

• Armitage now encodes (-e x86/shikata_ga_nai -i 3) any Windows meterpreter payload generated from the module launcher dialog.

• [host] -> Meterpreter -> Access -> Duplicate now uses multi_meter_inject to launch Meterpreter into memory directly (rather than upload and execute a file)

• In teaming mode, Armitage will now automatically upload a file selected through the + option (e.g., USER_FILE +) to the Metasploit server and set the value in Metasploit accordingly.

• Modified error output for a failed Metasploit method to only display the method name and error message. Displaying a large input would cause Armitage UI to start flashing in some weird disco mode until a hard reset. Yeaah!

To Download Armitage 09.26.11 Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Armitage (Graphical Cyber Attack Management Tool for Metasploit) 09.26.11 Released"https://www.voiceofgreyhat.com/2011/10/armitage-graphical-cyber-attack.html</a>

Armitage (Cyber Attack Management Tool For Metasploit) Ver 01.19.12 Released

Armitage Ver 01.19.12 Released!!!

Earlier  couple of time we have discussed about Armitage. It is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you are new in Metasploit adn want to learn its advanced features then Armitage can only help you. Now, the author has released an updated version – Armitage version 01.19.12!

Official Change Log For Armitage 01.19.12:- 

• Data export now includes a sessions file. This lists all of the Metasploit sessions you had in your database. There’s some neat data here including which exploit was used, which payload, start time, and close time. You can calculate how much time you spent on your client’s boxes. Cool stuff.

• Fixed a potential dead-lock caused by mouse enter/exit events firing code that required a lock. Nice landmine to defuse.

• Fixed a weird condition with d-server detection. Sometimes (rarely) Armitage wouldn’t detect the d-server even when it’s present.

• Added check to d-server allowing one lock per/client. Client won’t reobtain a lock until it lets it go. This prevents you from opening two shell tabs for a shell session in team mode.

• Fixed an infinite loop condition when some Windows shell commands would return output with no newlines (e.g., net stop [some service]). Thanks Jesse for pointing me to this one.

• Data export now includes a timeline file. This file documents all of the major engagement events seen by Armitage. Included with each of these events is the source ip of the attack system and the user who carried out the action (when teaming is setup).

• Data export now exports timestamps with current timezone (not GMT)

• Fixed a nasty bug that’s been with Armitage since the beginning! I wasn’t freeing edges properly in the graph view. If you had pivots setup in graph view and used Armitage long enough–eventually Armitage would slow down until the program became unusable. At least it’s fixed now.

• Adjusted the d-server state identity hash combination algorithm to better avoid collissions.

• Armitage now displays ‘shell session’ below a host if the host info is just the Windows shell banner. 

The latest Armitage is installed with Metasploit 4.1.0+. If you want to use Armitage as a remote Metasploit client Then Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Armitage (Cyber Attack Management Tool For Metasploit) Ver 01.19.12 Released"https://www.voiceofgreyhat.com/2012/01/armitage-ver-011912-released-cyber.html</a>

Metasploit Framework 3.7.0 Released!

The Metasploit team has spent the last two months focused on one of the least-visible, but most important pieces of the Metasploit Framework; the session backend. Metasploit 3.7 represents a complete overhaul of how sessions are tracked within the framework and associated with the backend database. This release also significantly improves the staging process for the reverse_tcp stager and Meterpreter session initialization. Shell sessions now hold their output in a ring buffer, which allows us to easily view session history -- even if you don't have a database.

This overhaul increases performance in the presence of many sessions and allows for a larger number of concurrent incoming sessions in a more reliable manner. The Metasploit Console can now comfortably handle hundreds of sessions, an especially important consideration when running large-scale social engineering engagements. Several areas of database performance have seen significant improvements as well and importing large scan results is now up to four times faster.

Although much effort has gone into increasing performance with large numbers of hosts and sessions, sometimes small changes can mean a world of difference in usability. An example of such a change is msfpayload's new -h and -l options. Instead of always loading the entire framework when all you need is the list of output formats, msfpayload can now show you usage in less than a second.

