Posts by Matthew Kienow

4 min Open Source

Recog Release v3.0.3

Recog Release v3.0.3, which is available now, includes updated fingerprints for Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus; Atlassian Bitbucket Server; and Supervisord Supervisor.

Read Full Post

3 min Research

Open-Source Security: Getting to the Root of the Problem

The past few weeks have shown us the importance and wide reach of open-source security.

Read Full Post

3 min Research

Recog: Data Rules Everything Around Me

Rapid7 has updated the recog framework to help solve the conundrum of content versus code.

Read Full Post

2 min Metasploit

Metasploit Wrap-Up 8/6/21

Desert heat (not the 1999 film) This week was more quiet than normal with Black Hat USA and DEF CON, but that didn’t stop the team from delivering some small enhancements and bug fixes! We are also excited to see two new modules #15519 [https://github.com/rapid7/metasploit-framework/pull/15519] and #15520 [https://github.com/rapid7/metasploit-framework/pull/15520] from researcher Jacob Baines’ [https://twitter.com/Junior_Baines] DEF CON talk ​​Bring Your Own Print Driver Vulnerability [https://

Read Full Post

3 min Metasploit

Metasploit Wrap-Up: 4/30/21

New modules for vRealize, Druid, Redis, and more! Also some nice improvements and fixes.

Read Full Post

2 min Metasploit

Metasploit Wrap-Up: Nov. 6, 2020

Insert 'What Year Is It' meme h00die [https://github.com/h00die] contributed the Mikrotik unauthenticated directory traversal file read [https://github.com/rapid7/metasploit-framework/pull/14280] auxiliary gather module, largely a port of the PoC by Ali Mosajjal [https://github.com/mosajjal]. The vulnerability CVE-2018-14847 [https://attackerkb.com/topics/oOoUGd0y46/cve-2018-14847?referrer=blog] allows any file from the router to be read through the Winbox server in RouterOS due to a lack of val

Read Full Post

2 min Metasploit

Metasploit Wrap-Up: 7/10/20

Intensity not on the Fujita scale SOC folks may have been feeling increased pressure as word spread of CVE-2020-5902 [https://attackerkb.com/topics/evLpPlZf0i/cve-2020-5902?referrer=blog#rapid7-analysis] being exploited in the wild. Vulnerabilities in networking equipment always pose a unique set of constraints for IT operations when it comes to mitigations and patches given their role in connecting users to servers, services or applications. Yet from an attacker’s perspective this vulnerabili

Read Full Post

3 min Metasploit

Metasploit Wrap-Up: 12/6/19

Management delegation of shells Onur ER [https://github.com/onurer] contributed the Ajenti auth username command injection [https://github.com/rapid7/metasploit-framework/pull/12503] exploit module for the vulnerability Jeremy Brown discovered and published a PoC for on 2019-10-13 (EDB 47497) against Ajenti version 2.1.31. Ajenti is an open-source web-based server admin panel written in Python and JS. The application allows admins to remotely perform a variety of server management tasks. The ex

Read Full Post

1 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 9/20/19

On the correct list AppLocker and Software Restriction Policies control the applications and files that users are able to run on Windows Operating Systems. These two protections have been available to the blue team for years. AppLocker is supported on Windows 7 and above, and Software Restriction Policies is supported on Windows XP and above. Encountering either during an engagement could slow you down; however, look no further than the evasion modules for assistance. Nick Tyrer [https://github.

Read Full Post

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 6/7/19

Read up on how the recent community hackathon in Austin went, three new modules, and the usual long list of fixes and enhancements.

Read Full Post

3 min Metasploit

Metasploit Wrap-Up 3/8/19

The Payload UUID and paranoid mode Meterpreter payload and listener features were first introduced and added to many HTTP and TCP Metasploit payloads in mid-2015.

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 11/16/18

The Malicious Git HTTP Server For CVE-2018-17456 module by timwr exploits a vulnerability in Git that can cause arbitrary code execution when a user clones a malicious repository using commands such as git clone --recurse-submodules and git submodule update.

Read Full Post

3 min Metasploit Weekly Wrapup

Metasploit Wrapup: 8/31/18

VPN to root The Network Manager VPNC Username Privilege Escalation [https://github.com/rapid7/metasploit-framework/pull/10482] module by bcoles [https://github.com/bcoles] exploits a privilege escalation attack in the Network Manager VPNC plugin configuration data (CVE-2018-10900) to gain root privileges. Network Manager VPNC versions prior to 1.2.6 are vulnerable and the module has been successfully tested against 1.2.4-4 on Debian 9.0.0 (x64) and 1.1.93-1 on Ubuntu Linux 16.04.4 (x64). The e

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup: 6/29/18

Moar Power OJ Reeves [https://github.com/OJ] added [https://github.com/rapid7/metasploit-framework/pull/10206] two new PowerShell transport functions to Metasploit payloads and made modifications to the PowerShell transport binding functionality. The aptly-named Add-TcpTransport function adds an active TCP transport to the current session and the Add-WebTransport function adds an HTTP/S transport to the current session. These functions are fully documented, allowing the user to leverage the Ge

Read Full Post

3 min Metasploit Weekly Wrapup

Metasploit Wrapup 5/4/18

May the fourth be with you… Get comfortable, put on your headphones or turn up your speaker volume, and enjoy this guitar rendition [https://www.youtube.com/watch?v=CBZgLM5HUzU] of the Ewok Celebration, commonly known as Yub Nub [https://starwars.fandom.com/wiki/Ewok_Celebration] while catching up on Metasploit updates for the week. PHP Debugging Xdebug [https://xdebug.org/] is an extension for PHP to facilitate development by providing interactive debugging capabilities and much more. On an

Read Full Post

• 1
• 2