Metasploit 3.5.1 adds Cisco device exploitation
Posted on 16 December 2010.
Metasploit now enables security professionals to exploit Cisco devices, performs passive reconnaissance through traffic analysis, provides more exploits and evaluates an organizationís password security by brute forcing an ever increasing range of services.

This latest release adds stealth features, exposing common flaws in IDS and IPS, and anti-virus threat detection. Team leaders may now impose network range restrictions on projects and limit access to specific team members.

Adding to its social engineering capabilities, Metasploit can also now attach malicious files to emails, for example PDF and MP3 files that can take control of a userís machine.

The highlights of Metasploit version 3.5.1 are:

Gain access to Cisco devices. Metasploit now automatically exploits authentication bypass flaws if present and can brute force access through Telnet, Secure Shell, HTTP and SNMP protocols. After successful exploitation, Metasploit downloads configuration files and automatically extracts passwords, VPN keys, and wireless credentials. These credentials can then be leveraged to gain deeper access to the rest of the network. This version adds additional network device audit and exploitation features (only available in Metasploit Express and Metasploit Pro).

Silently discover of active networks. Metasploit imports network traffic logs from the pcap packet capture files, identifying hosts, services and clear-text passwords. This information is then used to plan an active attack against the network. The new version also accelerates the discovery of host discovery and port scans.

Brute force UNIX ďrĒ services, VNC and SNMP. Adding to its broad brute forcing capabilities, Metasploit now audits password security of rshell, rlogin, rexec, VNC and SNMP services. UNIX "r" services leverage discovered usernames for both the source and destination users fields specified in these protocols.

Evade IPS/IDS and anti-virus systems. Metasploit includes enhanced stealth options to avoid triggering IDS and IPS, the alarm systems of modern networks. An enhanced anti-virus evasion ensures that exploits are not stopped by end-point defenses.

Attach malicious PDF and MP3 files to emails. Metasploit makes social engineering attacks more sophisticated by adding malicious files to emails, for example, PDF and MP3 files.

Run additional exploits. Metasploit adds exploits for SAP BusinessObjects, Exim mail servers, ProFTPD file transfer installations, SCADA deployments (BACnet, Citect, DATAC), Novell NetWare servers, Microsoft Internet Explorer and browser plugins such as Adobe Flash and Oracle Java.





Spotlight

Hackers indicted for stealing Apache helicopter training software

Posted on 1 October 2014.  |  Members of a computer hacking ring have been charged with breaking into computer networks of prominent technology companies and the US Army and stealing more than $100 million in intellectual property and other proprietary data.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //