2 min
Metasploit
Metasploit Weekly Wrap-Up: 11/15/2024
Palo Alto Expedition RCE module
This week's release includes an exploit module for the Palo Alto Expedition
exploit chain that's been making headlines recently. The first vulnerability,
CVE-2024-5910, allows attackers to reset the password of the admin user. The
second vulnerability, CVE-2024-9464 is an authenticated OS command injection.
The module makes use of both vulnerabilities in order to obtain unauthenticated
RCE in the context of the user www-data.
New module content (1)
Palo Alto Expe
2 min
Metasploit
Metasploit Weekly Wrap-Up 09/06/2024
Honey, I shrunk the PHP payloads
This release contains more PHP payload improvements from Julien Voisin. Last
week we landed a PR from Julien that added a datastore option to the php/base64
encoder that when enabled, will use zlib to compress the payload which
significantly reduced the size, bringing a payload of 4040 bytes down to a mere
1617 bytes. This week's release includes a php/minify encoder which removes all
unnecessary characters from the payload including comments, empty lines, leadin
2 min
Metasploit
Metasploit Weekly Wrap-Up 06/28/2024
Unauthenticated Command Injection in Netis Router
This week's Metasploit release includes an exploit module for an unauthenticated
command injection vulnerability in the Netis MW5360 router which is being
tracked as CVE-2024-22729. The vulnerability stems from improper handling of the
password parameter within the router's web interface which allows for command
injection. Fortunately for attackers, the router's login page authorization can
be bypassed by simply deleting the authorization header,
2 min
Metasploit
Metasploit Weekly Wrap-Up 04/19/24
Welcome Ryan and the new CrushFTP module
It's not every week we add an awesome new exploit module to the Framework while
adding the original discoverer of the vulnerability to the Rapid7 team as well.
We're very excited to welcome Ryan Emmons to the Emergent Threat Response team,
which works alongside Metasploit here at Rapid7. Ryan discovered an Improperly
Controlled Modification of Dynamically-Determined Object Attributes
vulnerability in CrushFTP (CVE-2023-43177) versions prior to 10.5.1 whic
2 min
Metasploit
Metasploit Weekly Wrap-Up 02/09/2024
Go go gadget Fortra GoAnywhere MFT Module
This Metasploit release contains a module for one of 2024's hottest
vulnerabilities to date: CVE-2024-0204. The path traversal vulnerability in
Fortra GoAnywhere MFT allows for unauthenticated attackers to access the
InitialAccountSetup.xhtml endpoint which is used during the products initial
setup to create the first administrator user. After setup has completed, this
endpoint is supposed to be no longer available. Attackers can use this
vulnerability
2 min
Metasploit
Metasploit Weekly Wrap Up: July 21, 2023
This week's weekly wrapup includes two new Metasploit modules - Piwigo Gather Credentials via SQL Injection ( CVE-2023-26876 ) and Openfire authentication bypass with RCE plugin (CVE-2023-32315)
3 min
Metasploit
Metasploit Weekly Wrap-Up: 3/24/23
Zxyel Routers Beware
This week we've released a module written by first time community contributor
shr70 [https://github.com/shr70] that can exploit roughly 45 different Zyxel
router and VPN models. The module exploits a buffer overflow vulnerability that
results in unauthenticated remote code execution on affected devices. It's rare
we see a module affect this many devices once and are excited to see this ship
in the framework. We hope pentesters and red-teamers alike can make good use of
this
4 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 10, 2023
Wowza, a new credential gatherer and login scanner!
This week Metasploit Framework gained a credential gatherer for Wowza Streaming
Engine Manager. Credentials for this application are stored in a file named
admin.password in a known location and the file is readable by default by
BUILTIN\Users on Windows and is world readable on Linux.. The module was written
by community contributor bcoles [https://github.com/bcoles] who also wrote a
login scanner for Wowza this week. The login scanner can b