Social-Engineer Toolkit (SET) Version 4.0 Codenamed “Balls of Steel” Released

Social-Engineer Toolkit (SET) Version 4.0 Codenamed “Balls of Steel” Released

Social Engineer Toolkit also known as SET gets another update. Now we have Social Engineer Toolkit version 4.0 codename “Balls of Steel” is officially available for public consumption. In his official blog; Trusted Sec, the developper of SET has claimed that this version of SET is the most advanced toolkit till today. This version is the collection of several months of development and over 50 new features and a number of enhancements, improvements, rewrites, and bug fixes. 

Lets talk about some highlights and the new major features of SET 4.0- the Java Applet attack has been completely rewritten and obfuscated with added evasion techniques. All of the payloads have been heavily encrypted with a number of heavy anti-debugging tools put in place. PyInjector is now available on the Java Applet attack natively and deploys shellcode automatically through a byte compiled executable. The powershell attack vectors now support customized payload selection through the config/set_config. A new attack vector has been added called the Dell DRAC Attack Vector (default credential finder). A new teensy payload has been added from the Offensive-Security crew – the auto-correcting attack vector with DIP switch and SDcard “Peensy”. The web cloner has been completely rewritten in native python removing the dependency for wget. The new IE zero day has been included in the Metasploit Web Attack Vector. The Java Repeater and Java Redirection has been rewritten to be more reliable. Obfuscation added to randomized droppers including OSX and Linux payloads.

Full Changelog of The Social-Engineer Toolkit (SET) 4.0:- 

•  Added a new attack vector to SET called the Dell Drac attack vector under the Fast-Track menu.
•  Optimized the new attack vector into SET with standard core libraries
•  Added the source code for pyinjector to the set payloads
•  Added an optimized and obfuscated binary for pyinjector to the set payloads
•  Restructured menu systems to support new pyinjector payload for Java Applet Attack
•  Added new option to SET Java Applet – PyInjector – injects shellcode straight into memory through a byte compiled python executable. Does not require python to be installed on victim
•  Added base64 encoded to the parameters passed in shellcodexec and pyInjector
•  Added base64 decode routine in Java Applet using sun.misc.BASE64Decoder – native base64 decoding in Java is the suck
•  Java Applet redirect has been fixed – was a bug in how dynamic config files were changed
•  Fixed the UNC embed to work when the flag is set properly in the config file
•  Fixed the Java Repeater which would not work even if toggled on within the config file
•  Fixed an operand error when selecting high payloads, it would cause a non harmful error and an additional delay when selecting certain payloads in Java Applet
•  Added anti-debugging protection to pyinjector
•  Added anti-debugging protection to SET interactive shell
•  Added anti-debugging protection to Shellcodeexec
•  Added virtual entry points and virtualized PE files to pyinjector
•  Added virtual entry points and virtualized PE files to SET interactive shell
•  Added virtual entry points and virtualized PE files to Shellcodeexec
•  Added better obfsucation per generation on SET interactive shell and pyinjector
•  Redesigned Java Applet which adds heavily obfsucated methods for deploying
•  Removed Java Applet source code from being public – since redesign of applet, there are techniques used to obfuscate each time that are dynamic, better shelf life for applet
•  Added a new config option to allow you to select the payloads for the powershell injection attack. By specifying the config options allows you to customize what payload gets delivered via the powershell shellcode injection attack
•  Added double base64 encoding to make it more fun and better obfuscation per generation
•  Added update_config() each time SET is loaded, will ensure that all of the updates are always present and in place when launching the toolkit
•  Rewrote large portions of the Java Applet to be dynamic in nature and place a number of non descriptive things into place
•  Added better stability to the Java Applet attack, note that the delay between execution is a couple seconds based on the obfuscation techniques in place
•  Completely obfsucated the MAC and Linux binaries and generate a random name each time for deployment
•  Fixed a bug that would cause custom imported executables to not always import correctly
•  Fixed a bug that would cause a number above 16 to throw an invalid options error
•  Added better cleanup routines for when SET starts to remove old cached information and files
•  Fixed a bug that caused issues when deploy binaries was turned to off, would cause iterative loop for powershell and crash IE
•  Centralized more routines into set.options – this will be where all configuration options reside eventually
•  Added better stability when the Java Applet Repeater is loaded, the page will load properly then execute the applet.
•  The site cloner has been completely redesigned to use urllib2 instead of wget, long time coming
•  The cloner file has been cleaned up from a code perspective and efficiency
•  Added better request handling with the new urllib2 modules for the website cloning
•  Added user agent string configuration within the SET config and the new urllib2 fetching method
•  Added a pause when generating Teensy payloads
•  Added the Offensive-Security “Peensy” multi-attack vector for the Teensy attacks
•  Added the Microsoft Internet Explorer execCommand Use-After-Free Vulnerability from Metasploit into the Metasploit Browser Exploits Attack vectors
•  Fixed a bug in cleanup_routine that would cause the metasploit browser exploits to not function properly
•  Fixed a bug that caused the X10 sniffer and jammer to throw an exceptions if the folder already existed

To Download The Social-Engineer Toolkit (SET) 4.0 Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Social-Engineer Toolkit (SET) Version 4.0 Codenamed “Balls of Steel” Released"https://www.voiceofgreyhat.com/2012/09/Social-Engineer-Toolkit-4.0-Released.html</a>

NSA Calls Defcon The "World's Best Cybersecurity Community" & Asks for Their Help

NSA Calls Defcon The "World's Best Cybersecurity Community" & Asks for Their Help

A week ago DEFCON confirmed the presence of National Security Agency Director General Keith B. Alexander at DEFCON 20 in Las Vegas.  “I’ve spent 20 years trying to get someone from the NSA” to speak at Defcon, said Defcon founder Jeff Moss, who serves on the U.S. Homeland Security Advisory Council and is chief security officer for ICANN. Moss added “On the NSA’s 60th anniversary and our 20th anniversary this has all come together.” Here comes a double boom, Mr. Alexander not only attended the world's largest annual party but also greets Defcon the "world's best cybersecurity community" and asks for their help to secure cyberspace. Hackers can and must be part, together with the government and the private industry, of a collaborative approach to secure cyberspace, he said. Hackers can help educate other people who don't understand cybersecurity as well as they do, the NSA chief said. "You know that we can protect networks and have civil liberties and privacy; and you can help us get there."

Gen. Alexander congratulated the organizers of Defcon Kids, an event dedicated to teaching kids how to be white-hat hackers, and described the initiative as superb. He called 11-year-old Defcon Kids co-founder CyFi to the stage and said that training young people like her in cybersecurity is what the U.S. needs.

He encouraged hackers to get involved in the process. "We can sit on the sidelines and let others who don't understand this space tell us what they're going to do, or we can help by educating and informing them" of the best ways to go forward. "That's the real reason why I came here. To solicit your support," he said. "You have the talent. You have the expertise." The hacker community has built many of the tools that are needed to protect cyberspace and should continue to build even better ones, he said during his keynote at Defcon. He gave the example of Metasploit and other penetration testing tools. 

VOGH Reaction:-

On behalf of VOGH team I personally thanks Mr. Keith B. Alexander for his presence at DEFCON. I do believe that such approach will encourage young hackers, and will surely give them extra enthusiasm, by which in coming future we will get a better and much secured cyber space. 

-Source (PCW)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">NSA Calls Defcon The "World's Best Cybersecurity Community" & Asks for Their Help"https://www.voiceofgreyhat.com/2012/08/NSA-Asks-for-Defcons-help.html</a>

Windows RDP Exploit Can Give You A Reward of $1,500 From Open-source Community

Windows RDP Exploit Can Give You A Reward of $1,500 From Open-source Community 

Yesterday Microsoft released March 2012 Security bulletins to close a total of seven security holes in its products. Among them one Critical-class, four Important and one Moderate – addressing seven issues in Microsoft Windows, Visual Studio, and Expression Design. According to Microsoft (MS12-020) remote code execution vulnerability has been found in RDP (Remote Desktop Protocol).

Tuesday has sparked some greed. Both Black and White Hats are currently trying to develop an exploit that could remotely compromise an unpatched Windows system – as long as the RDP (Remote Desktop Protocol) server is active on the target system and accessible over the web. On the hacker job site gun.io, a reward of about $1,500 has even been offered for a Metasploit module that can be used to exploit the vulnerability. If someone wants to claim the reward, they will have to release the Metasploit module under an open source licence and make it available to the public. Also  GitHub, offering a reward of around $1,500 for functional code that exploits the Windows RDP flaw. The goal, according to founder Rich Jones, is to “advance the culture of independent software development.”

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Windows RDP Exploit Can Give You A Reward of $1,500 From Open-source Community"https://www.voiceofgreyhat.com/2012/03/windows-rdp-exploit-can-give-you-reward.html</a>

BackTrack 5 R2 (Penetration Testing Distribution) Released With Kernel 3.2.6 & 42 New Tools

BackTrack 5 R2 (Penetration Testing Distribution) Released With Kernel 3.2.6 & 42 New Tools

The developer of world's most widely used penetration testing distribution named BackTrack officially announce the full release of BackTrack 5 R2. With this release they have closed several bugs, upgraded & added 42 new tools. BT 5 R2 is running custom-built 3.2.6 kernel with the best wireless support available. The developers have also claimed that this the fastest and best release of BackTrack yet. In BackTrack 5 R2 you will find Metasploit 4.2.0 Community Edition, version 3.0 of the Social Engineer Toolkit, BeEF 0.4.3.2, and many other tool upgrades too numerous to mention. 

Newly Added Tool In BackTrack 5 R2:- 

arduino, bluelog, bt-audit, dirb, dnschef, dpscan, easy-creds, extundelete, findmyhash, golismero, goofile, hashcat-gui, hash-identifier, hexorbase, horst,   hotpatch, joomscan, killerbee, libhijack, magictree, nipper-ng, patator, pipal,   pyrit, reaver,  rebind, rec-studio, redfang, se-toolkit, sqlsus, sslyze, sucrack, thc-ssl-dos, tlssled, uniscan, vega, watobo, wce, wol-e, xspy

Rest f other information can be found on the BT Wiki page. To download BackTrack 5 R2 Click Here. If you are already using BT then you can upgrade your version while following the below steps.  

echo "deb http://updates.repository.backtrack-linux.org revolution main microverse non-free testing" >> /etc/apt/sources.list
apt-get update
apt-get dist-upgrade

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">BackTrack 5 R2 (Penetration Testing Distribution) Released With Kernel 3.2.6 & 42 New Tools"https://www.voiceofgreyhat.com/2012/03/backtrack-5-r2-penetration-testing.html</a>

‎pcAnywhere Exploit- More Than 200,000 Windows PCs Can Be Hijacked

‎pcAnywhere Exploit More Than 200,000 Windows PCs Can Be Hijacked 

According to a researcher hackers have made pcAnywhere hackers exploiting bugs in the Symantec software which can hijack as many as 200,000 systems connected to the Internet. Also Rapid7 developer of Metasploit confirmed that an estimated 150,000-to-200,000 PCs are running an as-yet-unpatched copy of the Symantec software, and are thus vulnerable to be hijacked by remote attacks, which could commandeer the machine's keyboard and mouse, and view what's on the screen.This bug has been found just after Symantec took the unprecedented step of telling pcAnywhere users to disable or uninstall the program because attackers had obtained the remote access software's source code. According to an exclusive report of Computer World- 

Credit Card Data at Risk:-
About 2.5% of those vulnerable Windows PCs, or between 3,450 and 5,000 systems, are running a point-of-sale system - Windows PCs are often paired with cash registers by small businesses - potentially putting credit card data at risk, said HD Moore, chief security officer at Rapid7.
Moore reached those conclusions by scanning the internet for the TCP port the software leaves open for incoming commands, running more targeted scans for evidence of the remote access software, then using the number of programs that identify themselves as older than the patched editions to estimate the extent of the problem.
Some of the computers returned queries with replies consistent with specific point-of-sale software, Moore said. Point-of-sale software often relies on pcAnywhere for remote support, not for transmitting credit card data, but by exploiting pcAnywhere, a cybercriminal could control the machine and easily harvest the information. "These point-of-sale systems are an attractive target for break-in," said Moore.

