Well..Sorry for the long gap. Was stuck with some work as usual

First of all wish you all a happy New Year!! A bit late to wish but better late than never

The recent (stale) news much around about the Google/Adobe hack a.k.a “Operation Aurora” is suspected to be executed successfully using a zero-day IE exploit.  The exploit code is publicly available & Metasploit has also released a module for the same. So now you can expect lotta script-kiddies out in action attacking your corporate/home network.

Microsoft had suggested a workaround for the same earlier this week. But the exploit had been much in wild that it had to release an out-of-band patch for the same. We strongly recommend to implement this patch on higher priority. This vulnerability could allow remote code execution if a user simply views a specially crafted Web page using Internet Explorer.

Read more »

Hi guys!,
Yet another version released purely thanks to those who submitted the outputs and suggestions. This release is a complete rewrite of the project. Now MetaScanner uses the xml output provided by nmap and so has a lot of false positives reduced. However as this is  a rewrite, you can expect a lot of bugs : P.

Please report any bugs or any other issues together with out.xml to kalgecin@maestro-sec.com
Read more »

Good news to you all!  Some of you may have experienced a blank page on my site during the weekend but it’s all fixed now. The problem was in uploading the home page to the server. the connection must have been reset at some point Anyway it’s all fixed now and i’ve spent the weekend enhancing and reducing the false positives of the script (thanks for the feedback/scan outputs from all of you). The final version of MetaScanner is out!!! You can download it from here. If you’ve got any question, suggestion or want to submit your scan output, please mail me at kalgecin@maestro-sec.com

Are you a regular Metasploit user?  Tired of scanning a host and tryout different vulnerabilities? Can’t get autopwn to work? It’s not enough? Well guess what?

Use MetaScanner!!!

What is it? It’s a script in ruby script that uses nmap’s output to compare to available exploits in metasploit. This little scanner is still young and need help and suggestions to make it a good one.

Please note that this is not a VULNERABILITY scanner but an EXPLOIT scanner limited to Metasploit exploits.
Feel free to download it and a user guide from :
http://kalgecin.110mb.com

Read more »

Well after a long wait, Metasploit 3.2 has been released with more evil deeds. The evil deeds integrated into the new framework can be briefed as below:

Version 3.2 includes exploit modules for recent Microsoft flaws, such as MS08-041, MS08-053, MS08-059, MS08-067, MS08-068, and many more.

Read more »

I wrote a small article on writing malicious macros for Word/Excel using metasploit.  This article basically  narrates about converting the  metasploit shellcode into vba and then uses it as macro.

Hope that is helpful.

Well I know this is very simple but most of us including me were really confused while adding an exploit or updating svn in Metasploit. Adding an exploit in Metasploit version 2.X was simple. It was as simple as adding .pm exploit file to exploit folder. Now Metasploit has migrated to ruby. Just adding .rb file to exploit does not solve the purpose. You can follow below steps. It worked in my case.

Read more »

Ahaaaa.. Newer version of Metasploit is ready to be released sooner. these will contain few newer added features. To brief , they include names such as Browser AutoPwn, Metasploit in the Middle and the Evil Wireless Access Point. As all know Metasploit is free exploit scanner and the best available. Metasploit3.0 project has moved to an all Ruby programming base, which Moore credits with quickening development and exploits.

It has made hacking (for kiddies) very easy. Just choose the target, the exploit and the payload and Boom you get their shell (of-course if the system is vulnerable).

Read more »