Posts by Zachary Goldman

1 min Metasploit

Metasploit Weekly Wrap-Up 08/09/2024

Black Hat & DEF CON Hopefully folks were able to catch our Rapid7 researchers @zeroSteiner [https://x.com/zeroSteiner] & Jack Heysel show off the Metasploit 6.4's features, focusing on combinations that allow for new, streamlined attack workflows at Black Hat. If not they will also be demoing at DEF CON tomorrow in room W304! New module content (1) Calibre Python Code Injection (CVE-2024-6782) Authors: Amos Ng and Michael Heinzl Type: Exploit Pull request: #19357 [https://github.com/rapid7/meta

2 min Metasploit

Metasploit Weekly Wrap-Up 08/02/2024

Metasploit goes to Hacker Summer Camp Next week, Metasploit will have demos at both Black Hat [https://www.blackhat.com/us-24/arsenal/schedule/index.html#the-metasploit-framework-39570] and DEF CON [https://defcon.org/html/defcon-32/dc-32-demolabs.html#54186] where the latest functionality from this year will be presented. The Black Hat demo will be on Thursday the 8th from 10:10 to 11:25 and the DEF CON demo will be on Saturday the 10th from 12:00 to 13:45. The highlights will include demonst

3 min Metasploit

Metasploit Weekly Wrap-Up 05/23/2024

Infiltrate the Broadcast! A new module from Chocapikk [https://github.com/Chocapikk] allows the user to perform remote code execution on vulnerable versions of streaming platform AVideo (12.4 - 14.2). The multi/http/avideo_wwbnindex_unauth_rce module leverages CVE-2024-31819 [https://attackerkb.com/topics/y127ezofMQ/cve-2024-31819], a vulnerability to PHP Filter Chaining, to gain unauthenticated and unprivileged access, earning it an attacker value of High on AttackerKB [https://attackerkb.com/t

2 min Metasploit

Metasploit Wrap-Up 03/15/2024

New module content (3) GitLab Password Reset Account Takeover Authors: asterion04 and h00die Type: Auxiliary Pull request: #18716 [https://github.com/rapid7/metasploit-framework/pull/18716] contributed by h00die [https://github.com/h00die] Path: admin/http/gitlab_password_reset_account_takeover AttackerKB reference: CVE-2023-7028 [https://attackerkb.com/search?q=CVE-2023-7028?referrer=blog] Description: This adds an exploit module that leverages an account-take-over vulnerability to take contr

2 min Metasploit

Metasploit Weekly Wrap-Up: Dec. 22, 2023

Metasploit has added exploit content for the glibc LPE CVE-2023-4911 (AKA Looney Tunables) and RCE exploits for Confluence and Vinchin Backup and Recovery.

4 min Metasploit

Metasploit Weekly Wrap-Up: Aug. 4, 2023

Fly High in the Sky With This New Cloud Exploit! This week, a new module was added that takes advantage of both authentication bypass and command injection in certain versions of Western Digital's MyCloud hardware. Submitted by community member Erik Wynter [https://github.com/ErikWynter], this module gains access to the target, attempts to bypass authentication, verifies whether that was successful, then executes the payload with root privileges. This works on versions before 2.30.196, and offer

2 min Metasploit

Metasploit Weekly Wrap-Up: 5/19/23

Fetch Based Payloads: Making the Path from Command Injection to Metasploit Session Shorter This week we’re releasing Metasploit fetch payloads. Fetch payloads are command-based payloads that leverage network-enabled applications on remote hosts and different protocol servers to serve, download, and execute binary payloads. Over the last year, two thirds of the exploit modules landed to Metasploit Framework were command injection exploits. These exploits will be much easier to write with our new

3 min Metasploit

Metasploit Weekly Wrap-Up: 3/3/23

2022 Vulnerability Intelligence Report Released Rapid7’s broader vulnerability research team released our 2022 Vulnerability Intelligence Report [https://www.rapid7.com/blog/post/2023/02/28/a-shifting-attack-landscape-rapid7s-2022-vulnerability-intelligence-report/] this week. The report includes Metasploit and research team data on exploitation, exploitability, and vulnerability profiles that are intended to help security teams understand and prioritize risk more effectively. Put simply, secur

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 12/9/22

Login brute-force utility Jan Rude [https://github.com/whoot] added a new module that gives users the ability to brute-force login for Linux Syncovery. This expands Framework's capability to scan logins to Syncovery, a popular web GUI for backups. WordPress extension SQL injection module Cydave [https://github.com/cydave], destr4ct [https://github.com/destr4ct], and jheysel-r7 [https://github.com/jheysel-r7] contributed a new module that takes advantage of a vulnerable WordPress extension. Thi

5 min Metasploit

Metasploit Weekly Wrap-Up: Sep. 16, 2022

BYOS: Bring your own stager We try hard to make sure we have a great choice of fully-functional payloads to choose from, but sometimes you might want to “branch” out on your own, and if that’s the case we’ve got you covered. In an attempt to make Metasploit play well with others, we’ve introduced a brand new payload type: “custom.” “Custom” payloads use Metasploit stagers to build a stager that will stage whatever shellcode you send it. Got a third-party payload you want to run like Sliver or a