3 min
Metasploit
Metasploit Weekly Wrap-Up 06/21/2024
Argument Injection for PHP on Windows
This week includes modules that target file traversal and arbitrary file read
vulnerabilities for software such as Apache, SolarWinds and Check Point, with
the highlight being a module for the recent PHP vulnerability submitted by
sfewer-r7 [https://github.com/sfewer-r7]. This module exploits an argument
injection vulnerability, resulting in remote code execution and a Meterpreter
shell running in the context of the Administrator user.
Note, that this attac
3 min
Metasploit
Metasploit Weekly Wrap-Up 04/12/24
Account Takeover using Shadow Credentials
The new release of Metasploit Framework includes a Shadow Credentials module
added by smashery [https://github.com/rapid7/metasploit-framework/pull/19051]
used for reliably taking over an Active Directory user account or computer, and
letting future authentication to happen as that account. This can be chained
with other modules present in Metasploit Framework such as windows_secrets_dump.
Details
The module targets a ‘victim’ account that is part of a
2 min
Metasploit
Metasploit Weekly Wrap-Up 02/02/2024
Shared RubySMB Service Improvements
This week’s updates include improvements to
[https://github.com/rapid7/metasploit-framework/pull/18680] Metasploit
Framework’s SMB server implementation: the SMB server can now be reused across
various SMB modules, which are now able to register their own unique shares and
files. SMB modules can also now be executed concurrently. Currently, there are
15 SMB modules in Metasploit Framework that utilize this feature.
New module content (2)
Mirth Connect Deseria
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 4/8/22
Five new modules targeting Windows, Linux, macOS, and more. Plus, updates to the Log4Shell scanner and a new Windows Meterpreter option to enable additional logging visible in DbgView
3 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: 1/14/22
Five new modules, including exploits for Log4Shell and SonicWall SMA 100 series devices, plus a new Meterpreter command that allows users to kill all channels at once.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 10/8/21
New modules for vCenter Server and Linux Netfilter, plus fixes and enhancements.