Exploitable Bugs:-
DoS attacks can sometimes be leveraged to execute remote code. The source code leak also ups the risk to pcAnywhere users, Moore maintained, even though Symantec has patched some flaws. With the source code at their disposal and the software's problems highlighted in the media, researchers on both sides of the law will spend time looking for vulnerabilities, he said. And some of that research may result in new, exploitable bugs.
An anonymous researcher has already published findings from his examination of the pcAnywhere source code. Although his description on the InfoSec Institute website did not claim any new vulnerabilities, he noted that the source code also revealed the workings of LiveUpdate, the Symantec service used to update much of its software, including its consumer antivirus programs, such as Norton Antivirus. "We now know how their LiveUpdate system works thanks to the included architecture plans and full source code," said the researcher. Symantec did not immediately reply to a request for comment on Moore's research or Norman's DoS proof-of-concept.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">‎pcAnywhere Exploit- More Than 200,000 Windows PCs Can Be Hijacked"https://www.voiceofgreyhat.com/2012/02/pcanywhere-exploit-more-than-200000.html</a>

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Earlier we haev discussed many times about one of the most famous and widely used exploitation framework named Metasploit. Yet again the Rapid 7 released another updated version of Metasploit. This update brings Metasploit to version 4.2.0, adding IPv6 support and virtualization target coverage. You'll also notice a new Product News section and update notification for our weekly updates. Since the last major release (4.1.0), added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads. 

Brief About Metasploit:- 

The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.

