Awhile back I installed a version of Metasploit Pro while juggling a couple other tasks and unfortunately I noted the password in an encrypted text document and forgot the location which in itself was a fail. Regardless of the mistake I made luckily Metasploit Express and Metasploit Pro make it easy enough to change the msf user web console password without any pain. Use the directions below to modify the msf users login information on your Metasploit Pro or Metasploit Express installation.
I was creating some demo videos for a class I am giving in a few weeks and I decided to post a few that I will not be using. This is the first in a series of Metasploit Attacks I will be showing. As always, these things are for instructional use only. Special thanks to…
Recently Lots of people ave been asking about using autopwn in Metasploit. It used to be that it used a Sqlite3 database however the folks over at Metasploit say it is unstable and we should use Postgress. This article will be using the Backtrack 4 Linux Operating System so it may be different on another OS.
One of the hottest new tools in Backtrack 4 final is the Social Engineering Toolkit otherwise known as SET. The tool was written by a major contributor to Backtrack, David Kennedy (ReL1k). He is also a friend. The homepage for SET is http://www.secmaniac.com/ and there is more useful information there.
This attack takes advantage of a vulnerability in Adobe Reader and Acrobat. The official release is here. Adobe has been informed of this vulnerability for well over a month now and has issued a statement that it will release a fix on January 14th. It is a scary thought that this exploit will be live and in the wild for almost 2 months before Adobe decides to fix it. I am making this post in order to make people aware of how such a attack can take place and how easy it is to implement.