This release also includes a long-awaited update to our SMB stack to enable signing. Thanks to some great work by Alexandre Maloteaux, you can now perform pass-the-hash and stolen password attacks against Windows 2008. Alexandre also added NTLM authentication support to the Microsoft SQL Server driver within Metasploit.

In addition to the core library improvements, this release comes with 35 new remote exploits thanks in large part to our two newest full time developers, bannedit and sinn3r. 

Download Metasploit

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Metasploit Framework 3.7.0 Released!"https://www.voiceofgreyhat.com/2011/05/metasploit-framework-370-released.html</a>

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Earlier we haev discussed many times about one of the most famous and widely used exploitation framework named Metasploit. Yet again the Rapid 7 released another updated version of Metasploit. This update brings Metasploit to version 4.2.0, adding IPv6 support and virtualization target coverage. You'll also notice a new Product News section and update notification for our weekly updates. Since the last major release (4.1.0), added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads. 

Brief About Metasploit:- 

The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.

Module Changes:-

•     Novell eDirectory eMBox Unauthenticated File Access

•     JBoss Seam 2 Remote Command Execution

•     NAT-PMP Port Mapper

•     TFTP File Transfer Utility

•     VMWare Power Off Virtual Machine

•     VMWare Power On Virtual Machine

•     VMWare Tag Virtual Machine

•     VMWare Terminate ESX Login Sessions

•     John the Ripper AIX Password Cracker

•     7-Technologies IGSS 9 IGSSdataServer.exe DoS

•     Microsoft IIS FTP Server <= 7.0 LIST Stack Exhaustion

•     DNS and DNSSEC fuzzer

•     CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure

•     CorpWatch Company ID Information Search

•     CorpWatch Company Name Information Search

•     General Electric D20 Password Recovery

•     NAT-PMP External Address Scanner

•     Shodan Search

•     H.323 Version Scanner

•     Drupal Views Module Users Enumeration

•     Ektron CMS400.NET Default Password Scanner

•     Generic HTTP Directory Traversal Utility

•     Microsoft IIS HTTP Internal IP Disclosure

•     Outlook Web App (OWA) Brute Force Utility

•     Squiz Matrix User Enumeration Scanner

•     Sybase Easerver 6.3 Directory Traversal

•     Yaws Web Server Directory Traversal

•     OKI Printer Default Login Credential Scanner

•     MSSQL Schema Dump

•     MYSQL Schema Dump

•     NAT-PMP External Port Scanner

•     pcAnywhere TCP Service Discovery

•     pcAnywhere UDP Service Discovery

•     Postgres Schema Dump

•     SSH Public Key Acceptance Scanner

•     Telnet Service Encyption Key ID Overflow Detection

•     IpSwitch WhatsUp Gold TFTP Directory Traversal

•     VMWare ESX/ESXi Fingerprint Scanner

•     VMWare Authentication Daemon Login Scanner

•     VMWare Authentication Daemon Version Scanner

•     VMWare Enumerate Permissions

•     VMWare Enumerate Active Sessions

•     VMWare Enumerate User Accounts

•     VMWare Enumerate Virtual Machines

•     VMWare Enumerate Host Details

•     VMWare Web Login Scanner

•     VMWare Screenshot Stealer

•     Capture: HTTP JavaScript Keylogger

•     Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION

•     Asterisk Manager Login Utility

•     FreeBSD Telnet Service Encryption Key ID Buffer Overflow

•     Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow

•     Java Applet Rhino Script Engine Remote Code Execution

•     Family Connections less.php Remote Command Execution

•     Gitorious Arbitrary Command Execution

•     Horde 3.3.12 Backdoor Arbitrary PHP Code Execution

•     OP5 license.php Remote Command Execution

•     OP5 welcome Remote Command Execution