Module Changes:-

•     Novell eDirectory eMBox Unauthenticated File Access

•     JBoss Seam 2 Remote Command Execution

•     NAT-PMP Port Mapper

•     TFTP File Transfer Utility

•     VMWare Power Off Virtual Machine

•     VMWare Power On Virtual Machine

•     VMWare Tag Virtual Machine

•     VMWare Terminate ESX Login Sessions

•     John the Ripper AIX Password Cracker

•     7-Technologies IGSS 9 IGSSdataServer.exe DoS

•     Microsoft IIS FTP Server <= 7.0 LIST Stack Exhaustion

•     DNS and DNSSEC fuzzer

•     CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure

•     CorpWatch Company ID Information Search

•     CorpWatch Company Name Information Search

•     General Electric D20 Password Recovery

•     NAT-PMP External Address Scanner

•     Shodan Search

•     H.323 Version Scanner

•     Drupal Views Module Users Enumeration

•     Ektron CMS400.NET Default Password Scanner

•     Generic HTTP Directory Traversal Utility

•     Microsoft IIS HTTP Internal IP Disclosure

•     Outlook Web App (OWA) Brute Force Utility

•     Squiz Matrix User Enumeration Scanner

•     Sybase Easerver 6.3 Directory Traversal

•     Yaws Web Server Directory Traversal

•     OKI Printer Default Login Credential Scanner

•     MSSQL Schema Dump

•     MYSQL Schema Dump

•     NAT-PMP External Port Scanner

•     pcAnywhere TCP Service Discovery

•     pcAnywhere UDP Service Discovery

•     Postgres Schema Dump

•     SSH Public Key Acceptance Scanner

•     Telnet Service Encyption Key ID Overflow Detection

•     IpSwitch WhatsUp Gold TFTP Directory Traversal

•     VMWare ESX/ESXi Fingerprint Scanner

•     VMWare Authentication Daemon Login Scanner

•     VMWare Authentication Daemon Version Scanner

•     VMWare Enumerate Permissions

•     VMWare Enumerate Active Sessions

•     VMWare Enumerate User Accounts

•     VMWare Enumerate Virtual Machines

•     VMWare Enumerate Host Details

•     VMWare Web Login Scanner

•     VMWare Screenshot Stealer

•     Capture: HTTP JavaScript Keylogger

•     Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION

•     Asterisk Manager Login Utility

•     FreeBSD Telnet Service Encryption Key ID Buffer Overflow

•     Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow

•     Java Applet Rhino Script Engine Remote Code Execution

•     Family Connections less.php Remote Command Execution

•     Gitorious Arbitrary Command Execution

•     Horde 3.3.12 Backdoor Arbitrary PHP Code Execution

•     OP5 license.php Remote Command Execution

•     OP5 welcome Remote Command Execution

•     Plone and Zope XMLTools Remote Command Execution

•     PmWiki <= 2.2.34 pagelist.php Remote PHP Code Injection Exploit

•     Support Incident Tracker <= 3.65 Remote Command Execution

•     Splunk Search Remote Code Execution

•     Traq admincp/common.php Remote Code Execution

•     vBSEO <= 3.6.0 proc_deutf() Remote PHP Code Injection

•     Mozilla Firefox 3.6.16 mChannel Use-After-Free

•     CTEK SkyRouter 4200 and 4300 Command Execution

•     Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow

•     Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute

•     HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution

•     Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control

•     Java MixerSequencer Object GM_Song Structure Handling Vulnerability

•     MS05-054 Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution

•     MS12-004 midiOutPlayNextPolyEvent Heap Overflow

•     Viscom Software Movie Player Pro SDK ActiveX 6.8

•     Adobe Reader U3D Memory Corruption Vulnerability

•     Aviosoft Digital TV Player Professional 1.0 Stack Buffer Overflow

•     BS.Player 2.57 Buffer Overflow

•     CCMPlayer 1.5 m3u Playlist Stack Based Buffer Overflow

•     Free MP3 CD Ripper 1.1 WAV File Stack Buffer Overflow

•     McAfee SaaS MyCioScan ShowReport Remote Command Execution

•     Mini-Stream RM-MP3 Converter v3.1.2.1 PLS File Stack Buffer Overflow

•     MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow

•     Ability Server 2.34 STOR Command Stack Buffer Overflow

•     AbsoluteFTP 1.9.6 - 2.2.10 LIST Command Remote Buffer Overflow

•     Serv-U FTP Server < 4.2 Buffer Overflow

•     HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow

•     XAMPP WebDAV PHP Upload

•     Avid Media Composer 5.5 - Avid Phonetic Indexer Buffer Overflow

•     Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow

•     HP Diagnostics Server magentservice.exe Overflow

•     StreamDown 6.8.0 Buffer Overflow

•     Wireshark console.lua Pre-Loading Script Execution

•     Oracle Job Scheduler Named Pipe Command Execution

•     SCADA 3S CoDeSys CmpWebServer <= v3.4 SP4 Patch 2 Stack Buffer Overflow

•     Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57

•     OpenTFTP SP 1.4 Error Packet Overflow

•     AIX Gather Dump Password Hashes

•     Linux Gather Saved mount.cifs/mount.smbfs Credentials

•     Multi Gather VirtualBox VM Enumeration

•     UNIX Gather .fetchmailrc Credentials

•     Multi Gather VMWare VM Identification

•     UNIX Gather .netrc Credentials

•     Multi Gather Mozilla Thunderbird Signon Credential Collection

•     Multiple Linux / Unix Post Sudo Upgrade Shell

•     Windows Escalate SMB Icon LNK dropper

•     Windows Escalate Get System via Administrator

•     Windows Gather RazorSQL Credentials

•     Windows Gather File and Registry Artifacts Enumeration

•     Windows Gather Enumerate Computers

•     Post Windows Gather Forensics Duqu Registry Check

•     Windows Gather Privileges Enumeration

•     Windows Manage Download and/or Execute

•     Windows Manage Create Shadow Copy

•     Windows Manage List Shadow Copies

•     Windows Manage Mount Shadow Copy

•     Windows Manage Set Shadow Copy Storage Space

•     Windows Manage Get Shadow Copy Storage Info

•     Windows Recon Computer Browser Discovery

•     Windows Recon Resolve Hostname

•     Windows Gather Wireless BSS Info

•     Windows Gather Wireless Current Connection Info

•     Windows Disconnect Wireless Connection

•     Windows Gather Wireless Profile

For additional information click Here. To Download Metasploit version 4.2.0 for windows & Linux click Here.

 -Source (rapid7)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage"https://www.voiceofgreyhat.com/2012/02/metasploit-420-released-with-ipv6.html</a>

Social-Engineer Toolkit (SET) 3.0 Codenamed #WeThrowBaseballs Released

Social-Engineer Toolkit (SET) 3.0 Codenamed #WeThrowBaseballs Released

Earlier we have discussed many times about Social Engineer Toolkit also known as SET. Yet again the developer officially released the updated version of Social Engineer Toolkit Version 3 codename “#WeThrowBaseballs”. According to the developer- This release has been one of the most challenging ones thus far with the largest changelog, code rehaul, and features. Earlier all the version ware made for Unix & Linux platform in this release they have also made SET available for Windows Platform. 

Features:- 
1. Support for Windows – Tested on XP, Windows 7, and Windows Vista. Note that the Metasploit-based payloads to not work yet – when SET detects Windows they will not be shown only RATTE and SET Shell
2. New attack vector added – QRCode Attack – Generates QRCodes that you can direct to SET and perform attacks like the credential harvester and Java Applet attacks
3. Improved A/V avoidance on the SETShell and better performance. I’ve also fixed the non-encrypted communications when AES was not installed
4. Added a number of improvements and enhancements to all aspects of SET including major rehauls of the coding population and moved from things like subprocess.Popen(“mv etc.”) to shutil.copyfile(“etc”)
5. Rehauled SET Interactive Shell and RATTE to support Windows
6. New Metasploit exploits added to SET

Official change log and rest of other details can be found on the blog post of the developer. To Download Social Engineer Toolkit 3.0 Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Social-Engineer Toolkit (SET) 3.0 Codenamed #WeThrowBaseballs Released"https://www.voiceofgreyhat.com/2012/02/social-engineer-toolkit-set-30.html</a>

Videoconferencing System Is Vulnerable, Hacker Can Listen Company's Confidential Discussions

Videoconferencing System Is Vulnerable, Hacker Can Listen Company's Confidential Discussions 

Recent research underscores that insecure video conferencing systems can allow hackers to listen into a company's confidential discussions. 

According to an exclusive article of Robert Lemos, Contributing Editor of Dark Reading:- Last October, security researcher HD Moore scanned about 3 percent of addressable Internet space looking for high-end videoconferencing systems -- the type of systems present in many corporate boardrooms and meeting spaces.
The scan, which took about two hours using a handful of computers, discovered a quarter of a million systems that understood the H.323 protocol, widely used by Internet protocol (IP) communication systems. Using that list, Moore, the chief security officer for vulnerability-management firm Rapid7, used a module for the popular Metasploit framework to "dial" each server, connect long enough to grab the public handshake packets, and then dropped the connection. "Any machine that accepted a call was set to auto answer," Moore says. "It was fairly easy to figure out who was vulnerable, because if they weren't vulnerable, then they would not have picked up the call." Using the information, Moore and Rapid7 CEO Mike Tuchen identified 5,000 videoconferencing systems that were set to automatically answer incoming calls, allowing a knowledgeable attacker to essentially gain a front-row seat inside corporate meetings. Videoconferencing systems that automatically answer incoming calls can be turned on externally by an attacker without attracting the attention of people in the boardroom. In tests on systems in Rapid7's lab, the researchers found that the system could listen into nearby conversations and record video of the surrounding environment -- even read e-mail from a laptop screen and passwords off of a sticky note that was 20 feet away. While the number of vulnerable systems may be small -- about 150,000 across the Internet, Moore estimates -- the technique returned an interesting set of targets, he says.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Videoconferencing System Is Vulnerable, Hacker Can Listen Company's Confidential Discussions"https://www.voiceofgreyhat.com/2012/01/videoconferencing-system-is-vulnerable.html</a>

Armitage (Cyber Attack Management Tool For Metasploit) Ver 01.19.12 Released

Armitage Ver 01.19.12 Released!!!

Earlier  couple of time we have discussed about Armitage. It is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you are new in Metasploit adn want to learn its advanced features then Armitage can only help you. Now, the author has released an updated version – Armitage version 01.19.12!

Official Change Log For Armitage 01.19.12:- 

• Data export now includes a sessions file. This lists all of the Metasploit sessions you had in your database. There’s some neat data here including which exploit was used, which payload, start time, and close time. You can calculate how much time you spent on your client’s boxes. Cool stuff.

• Fixed a potential dead-lock caused by mouse enter/exit events firing code that required a lock. Nice landmine to defuse.

• Fixed a weird condition with d-server detection. Sometimes (rarely) Armitage wouldn’t detect the d-server even when it’s present.

