2 min
Metasploit
Metasploit Weekly Wrap-Up: 6/23/23
I like to MOVEit, MOVEit, We like to MOVEit!
Party hard just like it's Mardi Gras! bwatters-r7
[https://github.com/bwatters-r7] delivered the dance moves this week with a
masterful performance. The windows/http/moveit_cve_2023_34362 module is
available for all your party needs, taking advantage of CVE-2023-34362
[https://attackerkb.com/topics/mXmV0YpC3W/cve-2023-34362?referrer=blog], this
module gets into the MOVEit database and nets shells to help you "Keep on
jumpin' off the floor"!
New modul
2 min
Metasploit
Metasploit Weekly Wrap-Up: 4/7/23
The tide rolls in and out.
The flood of new modules last week crested leaving ample time for documentation
updates this week. The team and the community seem to have focused on getting
those sweet sprinkles of information that help everyone understand Metasploit
out to the world.
Enhancements and features (1)
* #17458 [https://github.com/rapid7/metasploit-framework/pull/17458] from
steve-embling [https://github.com/steve-embling] - Updates the
exploit/multi/misc/weblogic_deserialize_ba
2 min
Metasploit
Metasploit Weekly Wrap-Up: 1/20/23
See something say something
Have an idea on how to expand on Metasploit Documentation on
https://docs.metasploit.com/? Did you see a typo or some other error on the docs
site? Thanks to adfoster-r7 [https://github.com/adfoster-r7], submitting an
update to the documentation is as easy as clicking the 'Edit this page on
GitHub' link on the page you want to change. The new link will take you directly
to the source in Metasploit's GitHub so you can quickly locate the Markdown
[https://www.markdowng
4 min
Metasploit
Metasploit Weekly Wrap-Up: 9/23/22
Have you built out that awesome media room?
If your guilty pleasures include using a mobile device to make your home
entertainment system WOW your guests, you might be using Unified Remote
[https://www.unifiedremote.com/]. I hope you are extra cautious about what
devices you let on that WiFi network. A prolific community member h00die
[https://github.com/h00die] added a module this week that uses a recently
published vulnerability from H4RK3NZ0 [https://github.com/H4rk3nz0] to leverage
an unprot
3 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: 8/12/22
Putting in the work!
This week we’re extra grateful for the fantastic contributions our community
makes to Metasploit. The Metasploit team landed more than 5 PRs each from Ron
Bowes [https://github.com/rbowes-r7] and bcoles [https://github.com/bcoles],
adding some great new capabilities.
Ron Bowes [https://github.com/rbowes-r7] contributed four new modules targeting
UnRAR, Zimbra, and ManageEngine ADAudit Plus. These modules offer Metasploit
users some excellent new vectors to leverage against
2 min
Metasploit
Metasploit Weekly Wrap-Up: 6/3/22
Ask and you may receive
Module suggestions [https://github.com/rapid7/metasploit-framework/issues/16522]
for the win, this week we see a new module written by jheysel-r7
[https://github.com/jheysel-r7] based on CVE-2022-26352
[https://attackerkb.com/topics/7i5Uf6JNl0/cve-2022-26352?referrer=blog] that
happens to have been suggested by jvoisin [https://github.com/jvoisin] in the
issue queue last month. This module targets an arbitrary file upload in dotCMS
[https://github.com/dotCMS/core.git] ve
5 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 11, 2022
Mucking out the pipes.
Thanks to some quick work by timwr [https://github.com/timwr], CVE-2022-0847
[https://attackerkb.com/topics/UwW7SVPaPv/cve-2022-0847?referrer=blog] aka
"Dirty Pipe" gives Metasploit a bit of digital plumber's training. The exploit
targeting modern Linux v5 kernels helps elevate user privileges by overwriting a
SUID binary of your choice by plunging some payload gold through a pipe.
Long live the SMB relay!
SMB, that magical ubiquitous service making all that noise on netw
2 min
Metasploit
Metasploit Wrap-Up 12/10/21
Word and Javascript are a rare duo.
Thanks to thesunRider [https://github.com/thesunRider]. you too can experience
the wonder of this mystical duo. The sole new metasploit module this release
adds a file format attack to generate a very special document. By utilizing
Javascript embedded in a Word document to trigger a chain of events that slip
through various Windows facilities, a session as the user who opened the
document can be yours.
Do you like spiders?
It has been 3 years since SMB2 suppo
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Aug. 20, 2021
New modules for Lucee Administrator and ProxyShell, which targets on-premises Microsoft Exchange servers. Plus, tons of enhancements and fixes!
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: May 14, 2021
Updates to how modules interact with cookies, plus exploits for macOS Gatekeeper and DjVu ANT and a whole lot of fixes and enhancements.
4 min
Metasploit
Metasploit Wrap-Up: 2/26/21
Flink targeting, process herpaderping, and more in this week's Metasploit wrap-up!
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 10/23/20
A bug fix for EternalBlue on Metasploit 6, four new modules, and a bunch of enhancements.
2 min
Metasploit
Metasploit Wrap-Up: 6/26/20
Who watches the watchers?
If you are checking up on an organization using Trend Micro Web Security, it
might be you. A new module this week takes advantage of a chain of
vulnerabilities to give everyone (read unauthenticated users) a chance to decide
what threats the network might let slip through.
Following the trend, what about watchers that are not supposed to be there?
Agent Tesla Panel is a fun little trojan (not to be found zipping around on our
highways and byways) which now offers, agai
2 min
Metasploit
Metasploit Wrap-Up 10/25/19
Is URGENT/11 urgent to your world? Metasploit now has a scanner module to help
find the systems that need URGENT attention. Be sure
to check the options on this one; RPORTS is a list to test multiple services on
each target. Thanks Ben Seri [https://twitter.com/benseri87] for the PoC that
lead off this work.
Everyone likes creds, a new post module
[https://github.com/rapid7/metasploit-framework/pull/12462] landed this week
from Taeber Rapczak [https://github.com/taeber] that brings back credent
1 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 7/26/19
First!!
Congrats to Nick Tyrer [https://github.com/NickTyrer] for the first community
contibuted evasion module to land in master. Nick's
evasion/windows/applocker_evasion_install_util module
[https://github.com/rapid7/metasploit-framework/pull/11795] leverages the
trusted InstallUtil.exe binary to execute user supplied code and evade
application whitelisting.
New modules (4)
* WP Database Backup RCE
[https://github.com/rapid7/metasploit-framework/pull/12010] by Mikey
Veenstra
/ Wordf