Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

bperry  

AUTHOR STATS:

9

GKsu and VirtualBox Root Command Execution by Filename (CVE-2014-2943)

Poisoning VirtualBox via Crafted Filenames When I began researching this, I believed the vulnerability laid within Virtualbox, but I realized this was not true after a bit. The vulnerability being hit is actually within gksu itself. In fact, virtual box did everything right (sort of)…

You have no SQL inj--... sorry, NoSQL injections in your application

Everyone knows about SQL injections. They are classic, first widely publicized by Rain Forest Puppy, and still widely prevalent today (hint: don't interpolate query string params with SQL). But who cares? SQL injections are so ten years ago. I want to talk about a vulnerability…

Sophos Web Appliance Privilege Escalation and Remote Code Execution Vulnerability

Sophos Web Protection Appliance vs 3.8.1.1 and likely prior versions was vulnerable to both a mass assignment attack which allowed privilege escalation, as well as a remote command execution vulnerability as root available to admin users. ZDI details the vuln here.This…

Seven FOSS Tricks and Treats (Part Two)

Adventures in FOSS Exploitation, Part Two: ExploitationThis is part two of a pair of articles about disclosing vulnerabilities in a set of FOSS projects, see part one for some background on these vulnerabilities in particular, and some general advice for FOSS developers and maintainers.A…

GestioIP Authenticated Remote Command Execution module

GestioIP is an open-source IPAM (IP Address Management) solution available on Sourceforge, written in Perl. There is a vulnerability in the way the ip_checkhost.cgi deals with pinging IPv6 hosts passed to it. If you pass an IPv4 address, the CGI uses a Perl…

Communicating and integrating with Metasploit from your Mono/.NET applications

I recently checked into github a C# library that helps allow easy communication and integration from your Mono/.NET applications. The library follows the same Session/Manager pattern as the Nexpose library I mentioned previously in the Nexpose blog. It has support for both the…

Integrating Nexpose Community and Metasploit Community in Backtrack 5 R2

I recently packaged up the new Nexpose release so that Backtrack users can have an up-to-date version of Nexpose, straight from the Backtrack repos. This seemed like a great time to also go over installing Nexpose Community and integrating it with the already-installed Metasploit Community.…

Adventures in the Windows NT Registry: A step into the world of Forensics and Information Gathering

As of a few days ago, the Metasploit Framework has full read-only access to offline registry hives. Within Rex you will now find a Rex::Registry namespace that will allow you to load and parse offline NT registry hives (includes Windows 2000 and up), implemented…

Communicating and integrating with Nexpose from your .NET/Mono applications

Tuesday, the 17th, will be my first day with the Rapid7 crew. In the past, I have worked a lot with C#/.NET technologies, so Chad Loder asked me to get a C# library written for the Nexpose API. You may find the relevant code…