Posts Tagged metasploit

Exploit the User with SET – The Social Engineering Toolkit

Posted by Jhaddix in Tool Talk on February 21st, 2010

I have to say… SET is just plain awesome. The Social Engineering Toolkit (SET) is a set of python scripts created by David Kennedy (aka rel1k) to automate many client side penetration testing vectors. In conjunction with Social-Engineer.org, which is also a top-notch resource, it provides for some of best extensibility in this type testing. A couple of weekends ago Dave released 0.4 of SET at Shmoocon. I’ll be honest, i hadn’t used it much until now but, after a good bit of research I now appreciate its full glory.

SET’s Python scripts allow you to easily create phishing email attacks, create clones of any given URLs you provide it in a web based attack, and then on that page exploit the users machine using a java applet or browser exploits. It can create Malicious PDFs as well. In 0.4 there are many improvements:

- An improved java applet that is multi-platform and deals well with any permission type
- 0.4 adds Metasploit browser exploits in addition to the java applet
- Can launch the “Aurora” style attacks with Metasploit
- Improved cloned sites and redirect to legit site.
- Integrates with Backtrack’s sendmail or gmail addresses
- Spear phishing with input of email lists improved

The SET is highly tied to the Backtrack and Social-Engineer.org communities. Training authors and contributors to these sites are well recognized penetration testers with a high level of interest on client-side and social engineering based attack vectors. You’ll recognize names like Paul Hand, Chris Nickerson, Mati Aharoni, Chris Hadnagy, of course Dave Kennedy, etc, all working on these projects. In addition a whole section of the free Metasploit Unleashed training is dedicated to SET and they have an excellent setup and usage article here. Also Social-Engineer.org has an excellent writeup as well.

SET has a large fanbase with many useful videos on usage and customized scopes. The First video is actually the new SET 0.4 updates presentation and a recording of all the Firetalks (shorter than regular presentations) at Shmoocon, recorded by Adrian Crenshaw (Irongeek).

The Shmoocon firetalks are very interesting as well. Adrian’s presentation on trapping script kiddies, and BruCon Organizer Benny’s Sleephacking 101 – How to Stay Awake for 20 Hours a Day without Turning into a Zombie are both very interesting. In addition it was good to hear more about the Pentoo Penetration Testing distribution.

Check it and some of the other vids below =)

Read the rest of this entry »

Backtrack, Irongeek, metasploit, Metasploit Unleashed, Pentoo, phishing, SET, Shmoocon, Social Engineering Toolkit, Social-Engineer.org, Vids

8 Comments

Nsploit: Nmap grows some teeth

Posted by Jhaddix in Tool Talk on February 12th, 2010

Ryan Linn has started a project to bridge Nmap Scans all the way to exploitation using Metasploit.

Similar to the db_autopwn via fasttrack script (available in Backtrack 4), Nsploit does even more granular service level Nmap scanning to identify versions and exploits. Then passes of these to Metasploit and launches the pain at your target box.

It Uses Nmap’s NSE’s to trigger Metasploit commands via XMLRPC. Anything we can identify with an Nmap Script we can launch and get a shell… hopefully a meterpreter shell

Check out Ryans blog http://blog.happypacket.net/ and learn more about Nsploit from the 2009 SecToor Presentation Nsploit-(Popping-boxes-with-Nmap) hosted by securitytube.com.

PDF slides here

Download

Usage videos below:

Nsploit Multi-Host Ownage from Ryan Linn on Vimeo.

Nsploit Single Host Ownage from Ryan Linn on Vimeo.

fasttrack, metasploit, nmap, nsploit

1 Comment

Metasploit Buyout

Posted by Jhaddix in News on October 21st, 2009

New Logo

Today HD Moore and Rapid7 announced that Rapid7 has purchased the Metasploit Framework Project. The speculation around this has taken the pentest and vulnerability scanning community by storm. After talking with some colleagues I have come up with the following, here’s some things you should know:

First, be happy for H.D. Moore. He is one of the hardest working exploit devs and project managers in the world. Not only HD, but Egypt as the first paid core dev for the project. Congratulate them. Bravo.

HDM and Rapid7 have stated that “Rapid7 is 100% committed to keeping the project open source and the community development model.” This buyout is not so much of a buyout, it’s a corporate backing of MSF and HD’s vision of the project. For now (or “anytime soon”) the BSD 3 License will not be going anywhere. MSF will be sticking with Ruby and Rapid7 has no plans, for now, to corporatize MSF. Rapid7 wants to take the MSF brand and stand behind it.

There is some worry about community submissions to MSF now that it is owned by R7. Rob Fuller (mubix) gave a pretty straight forward answer to that in reply to Sourcefire’s VRT blog:

“For those not happy that the development for or submission of your ideas / exploits to the Metasploit project now that submissions will also go to Rapid 7 are seriously underestimating the fact that all those companies were pulling that information already.”

What does it mean for R7′s NeXpose Vulnerability product?

Well, it’s really about extensibility and market share . Adding the exploit database from MSF to NeXpose gives a far better risk rating to the product by adding a way to validate vulnerabilities and rate them by current known exploit code. They also gain the name, rights, branding, and developers for the MSF project which all funnels into Rapid7 corporate brand. As R7′s new CSO HD Moore brings his talents to the R7 table. In addition R7 does not just offer vulnerability management solutions but also penetration testing solutions, which is a market they have fought to be in for a while. Now they have legs to stand on, so to speak, when battling dominant market competitors like CORE , SAINT, and ImmunitySec.

Catch an exclusive interview with HD and R7 on the Risky Business Podcast =)

Heres a pretty complete article roundup on the buyout:

http://blog.metasploit.com
http://www.metasploit.com/home/faq
http://blog.metasploit.com/2009/10/metasploit-rising.html
http://www.rapid7.com/metasploit-announcement.jsp
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1371945,00.html
http://www.darkreading.com/vulnerability_management/security/management/showArticle.jhtml?articleID=220800067
http://infosanity.wordpress.com/2009/10/21/rapid7-acquire-metasploit/
http://blog.ianetsec.net/perspective/2009/10/nick-selby-metasploit-acquisition-shakes-up-the-pentest-landscape.html
http://isc.sans.org/diary.html?storyid=7417
http://vrt-sourcefire.blogspot.com/2009/10/rapid7-make-bold-statement-acquiring.html
http://www.andrewhay.ca/archives/1085

HD Moore, metasploit, News, rapid7, tools

1 Comment