Using Meterpreter For Remote Keystroke Sniffing

The development version of Metasploit now allows keystroke sniffing through Meterpreter sessions. This has been implemented as set of new commands for the stdapi extension of Meterpreter. This works with the help of the keyscan_start command, which spawns a new thread inside of the process where Meterpreter was injected and this thread in turn allocates a large 1Mb buffer to store captured keystrokes. . . . → Read More: Using Meterpreter For Remote Keystroke Sniffing

Automatic Routing Through New Subnets

Among the coolest features in metasploit is the ability to tunnel through a meterpreter session to the network on the other side. The route command in msfconsole sets this up but requires a bit of experience to get right. . . . → Read More: Automatic Routing Through New Subnets

Reproducing the Aurora IE Exploit

Yesterday, a copy of the unpatched Internet Explorer exploit used in the Aurora attacks was uploaded to Wepawet. Since the code is now public, the guys from Metasploit have ported it to a module in order to provide a safe way to test your workarounds and mitigation efforts. . . . → Read More: Reproducing the Aurora IE Exploit