•     Plone and Zope XMLTools Remote Command Execution

•     PmWiki <= 2.2.34 pagelist.php Remote PHP Code Injection Exploit

•     Support Incident Tracker <= 3.65 Remote Command Execution

•     Splunk Search Remote Code Execution

•     Traq admincp/common.php Remote Code Execution

•     vBSEO <= 3.6.0 proc_deutf() Remote PHP Code Injection

•     Mozilla Firefox 3.6.16 mChannel Use-After-Free

•     CTEK SkyRouter 4200 and 4300 Command Execution

•     Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow

•     Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute

•     HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution

•     Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control

•     Java MixerSequencer Object GM_Song Structure Handling Vulnerability

•     MS05-054 Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution

•     MS12-004 midiOutPlayNextPolyEvent Heap Overflow

•     Viscom Software Movie Player Pro SDK ActiveX 6.8

•     Adobe Reader U3D Memory Corruption Vulnerability

•     Aviosoft Digital TV Player Professional 1.0 Stack Buffer Overflow

•     BS.Player 2.57 Buffer Overflow

•     CCMPlayer 1.5 m3u Playlist Stack Based Buffer Overflow

•     Free MP3 CD Ripper 1.1 WAV File Stack Buffer Overflow

•     McAfee SaaS MyCioScan ShowReport Remote Command Execution

•     Mini-Stream RM-MP3 Converter v3.1.2.1 PLS File Stack Buffer Overflow

•     MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow

•     Ability Server 2.34 STOR Command Stack Buffer Overflow

•     AbsoluteFTP 1.9.6 - 2.2.10 LIST Command Remote Buffer Overflow

•     Serv-U FTP Server < 4.2 Buffer Overflow

•     HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow

•     XAMPP WebDAV PHP Upload

•     Avid Media Composer 5.5 - Avid Phonetic Indexer Buffer Overflow

•     Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow

•     HP Diagnostics Server magentservice.exe Overflow

•     StreamDown 6.8.0 Buffer Overflow

•     Wireshark console.lua Pre-Loading Script Execution

•     Oracle Job Scheduler Named Pipe Command Execution

•     SCADA 3S CoDeSys CmpWebServer <= v3.4 SP4 Patch 2 Stack Buffer Overflow

•     Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57

•     OpenTFTP SP 1.4 Error Packet Overflow

•     AIX Gather Dump Password Hashes

•     Linux Gather Saved mount.cifs/mount.smbfs Credentials

•     Multi Gather VirtualBox VM Enumeration

•     UNIX Gather .fetchmailrc Credentials

•     Multi Gather VMWare VM Identification

•     UNIX Gather .netrc Credentials

•     Multi Gather Mozilla Thunderbird Signon Credential Collection

•     Multiple Linux / Unix Post Sudo Upgrade Shell

•     Windows Escalate SMB Icon LNK dropper

•     Windows Escalate Get System via Administrator

•     Windows Gather RazorSQL Credentials

•     Windows Gather File and Registry Artifacts Enumeration

•     Windows Gather Enumerate Computers

•     Post Windows Gather Forensics Duqu Registry Check

•     Windows Gather Privileges Enumeration

•     Windows Manage Download and/or Execute

•     Windows Manage Create Shadow Copy

•     Windows Manage List Shadow Copies

•     Windows Manage Mount Shadow Copy

•     Windows Manage Set Shadow Copy Storage Space

•     Windows Manage Get Shadow Copy Storage Info

•     Windows Recon Computer Browser Discovery

•     Windows Recon Resolve Hostname

•     Windows Gather Wireless BSS Info

•     Windows Gather Wireless Current Connection Info

•     Windows Disconnect Wireless Connection

•     Windows Gather Wireless Profile

For additional information click Here. To Download Metasploit version 4.2.0 for windows & Linux click Here.

 -Source (rapid7)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage"https://www.voiceofgreyhat.com/2012/02/metasploit-420-released-with-ipv6.html</a>

Famous Framework Metasploit v4.0.0

The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.