• Added check to d-server allowing one lock per/client. Client won’t reobtain a lock until it lets it go. This prevents you from opening two shell tabs for a shell session in team mode.

• Fixed an infinite loop condition when some Windows shell commands would return output with no newlines (e.g., net stop [some service]). Thanks Jesse for pointing me to this one.

• Data export now includes a timeline file. This file documents all of the major engagement events seen by Armitage. Included with each of these events is the source ip of the attack system and the user who carried out the action (when teaming is setup).

• Data export now exports timestamps with current timezone (not GMT)

• Fixed a nasty bug that’s been with Armitage since the beginning! I wasn’t freeing edges properly in the graph view. If you had pivots setup in graph view and used Armitage long enough–eventually Armitage would slow down until the program became unusable. At least it’s fixed now.

• Adjusted the d-server state identity hash combination algorithm to better avoid collissions.

• Armitage now displays ‘shell session’ below a host if the host info is just the Windows shell banner. 

The latest Armitage is installed with Metasploit 4.1.0+. If you want to use Armitage as a remote Metasploit client Then Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Armitage (Cyber Attack Management Tool For Metasploit) Ver 01.19.12 Released"https://www.voiceofgreyhat.com/2012/01/armitage-ver-011912-released-cyber.html</a>

BackBox Linux 2.01 (Penetration Testing Distribution) Released

Earlier we have talked about BackBox Linux. Now a days it has became a very common penetration testing distribution. Now we have version 2.01 of BackBox Linux. 

Brief About BackBox :-

BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools. The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0.

What's New In This Release:-

• System upgrade
• Performance boost
• New look
• Improved start menu
• Bug corrections
• New sections such as Forensic Analysis, Documentation & Reporting and Reverse Engineering
• New Hacking tools and updated tools such as dradis 2.8, ettercap 0.7.4.2, john 1.7.8, metasploit 4.2, nmap 5.51, set 2.5.2, sleuthkit 3.2.1, w3af 1.0, weevely 0.5, wireshark 1.6.3, etc.

To Download BackBox Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">BackBox Linux 2.01 (Penetration Testing Distribution) Released"https://www.voiceofgreyhat.com/2012/01/backbox-linux-201-penetration-testing.html</a>

Script To Bypass Antivirus & Firewall By Security Labs

Security Labs Experts from Indian launch an automated Anti-Virus and Firewall Bypass Script. Its an Modified and Stable Version in order to work with Backtrack 5 distro. In order to compile the generated payload Mingw32 gcc must be installed on your system. 

Method:-

apt-get install mingw32-runtime mingw-w64 mingw gcc-mingw32 mingw32-binutils

After the installation you need to move the shell-script (Vanish.sh, We have mentioned the download link below) to default Metasploit folder (/pentest/exploits/framework) and execute it. Recommended Seed Number = 7000 and Number of Encode = 14.

Note: By default Script Generates Reverse TCP Payload but you can change it some modifications in Script [vanish.sh]. Virus Scan Report of Backdoor shows that its almost undetectable by most of the Antivirus programs.

To Download The Script Click Here

Security Labs Experts also released a pastebin. Rest of other information can be found from that release. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Script To Bypass Antivirus & Firewall By Security Labs"https://www.voiceofgreyhat.com/2011/12/script-to-bypass-antivirus-firewall-by.html</a>

Metasploit Pro (Community Edition of Metasploit)

US security company Rapid7 has announced the launch of a Community Edition of the popular Metasploit exploit framework. According to Rapid7 Chief Security Officer and Metasploit Creator HD Moore, "The best way to tackle the increasing information security challenge is to share knowledge between practitioners, open source projects and commercial vendors."

The Community Edition is free for personal and professional use, combining the open source version of the framework with several of the features found in Metasploit Pro, to provide "an entry-level response to the evolving threat landscape". It includes "a basic version" of the commercial graphical user interface which is aimed at making it easier for users to get started with vulnerability verification and security assessments.

According to Rapid 7:-

Metasploit Pro helps enterprise defenders prevent data breaches by efficiently prioritizing vulnerabilities, verifying controls and mitigation strategies, and conducting real-world, collaborative, broad-scope penetration tests to improve your security risk intelligence.

Prevent data breaches:-

Metasploit Pro helps you improve your enterprise vulnerability management program and test how well your perimeter holds up against real world attacks:

• Identify critical vulnerabilities that could lead to a data breach so you know what to patch first
• Reduce the effort required for penetration testing, enabling you to test more systems more frequently
• Discover weak trust models caused by shared credentials that are vulnerable to brute forcing and harvesting
• Locate exposed, sensitive information with automated post-exploitation file system searches

Prioritize Vulnerabilities:-

Metasploit Pro makes your security and operations team more efficient because it helps you prioritize the vulnerabilities reported by your vulnerability scanner:

• Import vulnerability management reports from more than a dozen third-party applications and verify their findings to eliminate false positives
• Integrate with your in-house Nexpose infrastructure to kick off new scans and access real-time vulnerability findings (requires Nexpose)
• Focus on remediating critical vulnerabilities to reduce exposure and reduce mitigation costs
• Prove exploitability to application owners to expedite remediation

Verify controls and mitigation efforts:-

Metasploit Pro helps you verify that your remediation effort, such as a patch, new firewall rule or IPS configuration, actually stops the vulnerability from being exploited.

• Re-run exploits after mitigation to verify its effectiveness in preventing a data breach
• Enable the IT operations team or your client to verify whether controls and mitigations were successful by handing them a replay script that re-traces the steps you took to exploit the vulnerability
• Draw on the Nexpose vulnerability database to read up on ways to remediate vulnerabilities (requires Nexpose)

For more information about Metasploit Pro Click Here

To Download Metasploit Click Here

-News Source (Rapid 7)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Metasploit Pro (Community Edition of Metasploit)"https://www.voiceofgreyhat.com/2011/10/metasploit-pro-community-edition-of.html</a>

Zero-Day Vulnerability in Opera Browser Found By Vázquez

José A. Vázquez, Security expert has released the details of a critical security hole in the Opera browser which can be exploited to inject malicious code. He says that he found the hole and notified the developers with a proof of concept a year ago. However, the expert said that Opera decided not to close the hole.
Vázquez thinks that the Opera developers might have tested his version 10.6 exploit with the current version 11.x, which may have caused the exploit to malfunction. Instead of contacting Opera again, Vázquez has adapted the exploit for the current version 11.51 of Opera and has released it as a Metasploit module. This means that, in principle, anyone can now exploit the vulnerability.

