Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Category Archives: Metasploit

{QuickPost} /auxiliary/server/capture/printjob_capture

Comments Off on {QuickPost} /auxiliary/server/capture/printjob_capture Posted by on December 7, 2012

Some months bask I asked people to help me test out a printer MITM modules I was working on for Metasploit. Well the good news is, I finally managed to get things working (mostly) and the module was accepted into Metasploit trunk a few months back (yeah, I’ve been slacking recently on updating the blog, sorry).

Currently it supports RAW and LPR (IPP proved a pain in the… well, you know what. I’m hoping to implement this in a future revision however.)

Feel free to try it out and let me know what you think… More information can be found HERE

Links:

Metasploit, Penetration Test, Security , , , , ,

PrintJob MITM – Testers Wanted

2 Comments Posted by on April 11, 2012

I had some time over the long weekend to tweak a Metasploit script I’ve had lying around for a few months years. When I wrote the Python prn-2-me script I also drew up the basics of a printjob MITM module for Metasploit but never managed to finish it up.

The Python version is limited in that it was designed to handle RAW print streams only… it was also really badly written (like most of my early Python stuff). The Metasploit Module I’m testing currently should also handle LPR/LPD printjobs by sitting in the middle and passing communications backwards and forwards between the client and the printer. I’ve also begun to look at implementing some IPP sniffing as well, using the same technique as LPR/LPD (streaming the data to the printer and sniffing out the printjob and Metadata).

This is still a work in progress, and handling LPR/LPD and IPP is a bit more tricky than RAW printjobs.

A couple of helpful folks have been testing out the module for me… if you want to assist please take a look at the module and see what you think (download link below). If you have any problems please do a packet capture so I can see what’s not working correctly and adapt the module. As the various printers and drivers handle things slightly differently the idea is to look at as many models as possibly (not just HP!).

Links:

Metasploit, Penetration Test, Security , , , , ,

Some stuff about SVN

Comments Off on Some stuff about SVN Posted by on December 31, 2011

As I mentioned in my earlier post, the automated Metasploit Modules posts are going the way of the dodo. Still, there are a few things from my automated posts that I didn’t want to just disappear, mainly because I’m sure I’ll forget them if I don’t post about them. Ignoring all the issues with setting up mutt to email a file at a set time, and getting WordPress to correctly format an emailed HTML file, the main thing I wanted to note was some SVN tricks I picked up while writing my automated shell script. I’m not sure how well-known or useful these tips are, but here that are anyway, for those that are interested.

svn diff

There are various uses for the svn diff command. However for the purposes of automating a list of new modules added to Metasploit I used the diff command to summarize changes to the TRUNK itself.

Example:

svn diff https://metasploit.com/svn/framework3/trunk –summarize -r  14450:HEAD –non-interactive

….

M https://metasploit.com/svn/framework3/trunk/lib/msf/core/rpc/v10/client.rb
M https://metasploit.com/svn/framework3/trunk/lib/msf/core/model/workspace.rb
A https://metasploit.com/svn/framework3/trunk/lib/msf/core/post/windows/shadowcopy.rb
M https://metasploit.com/svn/framework3/trunk/lib/msf/core/auxiliary/report.rb
....

This example will output all changes (Additions, Deletions, Modifications) to the files in the TRUNK between revision 14450 and HEAD (a shortcut for the current revision). This is great, but not everybody happens to remember the revision numbers used on a set date, and although it was useful for automated scripts (simply save the HEAD revision number for use as a starting point in the next script) it doesn’t lend itself to easily seeing what’s been changed in the last week/month/year.

So what can we do to get just the last weeks changes… the -r in the above example can be altered to include a set date as either the start of end point. By putting a date inside {} brackets you can see exactly what was  changed in the last week.

Example:

svn diff https://metasploit.com/svn/framework3/trunk –summarize -r  {2011-12-24}:{2011-12-31} –non-interactive

We can obviously take this a step further and begin filtering the output for only the newly added scripts using simple regex. I implemented this in a shell script by piping the output to  “grep ‘^A’ | cut -b 8-” to select only the Additions and remove the preamble from the output.

svn info

As an aside, the following command will give you the current revision as well as further information

svn info https://metasploit.com/svn/framework3/trunk

….

Path: trunk
URL: https://metasploit.com/svn/framework3/trunk
Repository Root: https://metasploit.com/svn
Repository UUID: 4d416f70-5f16-0410-b530-b9f4589650da
Revision: 14492
Node Kind: directory
Last Changed Author: rapid7
Last Changed Rev: 14492
Last Changed Date: 2011-12-30 23:04:03 +0000 (Fri, 30 Dec 2011)

of course, if you just want the Last Changed Rev number, then piping this into “grep ‘^Revision:’ | cut -b 11-” will give you just the reference number itself.

Well there it is, I hope some of you find it a little useful.

Here’s to 2012! See you on the other side…

Metasploit, Security , , ,

Metasploit Modules: A Year in Review

3 Comments Posted by on December 31, 2011

A month of so back now I started automating some posts on the new Metasploit modules released. As luck would have it, about the same time, the guys over at Rapid7 started to churn out more regular blog post themselves, giving details of the key modules and changes. Although the posts were interesting to a select few, I never saw them as a long-term thing and as the year ticks over to 2012 it’s time to put them to bed. After all, the people at R7 are bound to have a better overview of Metasploit than I am.

Before it goes though, I took time to output newly added modules between 2011-01-01 and now (2011-12-31)… just to show what’s been accomplished in 2011. I’m sure the fine folks at R7 will be putting out a more detailed review together with pretty charts, and maybe even an Infographic or two. Still, I hope this proves useful for some as we wave goodbye to the automated weekly posts.

Note (09 July 2012): As this post has resurfaced recently amongst discussions of how much Metasploit has changed in that last few years, I wanted to add a link here to the description of HD Moore’s Law (as discussed at the end of 2011 by Josh Corman).

Casual Attacker power grows at the rate of Metasploit*

For a full overview of HDMoore’s law and the though process behind it I would point you to the Cognitive Dissedents blog –> http://blog.cognitivedissidents.com/2011/11/01/intro-to-hdmoores-law/

Note: These are only the modules marked as Additions within the modules / tools or scripts directories. Some modules may be excluded and others may appear if they were Deleted and reAdded at some point in the year. I’ll be posting up something about how the lists were created in a separate post soon.

The following modules have been added to the Metasploit SVN between 2011-01-01 and 2011-12-31
Read more of this post

Metasploit, Security , , ,

Older posts