New Exploit Modules:

VSFTPD v2.3.4 Backdoor Command Execution
Java RMI Server Insecure Default Configuration Java Code Execution
HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow
HP OpenView Network Node Manager Toolbar.exe CGI Cookie Handling Buffer Overflow
Mozilla Firefox nsTreeRange Dangling Pointer Vulnerability
Black Ice Cover Page ActiveX Control Arbitrary File Download
Microsoft Office Visio VISIODWG.DLL DXF File Handling Vulnerability
MicroP 0.1.1.1600 (MPPL File) Stack Buffer Overflow
Lotus Notes 8.0.x – 8.5.2 FP2 – Autonomy Keyview
RealWin SCADA Server DATAC Login Buffer Overflow
Siemens FactoryLink vrn.exe Opcode 9 Buffer Overflow
Iconics GENESIS32 Integer overflow version 9.21.201.01
Siemens FactoryLink 8 CSService Logging Path Param Buffer Overflow
Sielco Sistemi Winlog Buffer Overflow
Blue Coat Authentication and Authorization Agent (BCAAA) 5 Buffer Overflow
HP OmniInet.exe Opcode 20 Buffer Overflow
HP OmniInet.exe Opcode 27 Buffer Overflow
Citrix Provisioning Services 5.6 streamprocess.exe Buffer Overflow
Lotus Notes 8.0.x – 8.5.2 FP2 – Autonomy Keyview

New Post-Exploitation Modules:

Winlogon Lockout Credential Keylogger
Windows Gather Microsoft Outlook Saved Password Extraction
Windows Gather Process Memory Grep
Windows Gather Trillian Password Extractor
Windows PCI Hardware Enumeration
Windows Gather FlashFXP Saved Password Extraction
Windows Gather Local and Domain Controller Account Password Hashes
Windows Gather Nimbuzz Instant Messenger Password Extractor
Windows Gather CoreFTP Saved Password Extraction
Internet Download Manager (IDM) Password Extractor
Windows Gather SmartFTP Saved Password Extraction
Windows Gather Bitcoin wallet.dat
Windows Gather Service Info Enumeration
Windows Gather IPSwitch iMail User Data Enumeration

New Auxiliary Modules:

John the Ripper Password Cracker Fast Mode
Microsoft Windows DNSAPI.dll LLMNR Buffer Underrun DoS
Kaillera 0.86 Server Denial of Service
2Wire Cross-Site Request Forgery Password Reset Vulnerability
SIPDroid Extension Grabber
MSSQL Password Hashdump

Notable Features & Closed Bugs:-

Feature #4982 – Support for custom executable with psexec
Feature #4856 – RegLoadKey and RegUnLoadKey functions for the Meterpreter stdapi
Feature #4578 – Update Nmap XML parsers to support Nokogiri parsing
Feature #4417 – Post exploitation module to harvest OpenSSH credentials
Feature #4015 – Increase test coverage for railgun
Bug #4963 – Rework db_* commands for consistency
Bug #4892 – non-windows meterpreters upload into the wrong filename
Bug #4296 – Meterpreter stdapi registry functions create key if one doesn’t exist
Bug #3565 – framework installer fails on RHEL (postgres taking too long to start)

Armitage integrates with Metasploit 4.0 to:-

Take advantage of the new Meterpreter payload stagers
Crack credentials with the click of a button
Run post modules against multiple hosts
Automatically log all post-exploitation activity
Revision Information:
Framework Revision 13462

Several import parsers were rewritten to use Nokogiri for much faster processing of large import files. Adding to Metasploit’s extensive payload support, Windows and Java Meterpreter now both support staging over HTTP and Windows can use HTTPS. In a similar vein, POSIX Meterpreter is seeing some new development again. It still isn’t perfect nor is it nearly as complete as the Windows version, but many features already work. Java applet signing is now done directly in Ruby, removing the need for a JDK for generating self-signed certificates. The Linux installers now ship with ruby headers, making it possible to install native gems in the Metasploit ruby environment.

Another flexibility improvement comes in the form of a consolidated pcap interface. The pcaprub extension ships with the Linux installers as of this release and support for Windows will come soon. Modules that used Racket for generating raw packets have been converted to Packetfu, which provides a smoother API for modules to capture and inject packets.

