2 min
Metasploit
Metasploit Wrap-Up: 3/12/21
Three new modules for achieving code execution, a new way to play favorites, and more! Plus a Google Summer of Code announcement!
3 min
Metasploit
Metasploit Wrap-Up: 11/20/20
Two new RCE-capable modules and some good fixes and enhancements!
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 7/24/20
Yes, it’s a huge enterprise vulnerability week (again)
For our 100th release since the release of 5.0
[/2019/01/10/metasploit-framework-5-0-released/] 18 months ago, our own
zeroSteiner [https://github.com/zeroSteiner] got us a nifty module for the SAP
"RECON" vulnerability
[https://attackerkb.com/topics/JubO1RiVBP/cve-2020-6287-critical-vulnerability-in-sap-netweaver-application-server-as-java]
affecting NetWeaver version 7.30 to 7.50. It turns out those versions will allow
anyone to create a
3 min
Metasploit
Metasploit Wrap-Up 4/24/20
Security fix for the libnotify plugin (CVE-2020-7350)
If you use the libnotify plugin to keep track of when file imports complete, the
interaction between it and db_import allows a maliciously crafted XML file
[https://github.com/rapid7/metasploit-framework/pull/13049] to execute arbitrary
commands on your system. In proper Metasploit fashion, pastaoficial
[https://github.com/pastaoficial] PR'd a file format exploit to go along with
the fix, and our own smcintyre-r7 [https://github.com/smcintyre
6 min
Haxmas
Memory Laundering: Is Cleaner Better?
In this HaXmas blog, we discuss how to bypass SELinux's commonly-applied `execmem` permission.
3 min
Metasploit
Metasploit Wrap-Up: 11/22/19
Payload payday
As we blogged about yesterday
[/2019/11/21/metasploit-shellcode-grows-up-encrypted-and-authenticated-c-shells/]
, a new form of payload that is compiled directly from C when generated was
added by space-7 [https://github.com/space-r7]. We hope this is only the first
step in a journey of applying the myriad tools that obfuscate C programs to our
core payloads, so be sure to check out all the nifty workings of the code! If
that wasn't enough, we also got a pair of payloads written f
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/30/19
Back to school blues
Summer is winding down and while our for contributions haven't dropped off
(thanks y'all!), we've been tied up with events and a heap of research. Don't
despair, though: our own Brent Cook [https://github.com/busterb], Pearce Barry,
Jeffrey Martin [https://github.com/jmartin-r7], and Matthew Kienow
[https://github.com/mkienow-r7] will be at DerbyCon 9 running the Metasploit
Town Hall at noon Friday. They'll be delivering a community update and answering
questions, so be sur
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/23/19
A LibreOffice file format exploit, plus improvements to TLS and CredSSP-based fingerprinting.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 5/24/19
BSD love
Outside of macOS, not many people run (or run into) a BSD-flavored system very
often. Even still, bcoles [https://github.com/bcoles] and space-r7
[https://github.com/space-r7] teamed up for a pair of BSD enhancements. The
first, a privilege escalation, affects FreeBSD's runtime linker dealing with
LD_PRELOAD in FreeBSD 7.1, 7.2, and 8.0. The next enhancement adds BSD targets
to our known-credential ssh executor which now allows BSD-specific payloads. Not
wanting macOS to be left out ti
4 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 2/22/19
Document ALL THE THINGS!
This release sees quite a bit of documentation added with a module doc from
bcoles and four new module docs from newer docs contributor Yashvendra
[https://github.com/Yashvendra]. Module docs can be viewed with info -d and are
extremely helpful for getting acquainted with a modules capabilities and
limitations. We greatly value these contributions because, while not cool h4x0r
features by themselves, each one means that fewer people have to read the code
to understand ho
7 min
Haxmas
Santa's ELFs: Running Linux Executables Without execve
Santa's ELFs do not get a post-holiday break, since the Executable and Linkable Format (ELF) is the base of numerous Unix-like operating systems.
4 min
Metasploit Weekly Wrapup
Metasploit Wrapup 11/30/18
Why can't I hold all these Pull Requests?
It has been a busy month here in Metasploit-land, with the holidays, the holiday
community contributions, and our community CTF
[/2018/11/05/announcing-the-2018-metasploit-community-ctf/]. It doesn't help
that the last few months have seen our open pull request count keep climbing as
well, reaching over 90 at times. Our fearless leader, busterb
[https://github.com/busterb], decided to take on the challenge and landed over
20 PRs by himself in the last tw
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 9/7/18
Ghost(script) in the shell
There has been a lot of buzz the last couple weeks about Google Project Zero's
Tavis Ormandy's new Ghostscript -dSAFER bypass, now complete with a Metasploit
module. With some valiant work by wvu [https://github.com/wvu-r7] and taviso
[https://github.com/taviso] himself, the latest way to break out of a PDF is now
at your fingertips. If you pulled an advanced copy from the PR
[https://github.com/rapid7/metasploit-framework/pull/10564], make sure to use
the refined vers
6 min
Metasploit
External Metasploit Modules: The Gift that Keeps on Slithering
For HaXmas last December, I wrote about the introduction of Python modules to Metasploit Framework. As our module count keeps on growing, we thought that it would be a good time to update the community on where we are at.
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 6/8/18
Just Let Me Grab My Popcorn First
This week, rmdavy [https://github.com/rmdavy] contributed a pair of modules
designed to fool Windows into authenticating to you so you can capture sweet,
sweet NetNTLM hashes. BadODT
[https://github.com/rapid7/metasploit-framework/pull/10067] targets
LibreOffice/Apache OpenOffice by providing a link to an image on a network
share, and the new Multi Dropper
[https://github.com/rapid7/metasploit-framework/pull/10115] creates all sorts of
files Windows itself lov