For the past couple of weeks I have been discussing the basics of Metasploit. There was a minor version update, 3.4.1, that came out late last week. A few interesting updates arrived in 3.4.1, including a limited version of the Meterpreter that runs on PHP. There is also a Meterpreter extension named ‘RAILGUN’ which lets [...]

A couple weeks ago I rewrote a vulnerability for Metasploit that I originally wrote for CANVAS. The exploit is for a network printer application called NIPrint. It is a pretty basic stack overflow vulnerability and the language to the exploit is fairly straight forward.
The key parts, from a Metasploit user’s prospective, is the Target section [...]

There are two aspects to Metasploit that I would like to cover today. The first is pivoting, a topic I mentioned in a previous post, and the second is the way a user interfaces with Metasploit. Pivoting allows an attacker to use a compromised system to attack other systems on the same network. [...]

Yesterday I introduced the exploit module portion of Metasploit. In this installment of Metasploit Basics I will discuss the payload modules included in Metasploit.
The payload modules contain shellcode which can perform a number of interesting tasks depending on which payload is selected. There are seven main payload types available [...]

We often hear about Metasploit being used for attacks or exploits being developed for it but some may only have a general idea of the power of Metasploit. This set of articles is intended to to provide to the layman, who has never and may never run Metasploit, an understanding of [...]

Yesterday I received a few of the Raven ZigBee USB sticks with the KillerBee firmware loaded on it, thank you Joshua Wright. I grabbed the latest version of Killerbee and started playing around with KillerBee and the ZigBee sticks. KillerBee is an 802.15.4 exploration and exploitation framework. It was extremely easy to get running, I [...]

Last week I went to Pacific Northwest National Laboratory to assist them with Portaledge. The Department of Energy thought it would be a good idea to include Portaledge output in PNNL’s National SCADA Test Bed Real-Time Security State Visualization Project, I hope they find a good acronym or project name for that. When I arrived [...]

For the past week I have been collecting all data related to known ICS vulnerabilities. Most vulnerabilities are well known and all of the data have I added is publicly available. The majority of the vulnerabilities have limited details available due to their sensitive nature. I have included detailed information for the vulnerabilities that have [...]

On Tuesday Rapid7 released a new version of Metasploit. The newest release of Metasploit, version 3.4.0, added over 100 new exploit modules and over 40 new axillary modules from the 3.3 release, bringing the totals up to 551 and 261, respectively. Metasploit 3.4.0 now uses TightVNC for the VNC injection. It [...]

After reading Daniel’s SCADA Everywhere blog I decided to take a look on the Android marketplace. It appears there is very little control system software available for the Android platform. Of the applications I did find, there were a couple of home automation applications, a model train control application and a MODBUS/TCP appliction. [...]