Metabrik Core And Repository 1.08 Released

A new version of Metabrik Core and Repository is available. Update using Mercurial or follow the installation procedure. Changes Core 1.08 Thu Mar 19 06:48:34 CET 2015 – FEATURE: core::shell: run executable commands found in PATH through system Command – UPDATE: shell::command: now use IPC::Run3 to capture shell commands output – update: shell::command: system Command

Continue Reading »

0COMMENTS

Exploiting ElasticSearch RCE For CVE-2015-1427

I told you so: it is a work for Metabrik. While the main target for Metabrik is not to write exploits (you have Metasploit for that), you can still write Briks within the Audit Category. Based on the exploit provided XiphosResearch, we wrote a Command to verify if an ElasticSearch target is vulnerable, and another Command

Continue Reading »

0COMMENTS

Why Writing A TCP SYN Scanner In Perl Can Be Efficient

Everyone wants to write (or already did) its own TCP SYN scanner. Why? Because it is a fun exercise which will teach you a lot of things, like what raw sockets are and, more importantly, how to build packets. Perl for the task Some may argue that using Perl would be inefficient for such a task.

Continue Reading »

0COMMENTS

Metabrik Core And Repository 1.06 Released

A new version of Metabrik Core and Repository is available. Update using Mercurial or follow the installation procedure. Changes Core 1.06 Fri Feb 27 07:17:59 CET 2015 – bugfix: shell::command: go trough PATH to find a cmd to run (like less PAGER) – bugfix: core::shell: on SIGINT handling, now allows to break multiline and run

Continue Reading »

0COMMENTS

Playing With Ten Million Passwords And Logins

A researcher has released a database of ten million logins and passwords. We will show how we can play with it with Metabrik. Fetching the data You have to find the data by yourself, go check it from Mark Burnett post: Today I Am Releasing Ten Million Passwords. Loading Metabrik Briks Note: You will need

Continue Reading »

0COMMENTS

Metabrik Example: Searching CVE Database

In this Metabrik Example, we will show you how to search entries in the CVE database and how to save it to a CSV file. Loading required data First thing to do is to load the required Briks, and ask for help on their usage. Don’t forget you can use so you have completion and

Continue Reading »

0COMMENTS

Getting Metabrik Up And Running

Metabrik is available via a mercurial repository or from a tarball. Follow this installation guide to get Metabrik running. The following of this post will guide you through your first steps with the platform. Ready to serve Everything should be fine from now on, you can run The Metabrik Shell. A default .rc file will be

Continue Reading »

0COMMENTS

How Long Does It Take To Scan The Internet

At networecon, we do massive Internet scanning. We do it like many others are doing it: SHODAN, ERIPP, governments?, to name a few. To correctly plan a scanning session, we need to know how long it will take regarding the task we want to accomplish. For that purpose, we use an Internet Scanning Calculator. For

Continue Reading »

0COMMENTS

One Packet OS Fingerprinting And API Access Unveiled

The latest version of SinFP3 (v1.20, as of this writing) introduces two new cool features: the ability to perform a SYN scan and doing OS fingerprinting at the same time. The idea is to use SYN|ACK answers to the SYN scanning process to accurately identify the remote operating system nature. The second new feature is

Continue Reading »

0COMMENTS

Installation Guide For SinFP3 Under Debian/Ubuntu

Installation of SinFP3 under Debian/Ubuntu may be a bit tricky. They decided to rename one of the best low-level-hiding-thingy library initially called libdnet. Under these Linux distributions, the new name is libdumbnet. We will explain in this guide how to manually install SinFP3 on a fresh Debian/Ubuntu installation. Note: Net::Libdnet is now part of Ubuntu.

Continue Reading »

0COMMENTS