Rapid7 Blog

Wei Chen  

AUTHOR STATS:

42

Testing SMB Security with Metasploit Pro Task Chains: Part 2

This is part two of our blog series on testing SMB security with Metasploit Pro. In the previous post, we explained how to use Metasploit Pro’s Task Chains feature to audit SMB passwords automatically. Read it here if you haven’t already. In today’…

Testing SMB Server Security with Metasploit Pro Task Chains: Part 1

A step-by-step guide to testing SMB server security using Metasploit Pro Task Chains.…

Attacking Microsoft Office - OpenOffice with Metasploit Macro Exploits

It is fair to say that Microsoft Office and OpenOffice are some of the most popular applications in the world. We use them for writing papers, making slides for presentations, analyzing sales or financial data, and more. This software is so important to businesses that,…

Breaking Metasploitable3: The King of Clubs

Metasploitable3 is a free virtual machine that we have recently created to allow people to simulate attacks using Metasploit. In it, we have planted multiple flags throughout the whole system; they are basically collectable poker card images of some of the Rapid7/Metasploit developers. Some…

Metasploitable3: An Intentionally Vulnerable Machine for Exploit Testing

Test Your Might With The Shiny New Metasploitable3 Today I am excited to announce the debut of our shiny new toy - Metasploitable3. Metasploitable3 is a free virtual machine that allows you to simulate attacks largely using Metasploit. It has been used by people in…

New Metasploit Tools to Collect Microsoft Patches

Patch testing and analysis are important parts in vulnerability research and exploit development. One popular reason is people would try this technique to rediscover patched bugs, or find ways to keep an 0day alive in case the fix in place is inadequate. The same process…

The New Metasploit Browser Autopwn: Strikes Faster and Smarter - Part 2

Hello again, Welcome back! So yesterday we did an introduction about the brand new Browser Autopwn 2, if you have not read that, make sure to check it out. And today, let's talk about how to use it, what you can do with it for…

The New Metasploit Browser Autopwn: Strikes Faster and Smarter - Part 1

Hi everyone, Today, I'd like to debut a completely rewritten new cool toy for Metasploit: Browser Autopwn 2. Browser Autopwn is the easiest and quickest way to explicitly test browser vulnerabilities without having the user to painfully learn everything there is about each exploit and…

Msfcli is no longer available in Metasploit

Hi everyone, This January, we made an announcement about the deprecation of Msfcli, the command line interface version for Metasploit. Today we are ready to say good-bye to it. Instead of Msfcli, we recommend using the -x option in Msfconsole. For example, here's how you…

MsfPayload and MsfEncode are being removed from Metasploit

Oh hi folks, Last year on December 9th, we made an official announcement about deprecating MsfPayload and MsfEncode. They are being replaced by msfvenom. Well, today is the day we pull the plug. We are currently in the process of removing these two utilities, and…

Using Host Tagging in Metasploit for Penetration Testing

Hello my fellow hackers, For today's blog post, I'd like to talk about host tagging a little bit in Metasploit. If you are a penetration tester, a CTF player, or you just pop a lot of shells like a rock star, then perhaps this will…

12 Days of HaXmas: Opening Up My Top Secret Metasploit Time Capsule

This post is the second in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014. For today's HaXmas amusement, I have something fun to share with…

Good-bye msfpayload and msfencode

Greetings all, On behalf of the Metasploit's development teams, I'd like to officially announce the decision of deprecating msfpayload and msfencode. Also starting today, we no longer support or accept patches for these two utilities. On June 8th 2015, the elderly msfpayload and msfencode will…

Metasploit Weekly Update: Prison Break

In this week's Metasploit update, we'd like to introduce two sandbox escaping exploits for Internet Explorer, and demonstrate how you're supposed to use them. The two we're covering are MS13-097, an escape due to Windows registry symlinks. And MS14-009, by exploiting a type traversal bug…

"Hack Away at the Unessential" with ExpLib2 in Metasploit

This blog post was jointly written by Wei sinn3r Chen and Juan Vazquez Memory corruption exploitation is not how it used to be. With modern mitigations in place, such as GS, SafeSEH, SEHOP, DEP, ASLR/FASLR, EAF+, ASR, VTable guards, memory randomization, and sealed optimization,…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now