• To download the Metasploit Module Click Here

The hole is caused by a memory flaw when processing SVG content within framesets. Simply visiting a compromised web page is enough for a system to become infected with malicious code. Vazquez said that the exploit is successful in 3 out of 10 cases. With the pre-alpha version of Opera 12, the exploit managed to inject malicious code in 6 out of 10 cases.

Vázquez released a the 0day Exploit of Opera Browser 10,11 & 12. You can download that by clicking the following link.

• 0day Exploit Opera (Pastebin)

• 0day Exploit Opera (Exploit-db)

By releasing the exploit, the security expert is forcing the browser developers into action. Later Opera respond and released a security update.

-News Source (spa-s3c)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Zero-Day Vulnerability in Opera Browser Found By Vázquez"https://www.voiceofgreyhat.com/2011/10/zero-day-vulnerability-in-opera-browser.html</a>

Armitage (Graphical Cyber Attack Management Tool for Metasploit) 09.26.11 Released

Armitage 09.26.11 released.

Description:-
Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you.

Official change log for Armitage 09.26.11:-

• Improved performance when launching exploits and other modules that open a new tab.

• Launching an exploit will only open a tab when fewer than four hosts are highlighted. If four or more are highlighted, then Armitage will use the old behavior of silently launching each exploit. [You're supposed to be able to attack hundreds of hosts at once--hence my desire to add this caveat]

• When launching an exploit in the background, Armitage will show a dialog indicating that the exploit was launched against X hosts.

• You may now drag and drop Armitage tabs to rearrange their order.

• Armitage “show all commands” option (for better exploit feedback) is now on by default.

• You may now right-click a screenshot/webcam shot to zoom in or out on the image. The zoom-level stays fixed (in case you refresh the image later)

• Added a menu to the X button in the tabs. Through this menu you may open the current tab in its own window or close all like tabs.

• Updated Hosts -> Import Hosts to reflect the current importable file types.

• Added View -> Reporting -> Export Data to dump most Metasploit tables into TSV and XML files suitable for parsing (by you!) into a report format of some sort.

• Armitage now encodes (-e x86/shikata_ga_nai -i 3) any Windows meterpreter payload generated from the module launcher dialog.

• [host] -> Meterpreter -> Access -> Duplicate now uses multi_meter_inject to launch Meterpreter into memory directly (rather than upload and execute a file)

• In teaming mode, Armitage will now automatically upload a file selected through the + option (e.g., USER_FILE +) to the Metasploit server and set the value in Metasploit accordingly.

• Modified error output for a failed Metasploit method to only display the method name and error message. Displaying a large input would cause Armitage UI to start flashing in some weird disco mode until a hard reset. Yeaah!

To Download Armitage 09.26.11 Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Armitage (Graphical Cyber Attack Management Tool for Metasploit) 09.26.11 Released"https://www.voiceofgreyhat.com/2011/10/armitage-graphical-cyber-attack.html</a>

"Busting Windows With Backtrack 5 R1 & Metasploit Framework 4.0" An Exclusive Article by Rahul Tyagi

"Busting Windows With Backtrack 5 R1 & Metasploit Framework 4.0" An Exclusive Article written by famous ethical hacker Rahul Tyagi.

The Article Contents:- 

• Backtrack 5 R1 Overview

• Brief of MSF 4.0

• Vulnerabilities, Exploits & Payloads

• MSF 4.0 Console Mode

• Exploiting Windows With Armitage 

• Starting the Party With Armitage

• Hard Facts That They Don't Reveal 

To download the article Click Here

-News Source (Rahul Tyagi)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">"Busting Windows With Backtrack 5 R1 & Metasploit Framework 4.0" An Exclusive Article by Rahul Tyagi"https://www.voiceofgreyhat.com/2011/10/busting-windows-with-backtrack-5-r1.html</a>

Security Onion Live DVD For Intrusion Detection Systems

The  Security Onion LiveDVD is a bootable DVD that contains software used  for installing, configuring, and testing Intrusion Detection Systems. It  is based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert,  Xplico, nmap, metasploit, Armitage, scapy, hping, netcat, tcpreplay, and  many other security tools.

Official Change Log for Security Onion 20110909:-

• The “IDS Rules” menu now has a new entry called “Add Local Rules” which will open /etc/nsm/rules/local.rules for editing using the “mousepad” GUI editor.  You can then add any rules that you want to maintain locally (outside of the downloaded VRT or Emerging Threats rulesets).

• A new menu called “IDS Config” was added with a new menu entry called “Configure IDS engine(s)”.  This will list all of the IDS engines on your system and allow you to choose one to configure.  It will then open the proper config file for whatever IDS engine you’re running.  After you save and close the config file, it will offer to restart the IDS engine for you.

For more information & to see their official blog release Click Here

To download Security Onion Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Security Onion Live DVD For Intrusion Detection Systems"https://www.voiceofgreyhat.com/2011/09/security-onion-live-dvd-for-intrusion.html</a>

BeEF v0.4.2.8 (Alpha)

BeEF, the Browser Exploitation Framework is a professional security tool provided for lawful research and testing purposes. It allows the experienced penetration tester or system administrator additional attack vectors when assessing the posture of a target. The user of BeEF will control which browser will launch which exploit and at which target.
BeEF hooks one or more web browsers as beachheads for the  launching of directed exploits in real-time. Each browser is likely to be within a different security context. This provides additional vectors that can be exploited by security professionals.BeEF provides an easily integratable framework that demonstrates the impact of browser and Cross-site Scripting issues in real-time. Development has focused on creating a modular framework. This has made module development a very quick and simple  process. Current modules include Metasploit, port scanning, keylogging, TOR detection and more.

This release contains support for the XssRays extension, which is still in pilot stage and will be improved further in the next release. The framework now loads faster due to the dynamically loading modules. The core enhancements has had a great impact on the command module navigation. This should be quite noticeable.
Unfortunately, this release also has a bug that prevents MSF from interacting with BeEF. The author mentions that this will be taken care of pretty soon. Until then, it is recommended that the latest version be downloaded via the SVN repository.

