Posts by Christophe De La Fuente

4 min Metasploit

Metasploit Weekly Wrap-Up 12/06/2024

Post-Thanksgiving Big Release This week's release is an impressive one. It adds 9 new modules, which will get you remote code execution on products such as Ivanti Connect Secure, VMware vCenter Server, Asterisk, Fortinet FortiManager and Acronis Cyber Protect. It also includes an account takeover on Wordpress, a local privilege escalation on Windows and a X11 keylogger module. Finally, this release improves the fingerprinting logic for the TeamCity login module and adds instructions about the in

3 min Metasploit

Metasploit Weekly Wrap-Up 09/27/2024

Epic Release! This week's release includes 5 new modules, 6 enhancements, 4 fixes and 1 documentation update. Among the new additions, we have an account take over, SQL injection, RCE, and LPE! Thank you to all the contributors who made it possible! New Module Content (5) Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419) Authors: Michael Heinzl and Mohammed Adel Type: Auxiliary Pull request: #19375 [https://github.com/rapid7/metasploit-framework/pull/19375] contribut

2 min Metasploit Weekly Wrapup

Metasploit Weekly Wrap-Up 7/19/2024

A new unauthenticated RCE exploit for GeoServer, plus library and Meterpreter updates and enhancements.

2 min Metasploit

Metasploit Weekly Wrap-Up 07/05/2024

3 new modules - MOVEit Transfer authentication bypass CVE-2024-5806, Zyxel command injection, and Azure CLI credentials gatherer

2 min Metasploit

Metasploit Weekly Wrap-Up 05/03/24

Dump secrets inline This week, our very own cdelafuente-r7 [https://github.com/cdelafuente-r7] added a significant improvement to the well-known Windows Secrets Dump module [https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/windows_secrets_dump.rb] to reduce the footprint when dumping SAM hashes, LSA secrets and cached credentials. The module is now directly reading the Windows Registry remotely without having to dump the full registry keys to disk and parse th

2 min Metasploit

Metasploit Weekly Wrap-Up 03/01/2024

Metasploit adds an RCE exploit for ConnectWise ScreenConnect and new documentation for exploiting ESC13.

4 min Metasploit

Metasploit Weekly Wrap-Up: Dec. 1, 2023

Customizable DNS resolution Contributor smashery [https://github.com/smashery] added a new dns command to Metasploit console, which allows the user to customize the behavior of DNS resolution. Similarly to the route command, it is now possible to specify where DNS requests should be sent to avoid any information leak. Before these changes, the Framework was using the default local system configuration. Now, it is possible to specify which DNS server should be queried based on rules that match sp

3 min Metasploit

Metasploit Weekly Wrap-Up: Oct. 13, 2023

Pollution in Kibana This week, contributor h00die [https://github.com/h00die] added a module that leverages a prototype pollution bug in Kibana prior to version 7.6.3. Particularly, this issue is within the Upgrade Assistant and enables an attacker to execute arbitrary code. This vulnerability can be triggered by sending a queries that sets a new constructor.prototype.sourceURL directly to Elastic or by using Kibana to submit the same queries. Note that Kibana needs to be restarted or wait for c

3 min Metasploit

Metasploit Weekly Wrap-Up: July 28, 2023

Unauthenticated RCE in VMware Product This week, community contributor h00die [https://github.com/h00die] added an exploit module that leverages a command injection vulnerability in VMWare Aria Operations for Networks, formerly known as vRealize Network Insight. Versions 6.2 to 6.10 are vulnerable (CVE-2023-20887 [https://attackerkb.com/topics/gxz1cUyFh2/cve-2023-20887?referrer=blog]). A remote attacker could abuse the Apache Thrift RPC interface by sending specially crafted data and get unauthe

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 10/14/22

Remote code execution modules for Spring Cloud Function and pfSense, plus bug fixes for the Windows secrets dump module.

3 min Metasploit

Metasploit Weekly Wrap-Up: 7/22/22

The past, present and future of Metasploit Don't miss Spencer McIntyre's talk on the Help Net Security's blog [https://www.helpnetsecurity.com/2022/07/20/past-present-future-metasploit-video/] . Spencer is the Lead Security Researcher at Rapid7 and speaks about how Metasploit has evolved since its creation back in 2003. He also explains how the Framework is addressing today's offensive security challenges and how important is the partnership with the community. LDAP swiss army knife This week,

3 min Metasploit

Metasploit Weekly Wrap-Up: 5/20/22

Zyxel firewall unauthenticated command injection This week, our very own Jake Baines [https://github.com/jbaines-r7] added an exploit module that leverages CVE-2022-30525 [https://attackerkb.com/topics/LbcysnvxO2/cve-2022-30525?referrer=blog], an unauthenticated remote command injection vulnerability in Zyxel firewalls with zero touch provisioning (ZTP) support. Jake is also the author of the original research and advisory [https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-f

2 min Metasploit

Metasploit Wrap-Up: Feb. 11, 2022

Welcome, Little Hippo: PetitPotam Our very own @zeroSteiner [https://github.com/zeroSteiner] ported [https://github.com/rapid7/metasploit-framework/pull/16136] the PetitPotam [https://github.com/topotam/PetitPotam] exploit to Metasploit this week. This module leverages CVE-2021-36942 [https://attackerkb.com/topics/TEBmUAfeCs/cve-2021-36942?referrer=blog], a vulnerability in the Windows Encrypting File System (EFS) API, to capture machine NTLM hashes. This uses the EfsRpcOpenFileRaw function of t

3 min Metasploit

Metasploit Wrap-Up: Nov. 26 2021

Self-Service Remote Code Execution This week, our own @wvu-r7 added an exploit module [https://github.com/rapid7/metasploit-framework/pull/15874] that achieves unauthenticated remote code execution in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution for Active Directory. This new module leverages a REST API authentication bypass vulnerability identified as CVE-2021-40539 [https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539?referrer=blog], where

5 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 9/3/21

A new SMB server implementation to support capturing NTLM hashes across SMBv2 and SMBv3, even with encrypted SMB traffic. Plus, exploits for eBPF, Git LFS, and Geutebruck IP cameras.