To download Metasploit Framework v4.0.0 Click Here

For more information abous MSF click here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Famous Framework Metasploit v4.0.0"https://www.voiceofgreyhat.com/2011/08/famous-framework-metasploit-v400.html</a>

Armitage 04.24.11!!

rmitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you.“

This is the change log:

• Added a check to prevent jerk faces from entering an empty nick in collaborative mode. 
• Fixed a potential dead-lock condition with the screenshot/webcam shot tab.
• Armitage -> Listeners -> Reverse now binds to 0.0.0.0.
• Host import now posts an event to the collab mode shared event log
• Added an option to display an MOTD message to clients that connect to Armitage in the collaboration mode. Use -m or –motd before –server and specify a file, e.g.:

armitage -m /path/to/motd.txt --server ...

Clients will see this message when they connect.
• Added Meterpreter -> Access -> Pass Session to send a meterpreter session to a handler set up on another host.
• Armitage now sets ExitOnSession to false for multi/handlers started within Armitage.
• Pivoting and ARP Scan dialogs now highlight first option by default.
• Added a sanity check to the Route class to prevent malformed IPs from screwing up sorting.
• Removed sqlite3 from the database options. I should have done this long ago–it has no place in Armitage.
• Armitage now intercepts meterpreter “shell” command and opens a new tab with the cmd.exeinteraction in it.

Download Armitage 04.24.11 (armitage042411.zip/armitage042411.tgz) here.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Armitage 04.24.11!!"https://www.voiceofgreyhat.com/2011/04/armitage-042411.html</a>

Social-Engineer Toolkit (SET) Version 4.0 Codenamed “Balls of Steel” Released

Social-Engineer Toolkit (SET) Version 4.0 Codenamed “Balls of Steel” Released

Social Engineer Toolkit also known as SET gets another update. Now we have Social Engineer Toolkit version 4.0 codename “Balls of Steel” is officially available for public consumption. In his official blog; Trusted Sec, the developper of SET has claimed that this version of SET is the most advanced toolkit till today. This version is the collection of several months of development and over 50 new features and a number of enhancements, improvements, rewrites, and bug fixes. 

Lets talk about some highlights and the new major features of SET 4.0- the Java Applet attack has been completely rewritten and obfuscated with added evasion techniques. All of the payloads have been heavily encrypted with a number of heavy anti-debugging tools put in place. PyInjector is now available on the Java Applet attack natively and deploys shellcode automatically through a byte compiled executable. The powershell attack vectors now support customized payload selection through the config/set_config. A new attack vector has been added called the Dell DRAC Attack Vector (default credential finder). A new teensy payload has been added from the Offensive-Security crew – the auto-correcting attack vector with DIP switch and SDcard “Peensy”. The web cloner has been completely rewritten in native python removing the dependency for wget. The new IE zero day has been included in the Metasploit Web Attack Vector. The Java Repeater and Java Redirection has been rewritten to be more reliable. Obfuscation added to randomized droppers including OSX and Linux payloads.

