HackDig : Dig high-quality web security articles for hacker

Weekly Metasploit Wrapup: Meterpretersauce

When You Wish Upon A Shell Image from wishingshells.com, which I totally need nowBack in February we ran a survey to figure out where you, the savvy penetration tester, would like to see Meterpreter go. As a result, we now have the Meterpreter Wishlist, and have been working steadily off of that for the last few months. As of this week, we have a p
Publish At:2015-07-03 03:45 | Read:4481 | Comments:0 | Tags:exploits flash meterpreter weekly-update metasploit-payloads

Unicode Support in Meterpreter

A short, mostly-accurate history of character encodings In the beginning, when you wanted to use a computer to store text, there were not many options - you inherited something from punchcards like EBCDIC or invented something convenient and unique to your system. Computers did not need to talk to each other, so there was not much point in standardizing
Publish At:2015-03-28 02:00 | Read:4369 | Comments:0 | Tags:metasploit meterpreter unicode

Meterpreter Survey 2015: You spoke, we listened, then wrote a bunch of code.

The Survey One month ago we asked the community for feedback about how they use Metasploit and what they want to see in the Meterpreter payload suite going forward. Over the course of a week we received over 400 responses and over 200 write-in suggestions for new features. We have spent the last month parsing through your responses, identifying dependen
Publish At:2015-03-26 18:00 | Read:4158 | Comments:0 | Tags:metasploit payloads meterpreter attacks ssl verification sur

Deep Dive Into Stageless Meterpreter Payloads

Metasploit has long supported a mixture of staged and stageless payloads within its toolset. The mixture of payloads gives penetration testers a huge collection of options to choose from when performing exploitation. However, one option has been missing from this collection, and that is the notion of a stageless Meterpreter payload. In this post, I’d l
Publish At:2015-03-26 02:00 | Read:6256 | Comments:0 | Tags:meterpreter stageless

Weekly Metasploit Wrapup: Stageless Meterpreter and the Revenge of Stuxnet

Stageless MeterpreterRemember the Metasploit Pop Quiz we ran about a month back? Well, we got tons of support from you, the Metasploit users, and have been picking out what you want to see and have started turning those wishes into reality. I know HD, Brent, and OJ are working up a much more exhaustive blog post for next week to lay out what's going where an
Publish At:2015-03-20 17:35 | Read:6930 | Comments:0 | Tags:meterpreter stageless stuxnet

Weekly Metasploit Wrapup: Meterpreter Pop Quiz

Let's Make MeterpreterMetasploit, as you know, is quite near and dear to my heart. But, but it's not mine -- it's yours. This week, we're taking a survey of what features and functionality you want to see, and it's directed specifically to the open source community of both users and developers. If you're purely a Metasploit Pro user, feel free to give your f
Publish At:2015-03-06 01:20 | Read:2487 | Comments:0 | Tags:meterpreter wordpress weekly-wrapup

Running PowerShell Scripts That Require Module Imports With Meterpreter

Old post on the subject here:http://carnal0wnage.attackresearch.com/2012/10/run-powershell-module-in-meterpreter.htmlMore recent posts on the subject by harmj0yhttp://www.harmj0y.net/blog/powershell/derbycon-powershell-weaponization/Anyway, #2 from The PowerShell Weaponization Problem works ok if you don't care about the code being on diskGist with the comma
Publish At:2015-02-23 10:40 | Read:6463 | Comments:0 | Tags:Metasploit meterpreter Pentesting post-exploitation powershe

12 Days of HaXmas: Maxing Meterpreter's Mettle

This post is the twelfth in a series, 12 Days of HaXmas, where we usually take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014. As this is the last in the series, let's peek forward, to the unknowable future.Happy new year, it's time to make some resolutions. There is nothing like a fresh new year ge
Publish At:2015-01-05 22:35 | Read:2103 | Comments:0 | Tags:meterpreter metapsloit metasploit_test mettle haxmas

12 Days of HaXmas: Meterpreter migration for Linux!

This post is the elenth in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014.Hello everyone and Happy HaXmas (again) and New Year! On this HaXmas I would like to share with all you a new feature which I'm personally very happy with. It's nothing super new and
Publish At:2015-01-04 18:05 | Read:3894 | Comments:0 | Tags:haxmas meterpreter linux posix av-evasion

12 Days of HaXmas: Does it Blend Like a Duck?

This post is the fifth in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014. Writing portable software is not hard. It's just like walking through a minefield! Getting to the other side, that's the tricky part. Sure, if you target C, Unix-like system
Publish At:2014-12-29 19:30 | Read:4224 | Comments:0 | Tags:c ssl windows ports meterpreter haxmas

Weekly Metasploit Wrapup: On Unicorns and Wizards

Internet Explorer "unicorn" bug: CVE-2014-6332This week, we shipped a brand new exploit for the "unicorn" bug in Microsoft Internet Explorer, CVE-2014-6332, not-so-prosaically entitled, Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution. This is a big deal client-side vulnerability for the usual reason that Internet Explorer 11 ac
Publish At:2014-12-04 20:10 | Read:2666 | Comments:0 | Tags:msie meterpreter weekly-wrapup

Basic Data Exfiltration

So you pwned the system and got root access, awesome but what's next? Oh, I need to get the /etc/passwd and /etc/shadow out for a start. Ok how?There are a couple of ways to do it:1. Meterpreter's 'download' commandIt's great if you're using meterpreter as the payload. Simple and hassle free. Just 'cd' and 'pwd' through the victim machine's directory withou
Publish At:2014-08-12 20:06 | Read:3104 | Comments:0 | Tags:data exfil exfiltration meterpreter netcat pentest ssh wget

Weekly Metasploit Update: Meterpreter Madness

Meterpreter Updates This week, we saw another slew of updates to Metepreter to make your post-exploit experience all the more pleasant, and are pushing forward with some core release changes to hopefully make installing Metasploit a more sane, Ruby-like experience. Here's the rundown of what you'll see with this update, and what you can expect Real Soon
Publish At:2014-08-09 17:07 | Read:5076 | Comments:0 | Tags:meterpreter python_meterpreter android weekly-update

Weekly Metasploit Update: Another Meterpreter Evasion Option

Hopping Meterpreter Through PHP This week, Metasploit landed and shipped the new Reverse HTTP hop stager for Meterpreter payloads, which opens up yet another avenue for pivoting about the Internet to connect to your various and sundry Meterpreter shells. This is kind of a huge deal. For starters, this obviously helps with crossing artificial border
Publish At:2014-08-09 17:07 | Read:3591 | Comments:0 | Tags:yokogawa meterpreter php

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud