A while ago I used simple scripts to update this blog. I got a notice that my sites were out of date and I could run it to update all my sites, quickly and easily. A list popped up with all my Word Press installs and what version each one was currently at. Also the words “Upgrade Available” in blood red next to each install. While I should have paid more attention to what version each one said was installed, I didn’t. I think this is where I got myself in trouble. After my site broke, I went back and looked closer and found that you can change which version you have installed because what is listed can be wrong. After that I noticed that there was also an option for backing up the entire site before you upgrade as well as an option to restore it. But of course I didn’t do either and it was too late. This site was still up and running but I had problems behind the scenes. I couldn’t create, view or edit new posts. I also couldn’t view or edit previous posts. When I logged in as admin and went to posts, I would get a list of what I had, but if I tried to edit any of them or create a new post, I would just get a blank page. No where to type, none of the edit buttons, not even a publish button. I did figure out a way to to type a post into another program and copy and paste it into the quick post option. But I couldn’t add any links or use html or even preview my post. And after I did post it, I couldn’t edit it or anything.
Monthly Archives: November 2009
Website Woes
Metasplot Framework 3.3 Just Released
Tagged as pen test, security, software
t’s been about a year since one of the best pen testing tools has seen an upgrade to the framework. Metasploit Framework 3.3 is now available. Not only does it support Linux, Windows, OS X, and many versions of BSD, but now it also supports Windows 7. And according to the website this release has 446 exploits, 216 auxiliary modules, and hundreds of payloads, including an in-memory VNC service and the Meterpreter. However one of the new features that I’m pleased about is you can now run a full console version in Windows using Cygwin which is how I like to run nmap when I’m on my Windows computers, and RXVT. To be honest, I haven’t fired up any of my Linux machines in a while. I just boot from a Linux Live CD most the time but I digress.
The Windows installer works on all versions of Windows from 2000 to Windows 7 and the Linux installer works on most versions of Linux released in the last five years.
I’d like to point out, this is not a toy. This is the bad boy of penetration testing tools. I love using this because I know that if I can’t get into the system I’m testing with it, I can feel pretty confident that system is pretty secure. I wouldn’t go so far as to say that I’m 100% secure because I’ve been doing this long enough to know there is no such thing. But if you can’t successfully attack one of your computers with this, then chances are neither can the script kiddies.