Full Changelog of The Social-Engineer Toolkit (SET) 4.0:- 

•  Added a new attack vector to SET called the Dell Drac attack vector under the Fast-Track menu.
•  Optimized the new attack vector into SET with standard core libraries
•  Added the source code for pyinjector to the set payloads
•  Added an optimized and obfuscated binary for pyinjector to the set payloads
•  Restructured menu systems to support new pyinjector payload for Java Applet Attack
•  Added new option to SET Java Applet – PyInjector – injects shellcode straight into memory through a byte compiled python executable. Does not require python to be installed on victim
•  Added base64 encoded to the parameters passed in shellcodexec and pyInjector
•  Added base64 decode routine in Java Applet using sun.misc.BASE64Decoder – native base64 decoding in Java is the suck
•  Java Applet redirect has been fixed – was a bug in how dynamic config files were changed
•  Fixed the UNC embed to work when the flag is set properly in the config file
•  Fixed the Java Repeater which would not work even if toggled on within the config file
•  Fixed an operand error when selecting high payloads, it would cause a non harmful error and an additional delay when selecting certain payloads in Java Applet
•  Added anti-debugging protection to pyinjector
•  Added anti-debugging protection to SET interactive shell
•  Added anti-debugging protection to Shellcodeexec
•  Added virtual entry points and virtualized PE files to pyinjector
•  Added virtual entry points and virtualized PE files to SET interactive shell
•  Added virtual entry points and virtualized PE files to Shellcodeexec
•  Added better obfsucation per generation on SET interactive shell and pyinjector
•  Redesigned Java Applet which adds heavily obfsucated methods for deploying
•  Removed Java Applet source code from being public – since redesign of applet, there are techniques used to obfuscate each time that are dynamic, better shelf life for applet
•  Added a new config option to allow you to select the payloads for the powershell injection attack. By specifying the config options allows you to customize what payload gets delivered via the powershell shellcode injection attack
•  Added double base64 encoding to make it more fun and better obfuscation per generation
•  Added update_config() each time SET is loaded, will ensure that all of the updates are always present and in place when launching the toolkit
•  Rewrote large portions of the Java Applet to be dynamic in nature and place a number of non descriptive things into place
•  Added better stability to the Java Applet attack, note that the delay between execution is a couple seconds based on the obfuscation techniques in place
•  Completely obfsucated the MAC and Linux binaries and generate a random name each time for deployment
•  Fixed a bug that would cause custom imported executables to not always import correctly
•  Fixed a bug that would cause a number above 16 to throw an invalid options error
•  Added better cleanup routines for when SET starts to remove old cached information and files
•  Fixed a bug that caused issues when deploy binaries was turned to off, would cause iterative loop for powershell and crash IE
•  Centralized more routines into set.options – this will be where all configuration options reside eventually
•  Added better stability when the Java Applet Repeater is loaded, the page will load properly then execute the applet.
•  The site cloner has been completely redesigned to use urllib2 instead of wget, long time coming
•  The cloner file has been cleaned up from a code perspective and efficiency
•  Added better request handling with the new urllib2 modules for the website cloning
•  Added user agent string configuration within the SET config and the new urllib2 fetching method
•  Added a pause when generating Teensy payloads
•  Added the Offensive-Security “Peensy” multi-attack vector for the Teensy attacks
•  Added the Microsoft Internet Explorer execCommand Use-After-Free Vulnerability from Metasploit into the Metasploit Browser Exploits Attack vectors
•  Fixed a bug in cleanup_routine that would cause the metasploit browser exploits to not function properly
•  Fixed a bug that caused the X10 sniffer and jammer to throw an exceptions if the folder already existed

To Download The Social-Engineer Toolkit (SET) 4.0 Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Social-Engineer Toolkit (SET) Version 4.0 Codenamed “Balls of Steel” Released"https://www.voiceofgreyhat.com/2012/09/Social-Engineer-Toolkit-4.0-Released.html</a>

Security Onion, A Linux Distrubution for Intrusion Detection

Security Onion:-
The Security Onion LiveCD is a bootable CD that contains software used for installing, configuring, and testing Intrusion Detection Systems.

What software does it contain?
The Security Onion LiveCD is based on Xubuntu 9.04 and contains Snort 2.8.4.1, Snort 3.0.0b3 (Beta), sguil, idswakeup, nmap, metasploit, scapy, hping, fragroute, fragrouter, netcat, paketto, tcpreplay, and many other security tools.

What can it be used for?

• The Security Onion LiveCD can be used for Intrusion Detection. Simply boot the CD and double-click either the Snort-Sguil or SnortSP-Sguil desktop shortcuts. The Snort and Sguil daemons will then start, listening on eth0 for any suspicious traffic and creating alerts in the Sguil console.
• The Security Onion LiveCD can be used to test an Intrusion Detection System. Simply boot the CD and use the included tools (such as nmap, metasploit, idswakeup, scapy, hping, and others) to test your existing IDS or to test the included Snort 2.8.4.1 and Snort 3.0 Beta 3.
• The Security Onion LiveCD can be used to install an Intrusion Detection System. Simply boot the CD and double-click the Install desktop shortcut. For more information about installation, please see the README desktop shortcut.

