Now that I've consumed a significant percentage of my own weight in turkey (seriously, it was something like five percent), it's time to shake off the tryptophan and get this week's update out the door.

Attacking Security Infrastructure: OpenVAS

This week's update features three new module for bruteforcing three different OpenVAS authentication mechanisms, all provided by community contributor Vlatko @k0st Kosturjak. OpenVAS is an open source security management stack that's pretty popular, so if you're a pen-tester and you run into this on a site, you can be quite nearly guaranteed that it's a pretty decent target, full of domain administrator credentials and their equivalents. If you're not familiar with OpenVAS already, you can look at their architecture diagrams to get a sense of what it offers. Kost's modules hit the OpenVas Management Protocol (OMP), the OpenVas Transport Protocol (OTP), and the Greenbone Security Assistant daemon (GSAD), so you can take your pick on which vector you'd like to exploit for bruteforcing. If you are familiar with OpenVAS, and you have decent passwords, this shouldn't concern you at all. Of course, running a quick password audit with Metasploit might ease any concerns that you might have -- after all, it's kind of a "who watches the Watchmen?" situation.

Return of the SAP Modules

As mentioned last week, community contributor @nmonkee gave up a huge braindump of SAP auxiliary modules. This is week two of the Great SAP Integration -- we've got four new SAP modules to leverage some known SAP credentials into command injection. That brings the total number of new SAP modules to 12, with what looks like two or three more on the way. You can read up on why this is all significant over on the MWR Labs blog, with the short story of: lots of orgs use SAP, and you should be able to use Metasploit as a SAP client to leverage intended and sometimes unintended functionality therein.

New Modules

In addition to round two of SAP modules and OpenVAS bruteforcing, we've got three new exploits (for Quicktime, Narcissus, and NetIQ), and a pretty neat single-command psexec-style command runner for Windows targets. Check them out at Metasploit's Exploit Database.


If you're new to Metasploit, you can get started by downloading Metasploit for Linux or Windows. If you're already tracking the bleeding-edge of Metasploit development, then these modules are but an msfupdate command away. For readers who prefer the packaged updates for Metasploit Community and Metasploit Pro, you'll be able to install the new hotness today when you check for updates through the Software Updates menu under Administration.

For additional details on what's changed and what's current, please see the most excellent release notes.