I came across some interesting posts about this area and looked into it more (credit to room362.com and @egyp7). There is a nice way to customise the msf> console prompt to give you some extra info. For me having the local IP address is very useful, saves time later on when using LHOST etc. For example set PROMPT […]
I have just finished the new Metasploit: The Penetration Tester’s Guide book and thought would share my thoughts on this. I am not really a big fan of reading books, I tend to play about and work things out myself but I had to order this book the second I see it as Metasploit is a […]
I came across something very cool today for Metasploit. Armitage has released a very nice gui management system to control Metasploit and make life easier to manage to exploit systems. Although I like to use non gui products, this is really something good and is like an open source Core Impact style system. It allows […]
A recent presentation I gave for 7Safe. It demonstrates how it is possible to fully compromise the domain using a fully patched Microsoft SQL server that has a firewall enabled. Using the SQL server I impersonate the domain administrator account without any passwords or password hashes being known or extracted. It also demonstrates the risk […]
The very latest Adobe Acrobat Reader 9.3.4 (as of today 10th September 2010) is vulnerable (plus earlier versions) to this cooltype sing exploit. No fix as yet.
There has been lots of recent press relating to DLL hijacking. I have tested this out and created a video demonstration to help clear this up as slightly confusing. This is a client side exploit so the user must browse the SMB share or the HTTP server. There is no so called patch from Microsoft […]
A nice little client side exploit here. Download the very latest Quicktime version from Apple.com 18.104.22.168 (3rd Sept 2010) and check for updates to ensure you have the latest version….It is fully exploitable!. Within Metasploit it creates a webserver that the client must browse to, once the client browses it exploits a vulnerability within Quicktime. […]