Click here to Download Security Onion Live iso.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Security Onion, A Linux Distrubution for Intrusion Detection"https://www.voiceofgreyhat.com/2011/06/security-onion-linux-distrubution-for.html</a>

smart_hashdump: A Metasploit Post Exploitation Module!!!

Smart_hashdump builds on Mubix aka Mr. Rob Fuller’s idea of migrating into a pre-existing 64bit SYSTEM process and then running the “hashdump” Metasploit command. This module (also packaged as a script) adds the ability to escalate privileges using the getsystem API call. It works as follows: 

• It first checks the Privilege Level and OS.
• It will check if the target is a Domain Controller.
• Based on this information it will prefer the reading of the registry to get the hashes if possible, if not possible it will inject in to the lsass process if possible. For Domain Controllers it will use theinjection to lsass.
• If the target is a Windows 2008 server and the process is running with admin privileges it willattempt to get system privilege using getsystem, if it gets SYSTEM privilege do to the way the token privileges are set it can still not inject in to the lsass process so the code will migrate to a process already running as SYSTEM and then inject in to the lsass process.
• If the code detects that it is running on a Windows 7/Vista box with UAC disabled and it is running as local admin it will run getsystem and it will use the read registry method.
• On Windows 2003/2000/XP it will use getsystem and if successful it will use the read registry method.

It also includes a functionality to save the found hashes to a file or a database as available. It thus saves the SID of the account so as to identify the accounts and be able to use those if needed.

Download smart_hasdump.rb smart_hashdump script  and smart_hashdump module!

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">smart_hashdump: A Metasploit Post Exploitation Module!!!"https://www.voiceofgreyhat.com/2011/05/smarthashdump-metasploit-post.html</a>

Live Hacking Team Release Updated Linux Distro for Penetration Testing

The Live Hacking project, led by Dr. Ali Jahangiri, is pleased to announce an updated version of its security orientated Linux distribution the “Live Hacking DVD”. Designed for penetration testing and ethical hacking, the new release has updated over 140 packages including Metasploit and Firefox.

The Live Hacking Linux distribution is a ‘Live DVD’ meaning that it boots and runs directly from the DVD without needing to be installed on your hard disk. Once it starts you can use the included utilities to perform penetration tests and ethically hack on your own network to ensure that it is secure from outside intruders.

New in this release is Metasploit Framework 3.6 which can be used to test your network using the framework’s internal database of known weaknesses and exploits. New to V3.6 are post-exploitation modules that can be run on exploited systems to perform actions such as gathering additional information, pivoting to other networks and elevating system privileges. V3.6 also adds 15 new exploits making a total of 648 exploit modules, 342 auxiliary modules and 23 post modules.

“The Live Hacking Linux distribution has been a great success. It is downloaded on average 50 times per day and we have had over 4,500 downloads in the first three months of this year alone.” said Dr. Ali Jahangiri the project leader. “We are keen to keep the distro up to date and we are planning to add more features and tools in the future.”

The Live Hacking DVD is part of the Live Hacking family which includes the LiveHacking.com security and penetration testing website. LiveHacking.com is an essential resource for security professionals and those wishing to educate themselves about security. The web site has security related news, features and articles plus educational videos about using some of the security tools found on the Live Hacking DVD.

LiveHacking.com also has information about Dr. Jahangiri’s book “Live Hacking: The Ultimate Guide to Hacking Techniques & Countermeasures for Ethical Hackers & IT Security Experts”, as well as details of the Live Hacking Workshops which Dr Jahangiri runs internationally, to introduce IT professionals to the world of ethical hacking.

