Update: DEP blocks this sample and the Metasploit module; DEP is enabled by default in IE 8.
Yesterday, a copy of the unpatched Internet Explorer exploit used in the Aurora attacks was uploaded to Wepawet. Since the code is now public, we ported this to a Metasploit module in order to provide a safe way to test your workarounds and mitigation efforts.
To get started, grab the latest copy of the Metasploit Framework and use the online update feature to sync latest exploits from the development tree. Start the Metasploit Console (msfconsole) and enter the commands in bold:
阅读全文
FROM:http://pauldotcom.com/2009/11/attacking-mssql-with-metasploi.html
Now a days hacking has shifted from attacking systems to know how they work or for the trill of getting into a system for the sake of the hunt but many hackers are doing it for profit, in fact many companies around the world and states are employing hacker for information both for political and financial gain. One of the places where most of this information resides is in databases and one of the most popular databases in enterprises and governments now a days is Microsoft SQL Server and on this blog post I will cover some of the attacks you can do against this system with Metasploit 3.3.
阅读全文
网络漏洞管理公司Rapid7 已承包了Metasploit项目以及当下大受欢迎的Metasploit框架的黑客工具。这次承包的财务方面的条款还未被披露出来。 Rapid7的产品和运营副总裁Corey Thomas 说Metasploit将仍然保持为一个使用免费许可的开源项目,但同时还将有赖于全职开发和品质保证的职员。Metasploit的创建人H.D. Moore和其他几位重要的贡献者都加入了Rapid7。
下文转自Rapid7的网站:
BOSTON, Mass. – October 21, 2009 – Rapid7, the leading provider of unified vulnerability management, compliance and penetration testing solutions, today announced the acquisition of Metasploit, the principal organization behind the open source penetration testing framework and world’s largest database of public, tested exploits, the Metasploit Project. As a result of the acquisition, Rapid7 will leverage Metasploit to enhance its vulnerability management solution, Rapid7 NeXpose™, becoming the only company to deliver a full breadth of security assurance solutions and expertise. Rapid7 will also sponsor dedicated resources and contributions to the standalone, community-driven Metasploit Project to further its growth and success.
阅读全文
by:vitter@safechina.net
blog.securitycn.net
最近在搞oracle,一些小东西记录一下。
Metasploit是一个很好的攻击工具包,当然我们这次不是介绍这个工具包的,主要是大牛MC写 了很多oracle的工具,在最近会经常用。我主要会用到经典工具tnscmd移植到MSF中的小工具(不如pl的好用,没换行,看结果很 累),sid_brute和login_brute,用的最多的还是暴力破解oracle用户名和密码的login_brute。下面就说下怎么安装和使 用,主要是安装,因为有些需要注意的东西,请注意斜体字。
1、先装gcc编译环境 (我用的server比较惨,最小安装,系统也老,FC2。)
阅读全文
#Trace: Offensive Security的免费课程,相当不错。
Free Online Information Security Training By Offensive Security
http://www.offensive-security.com/metasploit-unleashed/
From:Web安全手册
西瓜注:trace在文章里面把链接给的太隐蔽了,还是要厚道啊,你可以不小心殿下videos那个单词。链接还是明白说:点这里
Chris Gates has uploaded some of the videos how to hack Oracle with Metasploit:
* Metasploit Oracle TNSCMD SMBRelay Demo
* Metasploit Oracle Extproc Backdoor Demo
* Metasploit Oracle Login Brute and Privilege Check Demo
* Metasploit Oracle CGI Scanner and SID enumeration
