Since everyone else is releasing code to check for/exploit the vmware server/esx/esxi directory traversal vulnerability I pushed up my checker module to the metasploit trunk as an auxiliary scanner module.

If you want to just download a full guest host check out:
GuestStealer -- http://www.fyrmassociates.com/tools/gueststealer-v1.1.pl

or the

nmap script -- http://www.skullsecurity.org/blog/?p=436

Props on the blog spam for this one...

If I hadn't had coffee this morning that one might have snuck on through.

Shiny new hotness...

meterpreter > getuid
Server username: WINXPSP3\user **user is an admin, if not admin you can only use -t 4 or -t 0 which will iterate through all options**

meterpreter > use priv
Loading extension priv...success.
meterpreter > getsystem -h
Usage: getsystem [options]
Attempt to elevate your privilege to that of local system.

So I had a requirement to take some output from nmap scans, shove it into a database and then be able to run some queries on that data.

Wait, isn't there something that already does that?!

Actually PBNJ and nmap_xml2sql.pl will do this but uses (eeeek!) perl to do it. I wanted to do it in Ruby.

Your options for Ruby & Nmap parsing are:

-rubynmap http://rubynmap.sourceforge.net/
-ruby-nmap http://ruby-nmap.rubyforge.org/
-metasploit has its own nmap xml parser
-writing your own

I started with rubynmap for my parsing gem.

Just a list of online (mostly) md5 crackers but some with do others

This post over on pcsec got me thinking about them.

http://www.pcsec.org/archives/MD5Seacrh-v18-by-mass.html

Of course not all those are working, least not for me.

So here is that list with links and a few others thanks to my twitter homies

passcracking.ru http://passcracking.ru/
md5crack http://md5crack.com/
md5decryption: http://md5decryption.com/
TheKaine.de: http://md5.thekaine.de/

Since everyone else is doing it...

Top 10 posts of of the year 12/26/2008 - 12/26/2009 - blogspot

Adding your own exploits and modules in Metasploit
http://carnal0wnage.blogspot.com/2008/07/adding-your-own-exploits-in-metasploit.html

Gray Hat Python: Python Programming for Hackers and Reverse Engineers Book Review
http://carnal0wnage.blogspot.com/2009/05/gray-hat-python-python-programming-for.html

Dumping Memory to Extract Password Hashes

Many many things are happening coming up at the end of January / begining in Washington DC.

First HD Moore and I will be giving our Tactical Exploitation class at Blackhat DC Jan 31st - Feb 1st. If you are interested in learning how to hack without exploits, some old and esoteric techniques, and whatever crazy new thing HD is working on, then sign up and hang out with us!

Next I have been working hard with the Blackhat folks to setup the second ever Metasploit Track. We have a great line up of speakers on a wide variety of Metasploit topics.

Metasploit and Money
HD Moore - Metasploit
HD will talk about the joining of Metasploit and Rapid7 as well as all the tons of new features that have been going into MSF.

---

Neurosurgery With Meterpreter

On a recent pentest one of the findings that came up (actually it seems like this finding is on every pentest) is the web server allowing SSLv2.

In the course of doing the report I of course wanted to point to a good reason why this was the case. It was actually difficult to find a CVE/CVSS/etc to say why its bad, in fact I never did. Kind of the same with allowing VRFY on your SMTP server. We all know its bad, but where is the proof.

Nevertheless, here are some links that were useful in understanding the problem.

http://www.foundstone.com/us/resources/whitepapers/wp_ssldigger.pdf

So just wanted to paste a few links to various views on the security community I have a come across lately.

The Extinction of Hackers by FX
http://www.phenoelit.net/extinction.html

The established community and its rules have the effect of distracting young hackers from their own, personal goals. You are not accepted as a hacker if you run Windows (there are very few exceptions). If you are not an established and respected person, you must run at least Linux, but never one of the large distributions like RedHat or Suse, even if your goal is hacking in the Microsoft .NET environment.


Hey I'm as vain as the next security dude in the community so let's see how I can stroke my own ego with metasploit!!

Metasploit has awesome banners. Once you load it up you'll get your random banner or you can just keep typing banner to randomly get one. If you don't like hdm's banner hotness, you can always roll your own. And thanks to msf in color its never been easier to sexy up your ascii art.

I wanted to see carnal0wnage when I started it up.

Step one. Find and open banner.rb in your favorite editor. banner.rb is located in %msfdir%/lib/msf/ui (do I need to tell you to make a backup of the orig?)

Step two. Go to ascii art generator of choice and pick a few pimp ass ascii logos for whatever you want (even though metasploit is pretty damn cool as it is)