To download BeEF v0.4.2.8-alpha here.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">BeEF v0.4.2.8 (Alpha)"https://www.voiceofgreyhat.com/2011/08/beef-v0428-alpha.html</a>

Google Chrome OS Has Security Hole (Black Hat 2011)

Black Hat Google has billed its Chrome operating system as a security breakthrough that's largely immune to the threats that have plagued traditional computers for decades. With almost nothing stored on its hard drive and no native applications, there's no sensitive data that can pilfered and it can't be commandeered when attackers exploit common software vulnerabilities.

But according to two researchers who spent the past few months analyzing the Chrome-powered Cr-48 beta released in December, the browser-based OS is vulnerable to many of the same serious attacks that afflict people surfing websites. As a result, users remain susceptible to exploits that can intercept email, documents, and passwords stored on centralized servers, many of which are maintained by Google.

“Even though they put these awesome security protections in place, we're just moving the security problems to the cloud now,” Matt Johansen, a researcher with WhiteHat Security, told The Register. “We're moving the software security problem that we've been dealing with forever to the cloud. They're doing a lot of things right, but it's not the end all and be all for security.”

Virtually all of the threats identified by Johansen and his WhiteHat colleague Kyle Osborn stem from Chrome's reliance on extensions, which are essentially web-based applications. A fair number of the extensions they analyzed contain XSS, or cross-site scripting, bugs, which have the potential to inject malicious code and content into a visitor's browser and in some cases steal credentials used to authenticate user accounts.

As they went about testing what kind of attacks various XSS vulnerabilities could allow, Johansen and Osborn noticed something curious: a bug in one extension often allowed them to hijack the communications of a second extension, even when the latter one had no identifiable security flaws. At the Black Hat security conference in Las Vegas on Wednesday, they demonstrated this weakness by exploiting an XSS hole in one extension to steal passwords from an otherwise secure account on cloud password storage service LastPass.

“If any of the other vulnerable extensions have an XSS hole, we can utilize JavaScript to hijack that communication,” Johansen said. “LastPass is doing absolutely nothing wrong here. You can have an extension that's perfectly fine, but if you have another that has a cross-site scripting error in it we can still access information in secure applications.”

The discovery has generated a quandary for the researchers.

“Whose problem is this to fix?” Johansen continued. “We don't really have an answer for that. LastPass did everything correctly. It's the other extension developers that developed an extension with a vulnerability in it.”

After being informed of the specific attack, LastPass made changes to its Chrome extension that prevented it from being carried out, so it's reasonable to assume extension makers foot some of the responsibility for preventing their apps from being compromised by others. But Johansen couldn't rule out the possibility that vulnerabilities and other apps could probably make LastPass vulnerable again. He said Google might be able to fix the problem by overhauling the application programming interfaces extension developers use.

The researchers also demonstrated an XSS vulnerability in Scratchpad, a text-editor extension that's bundled with Chrome. By sharing files with names containing JavaScript commands stored on Google Docs they were able to obtain the Google session cookies of anyone who used a Chromebook to view the documents. An attacker could exploit the vulnerability to read a victim's email, or to send instant messages to everyone on the victim's contact list. If any of the contacts are using Chromebooks, they could be similarly vulnerable to booby-trapped filenames stored on Google Docs.

A Google spokeswoman defended the security of Chromebooks and said the vulnerabilities enumerated by the researchers weren't unique to the cloud-based OS. In an email, she issued the following statement:

This conversation is about the web, not Chrome OS. Chromebooks raise security protections on computing hardware to new levels. They are also better equipped to handle the web attacks that can affect browsers on any computing device, thanks in part to a carefully designed extensions model and the advanced security available through Chrome that many users and experts have embraced.

The researchers stressed Google engineers were extremely quick to fix the Scratchpad vulnerability and awarded them a $1,000 bounty for their report. But they remain convinced that the security of Chrome OS in many cases is only as strong as its' weakest extensions. They also pointed out that penetration-testing tools such as the Browser Exploitation Framework could be used to help streamline attacks in much the way Metasploit is used to manage exploits for traditional machines.

And, Johansen said, Chrome hacking through XSS may be only the beginning, since the flaws are among the easiest to find and exploit.

“Who knows what we're going to be looking for months or years from now when Google can figure out a way to thwart the cross-site scripting threat,” he said. “Why would we be trying to write buffer overflows when we can just write a simple JavaScript command.” 

-News Source (The Register)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google Chrome OS Has Security Hole (Black Hat 2011)"https://www.voiceofgreyhat.com/2011/08/google-chrome-os-has-security-hole.html</a>

Famous Framework Metasploit v4.0.0

The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.

New Exploit Modules:

VSFTPD v2.3.4 Backdoor Command Execution
Java RMI Server Insecure Default Configuration Java Code Execution
HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow
HP OpenView Network Node Manager Toolbar.exe CGI Cookie Handling Buffer Overflow
Mozilla Firefox nsTreeRange Dangling Pointer Vulnerability
Black Ice Cover Page ActiveX Control Arbitrary File Download
Microsoft Office Visio VISIODWG.DLL DXF File Handling Vulnerability
MicroP 0.1.1.1600 (MPPL File) Stack Buffer Overflow
Lotus Notes 8.0.x – 8.5.2 FP2 – Autonomy Keyview
RealWin SCADA Server DATAC Login Buffer Overflow
Siemens FactoryLink vrn.exe Opcode 9 Buffer Overflow
Iconics GENESIS32 Integer overflow version 9.21.201.01
Siemens FactoryLink 8 CSService Logging Path Param Buffer Overflow
Sielco Sistemi Winlog Buffer Overflow
Blue Coat Authentication and Authorization Agent (BCAAA) 5 Buffer Overflow
HP OmniInet.exe Opcode 20 Buffer Overflow
HP OmniInet.exe Opcode 27 Buffer Overflow
Citrix Provisioning Services 5.6 streamprocess.exe Buffer Overflow
Lotus Notes 8.0.x – 8.5.2 FP2 – Autonomy Keyview

New Post-Exploitation Modules:

Winlogon Lockout Credential Keylogger
Windows Gather Microsoft Outlook Saved Password Extraction
Windows Gather Process Memory Grep
Windows Gather Trillian Password Extractor
Windows PCI Hardware Enumeration
Windows Gather FlashFXP Saved Password Extraction
Windows Gather Local and Domain Controller Account Password Hashes
Windows Gather Nimbuzz Instant Messenger Password Extractor
Windows Gather CoreFTP Saved Password Extraction
Internet Download Manager (IDM) Password Extractor
Windows Gather SmartFTP Saved Password Extraction
Windows Gather Bitcoin wallet.dat
Windows Gather Service Info Enumeration
Windows Gather IPSwitch iMail User Data Enumeration

New Auxiliary Modules:

John the Ripper Password Cracker Fast Mode
Microsoft Windows DNSAPI.dll LLMNR Buffer Underrun DoS
Kaillera 0.86 Server Denial of Service
2Wire Cross-Site Request Forgery Password Reset Vulnerability
SIPDroid Extension Grabber
MSSQL Password Hashdump

Notable Features & Closed Bugs:-

Feature #4982 – Support for custom executable with psexec
Feature #4856 – RegLoadKey and RegUnLoadKey functions for the Meterpreter stdapi
Feature #4578 – Update Nmap XML parsers to support Nokogiri parsing
Feature #4417 – Post exploitation module to harvest OpenSSH credentials
Feature #4015 – Increase test coverage for railgun
Bug #4963 – Rework db_* commands for consistency
Bug #4892 – non-windows meterpreters upload into the wrong filename
Bug #4296 – Meterpreter stdapi registry functions create key if one doesn’t exist
Bug #3565 – framework installer fails on RHEL (postgres taking too long to start)

Armitage integrates with Metasploit 4.0 to:-

Take advantage of the new Meterpreter payload stagers
Crack credentials with the click of a button
Run post modules against multiple hosts
Automatically log all post-exploitation activity
Revision Information:
Framework Revision 13462

Several import parsers were rewritten to use Nokogiri for much faster processing of large import files. Adding to Metasploit’s extensive payload support, Windows and Java Meterpreter now both support staging over HTTP and Windows can use HTTPS. In a similar vein, POSIX Meterpreter is seeing some new development again. It still isn’t perfect nor is it nearly as complete as the Windows version, but many features already work. Java applet signing is now done directly in Ruby, removing the need for a JDK for generating self-signed certificates. The Linux installers now ship with ruby headers, making it possible to install native gems in the Metasploit ruby environment.

Another flexibility improvement comes in the form of a consolidated pcap interface. The pcaprub extension ships with the Linux installers as of this release and support for Windows will come soon. Modules that used Racket for generating raw packets have been converted to Packetfu, which provides a smoother API for modules to capture and inject packets.

To download Metasploit Framework v4.0.0 Click Here

For more information abous MSF click here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Famous Framework Metasploit v4.0.0"https://www.voiceofgreyhat.com/2011/08/famous-framework-metasploit-v400.html</a>

Metasploit declared $5,000.00, in 5 weeks for exploits Bug Bounty program

If you've got a way to crack Google Chrome, the Metasploit team wants to pay you for it. Today Rapid 7 announced that it has a total of $5000 in cash to reward to contributors who send in exploits for its Top 5 or Top 25 vulnerability lists. The exploits have to be submitted, and accepted, as modules under its standard Metasploit Framework license. 

Cash for bugs is a controversial but common way for security firms to encourage hackers to send exploits to the white hats. As far as Bug Bounty programs go, Metasploit's program is meager. But for an open source program that relies on contributions sent in for free, it's an interesting experiment. The program will end quickly, lasting only five weeks (July 20). One fun thing that the team is doing is letting people stake a claim to their exploit of choice from their Top 5 (prize is $500) or Top 25 (prize is $100) lists. After claiming an exploit, hackers get a week to submit their Metasploit module for their chosen bug. The prize money will "only be paid out to the first module contributor for a given vulnerability," the Metasploit team says.

And guess what? Denial of Service exploits won't qualify. Metasploit wants your bug to be able to do more than that. It should also bypass ASLR/DEP when applicable and be geared toward English-based targets. Metasploit wants hackers to follow its hacking guidelines and they cannot be residents of a US embargoed country.

All accepted submissions will not only win a bit of cash but their submissions will be made available to other Metasploit users, again under the Metasploit Framework license (3-clause BSD).

As I look at the list of 30 possible exploits while writing this blog post, I see that only two have been claimed so far. CVE/ZDI 2011-1218, Lotus Notes - Autonomy Keyview(.zip attachment), and an exploit not listed in the CVE database, known as " DATAC RealWin On_FC_CONNECT_FCS_LOGIN packet containing a long username." So plenty of room for participants remains.

The cash-for-bugs program is interesting, but the list of vulnerabilities for which Metasploit is seeking help is even more so.

The Top 5 are for specific holes in ...

1. Google Chrome (before 11.0.696.71)
2. Lotus Note
3. IBM Tivoli Directory Server
4. DNS
5. GDI

In the Top 25, the entries on the list that caught my eye include holes in JScript, VBScript Scripting Engines, JBOS, Oracle VM and Citrix, among others. (Yes, browsers are in there, too, including Firefox, Chrome and Opera).

Of course, if you do have a killer bug, particularly for some of the browsers like Firefox or Chrome you can perhaps earn more than $100 for it. Mozilla's Bug Bounty program pays up to $3000 cash reward and you get a Mozilla T-shirt. For web applications or services related security bugs, Mozilla pays from $500 to $3,000. In January, Google plunked out what was then a record reward, $3,133, to a hacker for reporting a flaw Chrome. (Google raised its bug bounty fee about a year ago, from $1,337 after Mozilla bumped up its reward rate to $3,000).

TippingPoint, known as one of the founders of the bug bounty concept, not only pays cash (as much as $5,000 for your zero-day), but it also awards bonus points in a scheme more complicated than an airline mileage rewards program. Participants earn points for referring others into the program, for each zero-day they submit and so on. These points gain you bonuses for your hacks, and other goodies like all-expense-paid trips to hacker conferences like Black Hat.

Who knew hacking could be so rewarding?

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Metasploit declared $5,000.00, in 5 weeks for exploits Bug Bounty program"https://www.voiceofgreyhat.com/2011/06/metasploit-declared-500000-in-5-weeks.html</a>