3 min
Metasploit
Metasploit Weekly Wrap-Up: May 5, 2023
Throw another log [file] on the fire
Our own Stephen Fewer authored a module targeting CVE-2023-26360
[https://attackerkb.com/topics/F36ClHTTIQ/cve-2023-26360?referrer=blog]
affecting ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update
15 and earlier. The vulnerability allows multiple paths to code execution, but
our module works by leveraging a request that will result in the server
evaluating the ColdFusion Markup language on an arbitrary file on the remote
system. This all
3 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: Jan. 1, 2023
Back from a quiet holiday season
Thankfully, it was a relatively quiet holiday break for security this year, so
we hope everyone had a relaxing time while they could. This wrapup covers the
last three Metasploit releases, and contains three new modules, two updates, and
five bug fixes.
Make sure that your OpenTSDB isn’t too open
Of particular note in this release is a new module from community contributors
Erik Wynter [https://github.com/ErikWynter] and Shai rod
[https://github.com/nightrang3r
4 min
Metasploit
Metasploit Weekly Wrap-Up: 12/16/22
A sack full of cheer from the Hacking Elves of Metasploit
It is clear that the Metasploit elves have been busy this season: Five new
modules, six new enhancements, nine new bug fixes, and a partridge in a pear
tree are headed out this week! (Partridge nor pear tree included.) In this sack
of goodies, we have a gift that keeps on giving: Shelby’s
[https://github.com/space-r7] Acronis TrueImage Privilege Escalation
[https://github.com/rapid7/metasploit-framework/pull/17265] works wonderfully,
even
3 min
Metasploit
Metasploit Weekly Wrap-Up: 11/4/22
C is for cookie
And that’s good enough for Apache CouchDB, apparently. Our very own Jack Heysel
[https://github.com/jheysel-r7] added an exploit module based on CVE-2022-24706
targeting CouchDB prior to 3.2.2, leveraging a special default ‘monster’ cookie
that allows users to run OS commands.
This fake computer I just made says I’m an Admin
Metasploit’s zeroSteiner [https://github.com/zeroSteiner] added a module to
perform Role-based Constrained Delegation (RBCD) on an Active Directory network.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 6/10/22
A Confluence of High-Profile Modules
This release features modules covering the Confluence remote code execution bug
CVE-2022-26134 and the hotly-debated CVE-2022-30190, a file format vulnerability
in the Windows Operating System accessible through malicious documents. Both
have been all over the news, and we’re very happy to bring them to you so that
you can verify mitigations and patches in your infrastructure. If you’d like to
read more about these vulnerabilities, Rapid7 has AttackerKB analy
2 min
Metasploit
Metasploit Weekly Wrap-Up: 1/21/22
while (j==shell); Log4j;
The Log4j loop continues as we release a module targeting vulnerable vCenter
releases. This is a good time to suggest that you check your vCenter releases
and maybe even increase the protection surrounding them, as it’s been a rough
year-plus for vCenter
[https://attackerkb.com/search?q=vcenter&tags=exploitedInTheWild].
Let your shell do the walking
bcoles [https://github.com/bcoles] sent us a module that targets Grandstream
GXV3175IP phones that allows remote code exec
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 10/15/21
Four new Moodle modules, plus new features to help red teamers keep track of sessions and forwarded connections.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 9/17/21
New modules for Jira user enumeration, Git Remote Code execution via git-lfs, Geutebruck Camera post exploitation module, and unauthenticated RCE in elFinder PHP application
2 min
Metasploit
Metasploit Wrap-Up: 7/2/21
Containers that fail to Contain
Our own Christophe De La Fuente added a module for CVE-2019-5736 based on the
work of Adam Iwaniuk that breaks out of a Docker container by overwriting the
runc binary of an image which is run in the user context whenever someone
outside the container runs docker exec to make a request of the container.
Execute an Image Please, Wordpress
Community contributor Alexandre Zanni sent us a PR that uses native PHP
functions to upload a file as an image attachment to Wo
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 4/2/21
Six new modules targeting F5, SaltStack, Exchange Server, and more, plus some significant performance improvements and fixes.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 12/4/20
It's CTF week(end)! Plus, steal files from Apache Tomcat servers thanks to a new Ghostcat exploit, and dump process memory with a new post module that leverages Avast AV's built-in AvDump utility.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-up: 9/25/20
Nine new modules, including a module for Zerologon, a new SOCKS module, some privilege escalations, and another Java deserialization exploit.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 5/29/20
Hello, World!
This week’s wrapup features six new modules, including a double-dose of Synology
and everyone’s favorite, Pi-Hole.
Little NAS, featuring RCE
Synology stations are small(ish) NAS devices, but as Steve Kaun, Nigusu
Kassahun, and h00die have shown, they are not invulnerable. In the first module,
a command injection exists in a scanning function that allows for an
authenticated RCE, and in the second, a coding feature leaks whether a user
exists on the system, allowing for brute-forc
2 min
Metasploit
Metasploit Wrap-Up: Feb. 7, 2020
In the week after our CTF, we hope the players had a good time and got back to
their loved ones, jobs, lives, studies, and most importantly, back to their beds
(and you can find out who the winners were here
[/2020/02/03/congrats-to-the-winners-of-the-2020-metasploit-community-ctf/]!).
For the Metasploit team, we went back to baking up fresh, hot modules and
improvements that remind us in this flu season to not just wash your hands, but
also, sanitize your inputs!
SOHOwabout a Shell?
Several
[h
2 min
Metasploit
Metasploit Wrap-Up: 12/19/19
It’s beginning to look a lot like HaXmas [/tag/haxmas/], everywhere you go! We
have a great selection of gift-wrapped modules this holiday season, sure to have
you entertained from one to eight nights, depending on your preference! On a
personal note, we here at the Metasploit workshop would like to welcome our
newest elf, Spencer McIntyre [https://github.com/smcintyre-r7]. Spencer has been
a long-time contributor to the project, and we’re thrilled to have him on the
team!
In the spirit of givi