security.crudtastic.com

The Metasploit Project is proud to announce the release of the Metasploit Framework version 3.4.1.  As always, you can get it from our downloads page, for Windows, Linux or as an OS-independent tarball.  This release sees the first official non-Windows Meterpreter payload, in PHP as discussed last month (http://blog.metasploit.com/2010/06/meterpreter-for-pwned-home-pages.html).

 Rest assured that more is in store for Meterpreter on other platforms.  A new extension called Railgun is now integrated into Meterpreter courtesy of Patrick HVE, giving you scriptable access to Windows APIs and an unprecedented amount of control over post-exploitation.  For those of you wishing to contribute to the framework, a new file called HACKING has been introduced that lays out a few guidelines for making it easier.

 This release has 16 new exploits, 22 new auxiliary modules and 11 new Meterpreter scripts for your pwning enjoyment.  For more in-depth information about this release, see the 3.4.1 release notes at

https://www.metasploit.com/redmine/projects/framework/wiki/Release_Notes_341

 - The Metasploit Team

Downloads and more information at http://www.metasploit.com/

REMnux: A Linux Distribution for Reverse-Engineering Malware

REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser.

About REMnux

REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As part of this process, the analyst typically infects another laboratory system with the malware sample and directs potentially-malicious connections to the REMnux system that’s listening on the appropriate ports. REMnux is also useful for analyzing web-based malware, such as malicious JavaScript, Java programs, and Flash files. It also has tools for analyzing malicious documents, such as Microsoft Office and Adobe PDF files, and utilities for reversing malware through memory forensics. In these cases, malware may be loaded onto REMnux and analyzed directly on the REMnux system without requiring other systems to be present in the lab. You can learn about malware analysis techniques that make use of the tools installed and pre-configured on REMnux by taking my course on Reverse-Engineering Malware (REM) at SANS Institute.

What REMnux Is Not

REMnux isn’t a fancy distribution that was built from scratch… In simple terms, it’s a virtual machine that runs Ubuntu and has various useful malware tools set up on it. REMnux does not aim to include all malware analysis tools in existence. Many of these tools are designed to work on Windows, and investigators prefer to use Windows systems for running such tools. If you are interested in running Windows analysis tools on a Linux platform, take a look at the Zero Wine project. If you are looking for a more full-featured Linux distribution focused on forensic analysis, take a look at SANS Investigative Forensic Toolkit (SIFT) Workstation.

Orignal HERE

** NEWS JUST IN **

Downloads and more information: http://www.metasploit.com

After five months of development, version 3.4.0 of the Metasploit Framework has been released. Since the last major release (3.3) over 100 new exploits have been added and over 200 bugs have been fixed.

This release includes massive improvements to the Meterpreter payload; both in terms of stability and features, thanks in large part to Stephen Fewer of Harmony Security. The Meterpreter payload can now capture screenshots without migrating, including the ability to bypass Session 0 Isolation on newer Windows operating systems. This release now supports the ability to migrate back and forth between 32-bit and 64-bit processes on a compromised Windows 64-bit operating system. The Meterpreter protocol now supports inline compression using zlib, resulting in faster transfers of large data blocks. A new command, “getsystem”, uses several techniques to gain system access from a low-privileged or administrator-level session, including the exploitation of Tavis Ormandy’s KiTrap0D vulnerability. Brett Blackham contributed a patch to compress screenshots on the server side in JPG format, reducing the overhead of the screen capture command. The pivoting backend of Meterpreter now supports bi-directional UDP and TCP relays, a big upgrade from the outgoing-only TCP pivoting capabilities of version 3.3.3.

This is the first version of Metasploit to have strong support for bruteforcing network protocols and gaining access with cracked credentials. A new mixin has been created that standardizes the options available to each of the brute force modules. This release includes support for brute forcing accounts over SSH, Telnet, MySQL, Postgres, SMB, DB2, and more, thanks to Tod Bearsdley and contributions from Thomas Ring.

Metasploit now has support for generating malicious JSP and WAR files along with exploits for Tomcat and JBoss that use these to gain remote access to misconfigured installations. A new mixin was creating compiling and signing Java applets on fly, courtesy of Nathan Keltner.
Thanks to some excellent work by bannedit and Joshua Drake, command injection of a cmd.exe shell on Windows can be staged into a full Meterpreter shell using the new “sessions -u” syntax.

This marks the first major release developed under the Rapid7 label and coincides with general availability of Metasploit Express, our first commercial product. We hope you enjoy using the framework as much as we like working on it.

- The Metasploit Team

So it’s time to build a bit of a test lab at home. There’s time when you want to test an exploit .. or just have a hack at a few things. You can’t just get out on the internet and have a crack at other peoples machines now can you!

So I decided that I was going to knock something together real quick (after all  .. I have to go back to work in a few days). So this is my first version of my test lab (if you’re interested). I’m thinking of it more as a work in progress than anything else, I’m sure it will evolve as time goes by.

For hardware I just went and got a cheap Dell tower machine. It’s nothing special, Core 2 quad, at the moment it only has 4gig of ram in it, but I’ll bump it up to 8 next week. My base OS is Windows 7 (I’m hoping the I can end up using it for more than just a test lab, having said that I’m already wishing I’d built it on 2003) and I’m using VMware Server for the virtual machines. As for the virtual machines I’m running

• de-ice.net scenario 1 & 2 (get them by registering for the forums at http://forums.heorot.net)
• pWnOS (also get it by registering at http://forums.heorot.net)
• Damn Vulnerable Linux 1.4 (http://www.damnvulnerablelinux.org or google)
• Fedora Core 4 – current (google that one – the old versions are unsupported now)
• Windows Server 2000 SP4
• Multiple Windows XP (Vanilla through to SP3)
• Backtrack 3 & 4 (get it from http://www.remote-exploit.org/backtrack.html)
• and a few other bits and bobs

This is all great .. but only a few of those are purpose built with exploits right? So what we want to do is be able to build something with an exploitable service or application .. thats when we go to sites like http://www.crackmes.de/ & https://www.securinfos.info/old-softwares-vulnerable.php & http://www.oldapps.com/ etc. With a bit of research on sites such as milw0rm and exploit-db you should be able to create something that will be a bit of fun.

When I set my lab up I also set up a VPN server so I could remote into the lab rom work, or allow friends of mine to remote in and have a bang at getting some of these boxes as well.

This lab is far from perfect, in fact, it’s been quite rushed and there’s a lot of things I would already like to change about it (which I will do when I get time to play), but for now it’s going just fine!

I hope this offers some form of help to you guys out there that are wanting to start up a quick lab somewhere, the media used here as the basis of my lab is a great and easy start.

Ascii Hex Cheat Sheet

You never know when you’ll need a cheat sheet for ascii hex decimal conversions! So in the rare case that you need one (like me right now) here’s one that’s easy to find!

Enjoy!!

It seems some people are having issues finding netcat for Windows (I seem to have found it pretty easily).

Anyway .. for those of you that are having issues you can get it from here http://security.crudtastic.com/nc111nt.zip

I won’t bother with a tutorial for it, there’s them of them around. Enjoy!