In an earlier post I spoke of different pieces of software I had been using to rip my DVDs to media files, never content to just leave things as they are I took to piecing bits and chunks of various episode clips together. I tried a few different Linux video editors including Kino (a KDE staple), PiTiVi (to be included by default in Ubuntu 10.04), and Cinelerra.

As of this afternoon, the msfencode command has the ability to emit ASP scripts that execute Metasploit payloads. This can be used to exploit the currently-unpatched file name parsing bug feature in Microsoft IIS. This flaw allows a user who can upload a "safe" file extension (jpg, png, etc) to upload an ASP script and force it to execute on the web server.

Update: This module, just like the original exploit, only works on IE6 at this time. IE7 requires a slightly different method to reuse the object pointer and IE8 enables DEP by default.

Many database servers helpfully provide version number, platform, and other salient details to just about anyone who asks, authenticated or not, which makes fingerprinting these applications a snap. However, Postgres is a little more coquettish about revealing such personal information about itself to just anyone. The best way to determine Postgres' version is to log in and just ask with a "select version()" query, but what if you don't (yet) have credentials?

Lucky for unauthenticated types, it turns out that Postgres is pretty forthcoming in its authentication failure messages.

For those of you who don't know me, I have been a developer and computer security enthusiast for many years. I have been involved in computer security, specifically, for the last ten years. The first six years were as an independent research and hobbyist. I have spent the last four years working professionally as a software vulnerability researcher.

Tomorrow I will become the latest addition to the Metasploit and Rapid7 team, filling the Exploit Developer position. I am truly honored to have the chance to be part of such a talented team.

This morning we released version 3.3.3 of the Metasploit Framework - this release focuses on exploit rankings, session automation, and bug fixes. The exploit rank indicates how reliable the exploit is and how likely it is for the exploit to have a negative impact on the target system. This ranking can be used to prevent exploits below a certain rank from being used and limit the impact to a particular target.

On December 1st, Rapid7 announced the Community Edition of the NeXpose vulnerability management product. At the same time, we released version 3.3.1 of the Metasploit Framework, which contains the first step towards full integration between NeXpose and Metasploit.

BackgroundMeterpreter, as I'm sure most of our readers know, is an advanced in-memory payload with tons of useful post-exploitation features. About a year ago, while looking through various buggy, backdoored PHP shells, I decided it might be useful to have some of Meterpreter's networking features in the web's most pwnable language. I started to implement this idea prior to Blackhat last year but got caught up in other projects and let it languish. Last week I dusted it off, cleaned it up and committed the first steps toward a full-fledged Meterpreter in PHP.

If you have graced my page before then odds are you know I love my N900. This past Wednesday Nokia released the PR 1.2 update for the N900 and one of the features they added was support for the front facing camera to make video calls via the VOIP services Skype and Google Talk. I made my first video call this evening on my N900 and it works quite well!

After five months of development, version 3.4.0 of the Metasploit Framework has been released. Since the last major release (3.3) over 100 new exploits have been added and over 200 bugs have been fixed.