Metasploit Update on backtrack 5R3

Hello,

As we all know that metasploit update is recently switched to github from SVN.

We will get an error while updating the 'msfupdate", if it is not configured to clone with the github.

The github cloning process involves so many changes and troubleshooting errors, I have googled a lot to configure and sharing the same, hoping this may helpful for others having all the settings in one place.

Open the terminal and enter the following command.

-> apt-get update && apt-get install metasploit (it will download around 188mb of data)

-> gem install pg -- --with-pg-config=/opt/metasploit/postgresql/bin/pg_config

-> cd /opt/metasploit/ruby/lib/ruby/1.9.1/i686_64-linux/

-> vim rbconfig.rb

-> comment the following line using "#"

CONFIG["LIBRUBYARG_STATIC"] = “-Wl,-R -Wl,$(libdir) -L$(libdir) -l$(RUBY_SO_NAME)-static”

-> Now copy and paste the following line next to it.

CONFIG["LIBRUBYARG_STATIC"] = “-Wl,-R -Wl,$(libdir) -L$(libdir)

Note: These instructions are applicable for metasploit on backtrack 5R3 however the newer version Kali Linux has the preconfigured set up to update from github directly.

Hangouts with OpenSSL

Hello,

This post is related to the SSL related vulnerabilities reported by the automated
scanners (qualys and nessus) but most of them can be confirmed manually.

 

Here is the list of few SSL related vulnerabilities that can be tested.

SSL Server Allows Anonymous Authentication Vulnerability

openssl s_client -connect TARGET_IP:PORT_NUMBER -cipher aNULL

SSL Server Supports Weak Encryption Vulnerability

openssl s_client -connect TARGET_IP:PORT_NUMBER -cipher LOW (this can be tested with sslscan)

OpenSSL server with NULL cipher support

  

openssl s_client -connect TARGET_IP:PORT_NUMBER -cipher NULL

openssl s_client -connect TARGET_IP:PORT_NUMBER -cipher 0x00

openssl s_client -connect TARGET_IP:PORT_NUMBER -cipher eNULL

(if no ciphers were supported then we can sniff the data by packet sniffing tools like wireshark)

SSL Server weak CBC mode

openssl s_client -connect TARGET_IP:PORT_NUMBER -cipher DES-CBC3-SHA

Connecting to ftp or smtp service over SSL

openssl s_client -connect TARGET_IP:PORT_NUMBER -cipher -starttls smtp (for SMTP service)

openssl s_client -connect TARGET_IP:PORT_NUMBER -cipher -starttls ftp (for FTP service)

While testing for the default usernames and password for the device , service or any thing please following this link:

http://securityoverride.org/default-password-list/ 

SSL/TLS Compression Algorithm Information Leakage Vulnerability (or) TLS Crime attack.

$ openssl s_client -connect Ip:port

GET / HTTP/1.1  [Enter]

Host: google.com [Enter]

Accept-Encoding: compress, gzip [Enter, Enter]

HTTP/1.1 200 OK

Date: Thu, 13 Sep 2012 16:58:57 GMT

Server: Apache/2.4.1 (Unix) OpenSSL/1.0.0g

Last-Modified: Thu, 13 Sep 2012 15:09:56 GMT

ETag: "891a-4c996b33b64aa-gzip"

Accept-Ranges: bytes

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 9005

Content-Type: text/html; charset=utf-8