2 min
Metasploit
Metasploit Weekly Wrap-Up 03/22/2024
New module content (1)
OpenNMS Horizon Authenticated RCE
Author: Erik Wynter
Type: Exploit
Pull request: #18618 [https://github.com/rapid7/metasploit-framework/pull/18618]
contributed by ErikWynter [https://github.com/ErikWynter]
Path: linux/http/opennms_horizon_authenticated_rce
AttackerKB reference: CVE-2023-0872
[https://attackerkb.com/search?q=CVE-2023-0872?referrer=blog]
Description: This module exploits built-in functionality in OpenNMS Horizon in
order to execute arbitrary commands as t
4 min
Metasploit
Metasploit Weekly Wrap-Up 02/23/2024
LDAP Capture module
Metasploit now has an LDAP capture module thanks to the work of
JustAnda7 [https://github.com/JustAnda7]. This work was completed as part of the
Google Summer of Code program.
When the module runs it will by default require privileges to listen on port
389. The module implements a default implementation for BindRequest,
SearchRequest, UnbindRequest, and will capture both plaintext credentials and
NTLM hashes which can be brute-forced offline. Upon receiving a successful Bin