2 min
Metasploit
Metasploit Weekly Wrap-Up: 11/18/22
Pre-authenticated Remote Code Execution in VMware NSX Manager using XStream
(CVE-2021-39144)
There’s nothing quite like a pre-authenticated remote code execution
vulnerability in a piece of enterprise software. This week, community
contributor h00die-gr3y [https://github.com/h00die-gr3y] added a module
[https://github.com/rapid7/metasploit-framework/pull/17222] that targets VMware
NSX Manager using XStream. Due to an unauthenticated endpoint that leverages
XStream for input serialization in VMwa
3 min
Metasploit
Metasploit Weekly Wrap-Up: 10/21/22
Zimbra with Postfix LPE (CVE-2022-3569)
This week rbowes [https://github.com/rbowes-r7] added an LPE exploit for Zimbra
with Postfix. The exploit leverages a vulnerability whereby the Zimbra user can
run postfix as root which in turn is capable of executing arbitrary
shellscripts. This can be abused for reliable privilege escalation from the
context of the zimbra service account to root. As of this time, this
vulnerability remains unpatched.
Zimbra RCE (CVE-2022-41352)
rbowes [https://github.co
5 min
Vulnerability Disclosure
CVE-2022-31660 and CVE-2022-31661 (FIXED): VMware Workspace ONE Access, Identity Manager, and vRealize Automation LPE
The VMware Workspace ONE Access, Identity Manager, and vRealize Automation products contain a locally exploitable privilege escalation vulnerability.
4 min
Metasploit
Metasploit Weekly Wrap-Up: Jul. 29, 2022
Roxy-WI Unauthenticated RCE
This week, community member Nuri Çilengir [https://github.com/ncilengir] added
an unauthenticated RCE for Roxy-WI. Roxy-WI is an interface for managing
HAProxy, Nginx and Keepalived servers. The vulnerability can be triggered by a
specially crafted POST request to a Python script where the ipbackend parameter
is vulnerable to OS command injection. The result is reliable code execution
within the context of the web application user.
Fewer Meterpreter Scripts
Community
3 min
Vulnerability Disclosure
CVE-2022-32230: Windows SMB Denial-of-Service Vulnerability (FIXED)
With CVE-2022-32230, a remote and unauthenticated attacker can trigger a denial-of-service condition on Microsoft Windows Domain Controllers.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 4/15/22
Meterpreter Debugging
A consistent message Metasploit hears from users is that debugging and general
logging support could be improved. The gaps in functionality make it difficult
for users to understand what happens when things go wrong and for new and
existing developers to fix bugs and add new features. The Metasploit team has
been trying to improve this in various parts of the framework, the most recent
being Meterpreter. Meterpreter payloads now have additional debugging options
that can be
5 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: Mar. 25, 2022
Capture Plugin
Capturing credentials is a critical and early phase in the playbook of many
offensive security testers. Metasploit has facilitated this for years with
protocol-specific modules all under the auxiliary/server/capture. Users can
start and configure each of these modules individually, but now the capture
plugin can streamline the process. The capture plugin can easily start 13
different services (17 including SSL enabled versions) on the same listening IP
address including remote int
2 min
Metasploit
Metasploit Weekly Wrap-Up: 2/25/22
Exchange RCE
Exchange remote code execution vulnerabilities are always valuable exploits to
have. This week Metasploit added an exploit for an authenticated RCE in
Microsoft Exchange servers 2016 and server 2019 identified as CVE-2021-42321
[https://attackerkb.com/topics/4JMe2Y1WSY/cve-2021-42321?referrer=blog]. The
flaw leveraged by the exploit exists in a misconfigured denylist that failed to
prevent a serialized blob from being loaded resulting in code execution. While
this is an authenticate
6 min
Hacky Holidays 2021
Metasploit 2021 Annual Wrap-Up
Like years past, 2021 brought some surprises and had its shared of celebrity vulnerabilities. Here's are the Metasploit highlights from last year.
2 min
Metasploit
Congrats to the Winners of the 2021 Metasploit Community CTF
Thanks to everyone who participated in this year's Metasploit community CTF! In this post, we're announcing the winners.
2 min
Metasploit
Metasploit Wrap-Up: 12/3/21
Metasploit CTF 2021 starts today
It’s that time of year again! Time for the 2021 Metasploit Community CTF
[https://www.rapid7.com/blog/post/2021/11/16/announcing-the-2021-metasploit-community-ctf/]
. Earlier today over 1,100 users in more than 530 teams were registered and
opened for participation to solve this year’s 18 challenges. Next week a recap
and the winners will be announced, so stay tuned for more information.
Overlayfs LPE
This week Metasploit shipped an exploit for the recent Overla
3 min
Metasploit
Metasploit Wrap-Up: 11/5/21
GitLab RCE
New Rapid7 team member jbaines-r7 [https://github.com/jbaines-r7] wrote an
exploit targeting GitLab via the ExifTool command. Exploiting this vulnerability
results in unauthenticated remote code execution as the git user. What makes
this module extra neat is the fact that it chains two vulnerabilities together
to achieve this desired effect. The first vulnerability is in GitLab itself that
can be leveraged to pass invalid image files to the ExifTool parser which
contained the second v
3 min
Metasploit
Metasploit Wrap-Up: 6/11/21
NSClient++
Community contributor Yann Castel has contributed an exploit module for
NSClient++ which targets an authenticated command execution vulnerability. Users
that are able to authenticate to the service as admin can leverage the external
scripts feature to execute commands with SYSTEM level privileges. This allows
the underlying server to be compromised. Castel is also working on another
exploit module for NSClient++ which happens to be a local privilege escalation
so stay tuned for more N
3 min
Metasploit
Metasploit Wrap-Up: 3/5/21
A new exploit for FortiOS and some module target updates.
3 min
Metasploit
Metasploit 2020 Wrap-Up
2020 was certainly an interesting year - let’s take a look at what it meant for Metasploit.