Capturing Logon Credentials with Meterpreter

In the previous post, we described the keystroke sniffing capabilities of the Meterpreter payload. One of the key restrictions of this feature is that it can only sniff while running inside of a process with interactive access to the desktop. In the case of the MS08-067 exploit, we had to migrate into Explorer.exe in order to capture the logged-on user’s keystrokes. . . . → Read More: Capturing Logon Credentials with Meterpreter

Reproducing the Aurora IE Exploit

Yesterday, a copy of the unpatched Internet Explorer exploit used in the Aurora attacks was uploaded to Wepawet. Since the code is now public, the guys from Metasploit have ported it to a module in order to provide a safe way to test your workarounds and mitigation efforts. . . . → Read More: Reproducing the Aurora IE Exploit