Offsec Web Server Hacked

For the past couple of weeks we have been watching escalating DOS attacks against our web server, specifically against the Metasploit Unleashed Wiki. Today as we were watching our apache logs, we noticed unusual requests. A quick analysis showed that our web server was compromised through a vulnerability in the wiki software we use for the free Metasploit course. The compromise occurred on Nov 6th,and went unnoticed for  around 28 hours.

A php shell was uploaded to the wiki through an obscure vulnerability,

… Read more »

Read More

Offensive Security Exploit Archive

For the past few months, Offensive Security has been working with additional exploit addicts (Rel1k) at maintaining the integrity of the Milw0rm exploit archive. For those who don’t know, Milw0rm has been dormant in the past few weeks, for reasons which remain with str0ke (he is alive, healthy and well btw).

Offensive Security together with Gerix.it will be picking up from the place Milw0rm left, and will be maintaining a new exploit archive collection which will be open to the public.

… Read more »

Read More

Metasploit Rising

The Framework that we all know and love is about to take a massive leap into the future.   The MSF crew as well as the MSF itself has been placed under Rapid 7’s corporate umbrella.

The framework will continue to be free, running under the BSD license. We expect to see major improvements in the MSF due to this shift. With corporate backing there will be more resources and time to improve the MSF.

… Read more »

Read More

News and Updates

We’ve got a bunch of exciting news, I’ll try to make this as short and concise as possible.

The guys from the Metasploit project have teamed up with Offensive Security to significantly expand our current Metasploit Unleashed public course. Work is underway!

Apropos MSFU, some statistics – over 3 million page views, 80k unique visitors and 58,000 password bruteforce attempts since the course is up.

BackTrack 4 development is going on strong,

… Read more »

Read More

Social Engineering at its best

In conjunction with a team of social engineers, penetration testers and information security experts, www.social-engineer.org is opening its “virtual” doors today.

The team at Offensive Security has been working with many contributors and specialists to put together the Webs Official Framework for Social Engineering.

www.social-engineer.org will house an ever growing framework for social engineering as well tools, how-to’s,  informational reviews and podcasts all geared at helping security minded professionals enhance their awareness and knowledge in the field of social engineering. 

… Read more »

Read More

Microsoft IIS FTP 5.0 Remote SYSTEM Exploit

A remote Microsoft FTP server exploit was released today by Kingcope, and can be found at http://milw0rm.com/exploits/9541, https://www.exploit-db.com/exploits/9541/

A quick examination of the exploit showed some fancy manipulations in a highly restrictive environment that lead to a”useradd” type payload. The main issue was the relatively small payload size allowed by the SITE command, which was limited to around 500 bytes.

After a bit of tinkering around,

… Read more »

Read More

Metasploit Unleashed – Mastering the Framework

The Offensive Security Team along with several active community members, have been working diligently to bring you an in depth course on the Metasploit Framework – “Mastering the Framework” . This course will take you on a journey through the  Metasploit Framework in full detail, and will include the latest MSF features such as:

  • Advanced Information gathering
  • Social Engineering attacks
  • Advanced port scanning
  • Writing your own MSF plugins
  • Auxiliary modules kung fu
  • Vulnerability Scanner Integration
  • Writing simple MSF fuzzers
  • Pivoting,

… Read more »

Read More