Posts by Alan David Foster

3 min Metasploit

Metasploit Wrap-Up: May 6, 2022

Three new exploit modules, and an update for Windows 11 support

Read Full Post

1 min Metasploit

Metasploit Weekly Wrap-Up: 4/1/22

CVE-2022-22963 - Spring Cloud Function SpEL RCE A new exploit/multi/http/spring_cloud_function_spel_injection module has been developed by our very own Spencer McIntyre [https://github.com/smcintyre-r7] which targets Spring Cloud Function versions Prior to 3.1.7 and 3.2.3. This module is unrelated to Spring4Shell CVE-2022-22965 [https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/] , which is a separate vulnerability in the WebDataBinder component

Read Full Post

3 min Metasploit

Metasploit Weekly Wrap-Up: Mar. 18, 2022

CVE-2022-21999 - SpoolFool Our very own Shelby Pace [https://github.com/space-r7] has added a new module for the CVE-2022-21999 SpoolFool privilege escalation vulnerability [https://attackerkb.com/topics/vFYqO85asS/cve-2022-21999?referrer=blog]. This escalation vulnerability can be leveraged to achieve code execution as SYSTEM. This new module has successfully been tested on Windows 10 (10.0 Build 19044) and Windows Server 2019 v1809 (Build 17763.1577). CVE-2021-4191 - Gitlab GraphQL API User E

Read Full Post

3 min Metasploit

Metasploit Wrap-Up: Dec. 17, 2021

A new Log4Shell / Log4j scanner module for Metasploit, a new WordPress module, and multiple enhancements and bug fixes

Read Full Post

4 min Metasploit

Metasploit Wrap-Up: Nov. 12, 2021

Four new modules, including Microsoft OMI local privilege escalation, and a Win32k local privilege escalation module for CVE-2021-40449, impacting Windows 10 x64 build 14393 and 17763

Read Full Post

3 min Metasploit

Easier URI Targeting With Metasploit Framework

Streamline your Metasploit with Metasploit 6.1.4's new support for RHOST URI values

Read Full Post

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: July 16, 2021

Four new modules, with improvements to Eternal Blue support, and AmSi 0BfuSc@t!on for Powershell payloads

Read Full Post

3 min Metasploit

Metasploit Wrap-Up: May 28, 2021

In the spirit of cool module content, there's a new SMBGhost RCE module, plus a hefty set of enhancements and fixes!

Read Full Post

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 4/23/21

New session validation enhancements across command shell types verify sessions have been established and are responsive before they can be used. Plus, JSON RPC service improvements, three new modules, and more fixes and enhancements.

Read Full Post

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 1/15/21

Commemorating the 2020 December Metasploit community CTF A new commemorative banner has been added to the Metasploit console to celebrate the teams that participated in the 2020 December Metasploit community CTF [/2020/12/07/congrats-to-the-winners-of-the-2020-december-metasploit-community-ctf/] and achieved 100 or more points: If you missed out on participating in this most recent event, be sure to follow the Metasploit Twitter [https://twitter.com/metasploit] and Metasploit blog posts [/ta

Read Full Post

8 min Haxmas

Metasploit Tips and Tricks for HaXmas 2020

For this year's HaXmas, we're giving the gift of Metasploit knowledge!

Read Full Post

3 min Metasploit

Congrats to the Winners of the 2020 December Metasploit Community CTF

Thank you all that participated in the 2020 December Metasploit community CTF [/2020/11/19/announcing-the-2020-december-metasploit-community-ctf/]! The four day CTF was well received by the community, with 874 teams and 1903 users registered! We’ve included the high-level stats and the competition winners below. If you played the CTF and want to let the Metasploit team know which challenges you found exhilarating, interesting, or infuriating (in a good way, of course), we have a feedback survey

Read Full Post

7 min Metasploit

Announcing the 2020 December Metasploit Community CTF

It’s time for another Metasploit community CTF! This time around we’re doing a few things differently. Read on for details.

Read Full Post

4 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 9/4/20

New reflective PE file loader, a new module, new search improvements, and updates on Google Summer of Code projects.

Read Full Post

3 min Metasploit

Metasploit Wrap-Up 5/1/20

Windows Meterpreter payload improvements Community contributor OJ [https://github.com/OJ] has made improvements to Windows Meterpreter payloads. Specifically reducing complexity around extension building and loading. This change comes with the benefit of removing some fingerprint artifacts, as well reducing the payload size as a side-effect. Note that Windows meterpreter sessions that are open prior to this bump will not be able to load new extensions after the bump if they connect with a new in

Read Full Post

• 1
• 2