2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 8/27/21
LearnPress authenticated SQL injection
Metasploit contributor h00die [https://github.com/h00die] added a new module
that exploits CVE-2020-6010
[https://attackerkb.com/topics/x12K9JOfk2/cve-2020-6010?referrer=blog], an
authenticated SQL injection vulnerability in the WordPress LearnPress plugin.
When a user is logged in with contributor privileges or higher, the id parameter
can be used to inject arbitrary code through an SQL query. This exploit can be
used to collect usernames and password hash
3 min
Metasploit
Metasploit Wrap-Up: 5/21/21
New modules for gathering (info+config!), escalation (of privilege!), and execution (of code!).
3 min
Metasploit
Metasploit Wrap-Up: 1/8/21
Eight new Metasploit modules for various targets (and outcomes!), with a good set of improvements and fixes!
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 10/16/20
Hacktoberfest 2020 and wisdom from around the Metasploit water cooler. Keep an eye out for more info on the next Metasploit community CTF (coming soon).
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 2/28/20
Android Binder UAF, OpenNetAdmin RCE, and a slew of improvements, including colorized HttpTrace output and a better debugging experience for developers.
3 min
Metasploit
Metasploit Wrap-Up 9/6/19
At our (final!) DerbyCon Town Hall today, the Metasploit team announced the release of an initial exploit module PR for CVE-2019-0708, aka BlueKeep.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 6/21/19
TLS support and expanded options for the BlueKeep scanner module, two new modules for Cisco Prime Infrastructure, and more.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 3/15/19
elFinder remote command injection
elFinder [https://github.com/Studio-42/elFinder] is a client-side open-source
file manager tool written for web applications. In a browser it has the look and
feel of a native file manager application. It ships with a PHP connector
[https://github.com/Studio-42/elFinder/tree/master/php], which integrates the
client side with the back end server. The connector provides the ability for
unauthenticated users to upload an image and resize it. It does so by shelling
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 12/21/18
Safari Proxy Object Type Confusion
Metasploit committer timwr [https://github.com/timwr] recently added a macOS
Safari RCE exploit module
[https://github.com/rapid7/metasploit-framework/pull/10944] based on a solution
[https://github.com/saelo/pwn2own2018] that saelo [https://github.com/saelo]
developed and used successfully at Pwn2Own 2018
[https://www.thezdi.com/blog/2018/3/14/welcome-to-pwn2own-2018-the-schedule].
saelo's exploit is a three-bug chain: a Safari RCE (CVE-2018-4233), a sandbox
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 9/14/18
Your weekly run-down of the modules and improvements that landed in Metasploit Framework.
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 6/15/18
New Privilege Escalation Exploit
The glibc 'realpath()' module
[https://github.com/rapid7/metasploit-framework/pull/10101] was added by bcoles
[https://github.com/bcoles]. It attempts to gain root privileges on Debian-based
Linux systems by exploiting a vulnerability in GNU C Library (glibc) version <=
2.26. This exploit uses halfdog's [https://github.com/halfdog] RationalLove
exploit to expose a buffer underflow error in glibc realpath() and create a SUID
root shell. The module includes offset
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 2/9/18
Teenage ROBOT Returns
Imagine the joy robot parents must feel when their infant leaves home and
returns as a teenager. ROBOT (Return of Bleichenbacher Oracle Threat)
[https://www.rapid7.com/blog/post/2017/12/13/attention-humans-the-robot-attack/]
is a 19-year-old vulnerability that allows RSA decryption and signing with the
private key of a TLS server. It allows for an adaptive-chosen ciphertext attack.
It is still very much relevant today as some modern HTTPS hosts are vulnerable
to ROBOT [htt