 

 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Live Hacking Team Release Updated Linux Distro for Penetration Testing"https://www.voiceofgreyhat.com/2011/04/live-hacking-team-release-updated-linux.html</a>

Zero-Day Vulnerability in Opera Browser Found By Vázquez

José A. Vázquez, Security expert has released the details of a critical security hole in the Opera browser which can be exploited to inject malicious code. He says that he found the hole and notified the developers with a proof of concept a year ago. However, the expert said that Opera decided not to close the hole.
Vázquez thinks that the Opera developers might have tested his version 10.6 exploit with the current version 11.x, which may have caused the exploit to malfunction. Instead of contacting Opera again, Vázquez has adapted the exploit for the current version 11.51 of Opera and has released it as a Metasploit module. This means that, in principle, anyone can now exploit the vulnerability.

• To download the Metasploit Module Click Here

The hole is caused by a memory flaw when processing SVG content within framesets. Simply visiting a compromised web page is enough for a system to become infected with malicious code. Vazquez said that the exploit is successful in 3 out of 10 cases. With the pre-alpha version of Opera 12, the exploit managed to inject malicious code in 6 out of 10 cases.

Vázquez released a the 0day Exploit of Opera Browser 10,11 & 12. You can download that by clicking the following link.

• 0day Exploit Opera (Pastebin)

• 0day Exploit Opera (Exploit-db)

By releasing the exploit, the security expert is forcing the browser developers into action. Later Opera respond and released a security update.

-News Source (spa-s3c)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Zero-Day Vulnerability in Opera Browser Found By Vázquez"https://www.voiceofgreyhat.com/2011/10/zero-day-vulnerability-in-opera-browser.html</a>

"Busting Windows With Backtrack 5 R1 & Metasploit Framework 4.0" An Exclusive Article by Rahul Tyagi

"Busting Windows With Backtrack 5 R1 & Metasploit Framework 4.0" An Exclusive Article written by famous ethical hacker Rahul Tyagi.

The Article Contents:- 

• Backtrack 5 R1 Overview

• Brief of MSF 4.0

• Vulnerabilities, Exploits & Payloads

• MSF 4.0 Console Mode

• Exploiting Windows With Armitage 

• Starting the Party With Armitage

• Hard Facts That They Don't Reveal 

To download the article Click Here

-News Source (Rahul Tyagi)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">"Busting Windows With Backtrack 5 R1 & Metasploit Framework 4.0" An Exclusive Article by Rahul Tyagi"https://www.voiceofgreyhat.com/2011/10/busting-windows-with-backtrack-5-r1.html</a>

Social-Engineer Toolkit (SET) 3.0 Codenamed #WeThrowBaseballs Released

Social-Engineer Toolkit (SET) 3.0 Codenamed #WeThrowBaseballs Released

Earlier we have discussed many times about Social Engineer Toolkit also known as SET. Yet again the developer officially released the updated version of Social Engineer Toolkit Version 3 codename “#WeThrowBaseballs”. According to the developer- This release has been one of the most challenging ones thus far with the largest changelog, code rehaul, and features. Earlier all the version ware made for Unix & Linux platform in this release they have also made SET available for Windows Platform. 

Features:- 
1. Support for Windows – Tested on XP, Windows 7, and Windows Vista. Note that the Metasploit-based payloads to not work yet – when SET detects Windows they will not be shown only RATTE and SET Shell
2. New attack vector added – QRCode Attack – Generates QRCodes that you can direct to SET and perform attacks like the credential harvester and Java Applet attacks
3. Improved A/V avoidance on the SETShell and better performance. I’ve also fixed the non-encrypted communications when AES was not installed
4. Added a number of improvements and enhancements to all aspects of SET including major rehauls of the coding population and moved from things like subprocess.Popen(“mv etc.”) to shutil.copyfile(“etc”)
5. Rehauled SET Interactive Shell and RATTE to support Windows
6. New Metasploit exploits added to SET

Official change log and rest of other details can be found on the blog post of the developer. To Download Social Engineer Toolkit 3.0 Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Social-Engineer Toolkit (SET) 3.0 Codenamed #WeThrowBaseballs Released"https://www.voiceofgreyhat.com/2012/02/social-engineer-toolkit-set-30.html</a>