Posts by Christopher Granleese

2 min Metasploit

Metasploit Weekly Wrap-Up 11/29/2024

Four new Metasploit modules released, including CUPS IPP Attributes LAN Remote Code Execution CVE-2024-47176

2 min Metasploit

Metasploit Weekly Wrap-Up 09/20/2024

New module content (3) update-motd.d Persistence Author: Julien Voisin Type: Exploit Pull request: #19454 [https://github.com/rapid7/metasploit-framework/pull/19454] contributed by jvoisin [https://github.com/jvoisin] Path: linux/local/motd_persistence Description: This adds a post module to keep persistence on a Linux target by writing a motd [https://manpages.ubuntu.com/manpages/trusty/man5/update-motd.5.html] bash script triggered with root privileges every time a user logs into the system

2 min Metasploit

Metasploit Weekly Wrap-Up 08/16/2024

New module content (3) Apache HugeGraph Gremlin RCE Authors: 6right and jheysel-r7 Type: Exploit Pull request: #19348 [https://github.com/rapid7/metasploit-framework/pull/19348] contributed by jheysel-r7 [https://github.com/jheysel-r7] Path: linux/http/apache_hugegraph_gremlin_rce AttackerKB reference: CVE-2024-27348 [https://attackerkb.com/search?q=CVE-2024-27348&referrer=blog] Description: Adds an Apache HugeGraph Server exploit for GHSA-29rc-vq7f-x335 [https://github.com/advisories/GHSA-29r

2 min Metasploit

Metasploit Wrap-Up 05/10/2024

Password Spraying support Multiple bruteforce/login scanner modules have been updated to support a PASSWORD_SPRAY module option. This work was completed in pull request #19079 [https://github.com/rapid7/metasploit-framework/pull/19079] from nrathaus [https://github.com/nrathaus] as well as an additional update from our developers [https://github.com/rapid7/metasploit-framework/pull/19158] . When the password spraying option is set, the order of attempted users and password attempts are changed

2 min Metasploit

Metasploit Weekly Wrap-Up 01/12/24

New module content (1) Windows Gather Mikrotik Winbox "Keep Password" Credentials Extractor Author: Pasquale 'sid' Fiorillo Type: Post Pull request: #18604 [https://github.com/rapid7/metasploit-framework/pull/18604] contributed by siddolo [https://github.com/siddolo] Path: windows/gather/credentials/winbox_settings Description: This pull request introduces a new post module to extract the Mikrotik Winbox credentials, which are saved in the settings.cfg.viw file when the "Keep Password" option

1 min Metasploit

Metasploit Wrap-Up: Nov. 23, 2023

Metasploit 6.3.44 released with stability improvements and module fixes

2 min Metasploit

Metasploit Weekly Wrap-Up: Oct. 27, 2023

New module content (4) Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control Authors: Emir Polat and Unknown Type: Auxiliary Pull request: #18447 [https://github.com/rapid7/metasploit-framework/pull/18447] contributed by emirpolatt [https://github.com/emirpolatt] Path: admin/http/atlassian_confluence_auth_bypass AttackerKB reference: CVE-2023-22515 [https://attackerkb.com/topics/Q5f0ItSzw5/cve-2023-22515?referrer=blog] Description: This adds an exploit for

2 min Metasploit

Metasploit Weekly Wrap-Up: Sep. 8, 2023

New module content (4) Roundcube TimeZone Authenticated File Disclosure Authors: joel, stonepresto, and thomascube Type: Auxiliary Pull request: #18286 [https://github.com/rapid7/metasploit-framework/pull/18286] contributed by cudalac [https://github.com/cudalac] Path: auxiliary/gather/roundcube_auth_file_read AttackerKB reference: CVE-2017-16651 [https://attackerkb.com/topics/He57FR8fB4/cve-2017-16651?referrer=blog] Description: This PR adds a module to retrieve an arbitrary file on hosts run

2 min Metasploit

Metasploit Weekly Wrap-Up: Aug. 11, 2023

A new Metabase RCE module, updates to the citrix_formssso_target_rce module for CVE-2023-3519 to include two new targets, Citrix ADC (NetScaler) 12.1-65.25, and 12.1-64.17, and more

2 min Metasploit

Metasploit Weekly Wrap-Up: 6/2/23

Support added for Active Directory Certificate Services ESC4 Exploitation, and a new sudoedit extra arguments privilege escalation module

2 min Metasploit

Metasploit Weekly Wrap-Up: 1/13/23

New module content (2) Gather Dbeaver Passwords Author: Kali-Team Type: Post Pull request: #17337 [https://github.com/rapid7/metasploit-framework/pull/17337] contributed by cn-kali-team [https://github.com/cn-kali-team] Description: This adds a post exploit module that retrieves Dbeaver session data from local configuration files. It is able to extract and decrypt credentials stored in these files for any version of Dbeaver installed on Windows or Linux/Unix systems. Gather MinIO Client Key A

2 min Metasploit

Metasploit Weekly Wrap-Up: 11/15/22

2 new modules targeting F5 devices, DuckyScript support, bug fixes, and more

4 min Metasploit

Metasploit Weekly Wrap-Up: 9/2/22

ICPR Certificate Management This week Metasploit has a new ICPR Certificate Management module from Oliver Lyak [https://github.com/ly4k] and our very own Spencer McIntyre [https://github.com/zeroSteiner], which can be utilized for issuing certificates via Active Directory Certificate Services. It has the capability to issue certificates which is useful in a few contexts including persistence, ESC1 [https://posts.specterops.io/certified-pre-owned-d95910965cd2] and as a primitive necessary for exp

2 min Metasploit

Metasploit Wrap-Up: Jul. 9, 2021

A new module for CVE-2021-34527, dubbed PrintNightmare, and a local privilege escalation module for NSClient++

5 min Metasploit

Metasploit Wrap-Up: 3/26/21

New Exchange ProxyLogon modules, VMWare View Planner RCE, Advantech iView RCE, and more!