2 min
Metasploit
Metasploit Wrap-Up 03/28/2025
Windows LPE - Cloud File Mini Filer Driver Heap Overflow
This Metasploit release includes an exploit module for CVE-2024-30085, an LPE in
cldflt.sys which is known as the Windows Cloud Files Mini Filer Driver. This
driver allows users to manage and sync files between a remote server and a local
client. The exploit module allows users with an existing session on an affected
Windows device to seamlessly escalate their privileges to NT AUTHORITY\SYSTEM.
This module has been tested on Windows workst
2 min
Metasploit
Metasploit Wrap-Up 03/21/2025
SMB to LDAP Relay
This week, the Metasploit team have added an exciting relay module that has been
in the works for a long time. This relay module is used to host an SMB server,
and execute an SMB to LDAP relay attack against a Domain controller with an LDAP
server when NTLMv1 is being used as the SMB authentication method. PetitPotam
can be used to coerce authentication on the victim system and relay it to the
Domain Controller.The module automatically takes care of removing the relevant
flags
1 min
Metasploit
Metasploit Weekly Wrap-Up 03/14/25
New module content (1)
InvoiceShelf unauthenticated PHP Deserialization Vulnerability
Authors: Mickaël Benassouli, Rémi Matasse, and h00die-gr3y
[https://github.com/h00die-gr3y]
Type: Exploit
Pull request: #19950 [https://github.com/rapid7/metasploit-framework/pull/19950]
contributed by h00die-gr3y [https://github.com/h00die-gr3y]
Path: linux/http/invoiceshelf_unauth_rce_cve_2024_55556
AttackerKB reference: CVE-2024-55556
[https://attackerkb.com/search?q=CVE-2024-55556&referrer=blog]
Descripti
3 min
Metasploit
Metasploit Wrap-Up 03/06/2025
New module content (3)
Get NAA Credentials
Authors: skelsec, smashery, and xpn
Type: Auxiliary
Pull request: #19712 [https://github.com/rapid7/metasploit-framework/pull/19712]
contributed by smashery [https://github.com/smashery]
Path: admin/sccm/get_naa_credentials
Description: Adds an auxiliary module which performs the retrieval of Network
Access Account (NAA) credentials from an System Center Configuration Manager
(SCCM) server. Given a computer name and password (which can typically be
cr
2 min
Metasploit
Metasploit Weekly Wrap-Up: 02/28/2025
New module content (5)
mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)
Author: Michael Heinzl
Type: Auxiliary
Pull request: #19878 [https://github.com/rapid7/metasploit-framework/pull/19878]
contributed by h4x-x0r [https://github.com/h4x-x0r]
Path: admin/scada/mypro_mgr_creds
AttackerKB reference: CVE-2025-22896
[https://attackerkb.com/search?q=CVE-2025-22896&referrer=blog]
Description: This module adds credential harvesting for MySCADA MyPro Manager
using CVE-20
2 min
Metasploit
Metasploit Weekly Wrap-Up 02/21/2025
BeyondTrust exploit + fetch payload updates
This Metasploit release includes an exploit module that chains two
vulnerabilities, one exploited in the wild by APT groups and another one, a
0-day discovered by Rapid7
[https://attackerkb.com/topics/vC7mUlftWA/cve-2025-1094?referrer=search] during
the vulnerability analysis. This week's release also includes a significant
enhancement to Metasploit's fetch payloads, which now support PPC, MIPS and ARM
architectures. This allows the payloads to be use
2 min
Metasploit
Metasploit Weekly Wrap-Up 02/14/2025
New module content (2)
Unauthenticated RCE in NetAlertX
Authors: Chebuya (Rhino Security Labs) and Takahiro Yokoyama
Type: Exploit
Pull request: #19868 [https://github.com/rapid7/metasploit-framework/pull/19868]
contributed by Takahiro-Yoko [https://github.com/Takahiro-Yoko]
Path: linux/http/netalertx_rce_cve_2024_46506
AttackerKB reference: CVE-2024-46506
[https://attackerkb.com/search?q=CVE-2024-46506&referrer=blog]
Description: A new module for an unauthenticated remote code execution bug i
3 min
Metasploit
Metasploit Weekly Wrap-Up 02/07/2025
Gathering data and improving workflows
This week's release includes 2 new auxiliary modules targeting Argus
Surveillance DVR and Ivanti Connect Secure. The former, contributed by Maxwell
Francis, and based on the work of John Page, can be used to retrieve arbitrary
files on the target's filesystem by exploiting an unauthenticated directory
traversal vulnerability. The latter, brought by our very own Martin Šutovský
[https://github.com/msutovsky-r7], is a HTTP login scanner for Ivanti Connect
Sec
3 min
Metasploit
Metasploit Weekly Wrap-Up 01/31/25
ESC4 Detection
This week, Metasploit’s jheysel-r7 [https://github.com/jheysel-r7] updated the
existing ldap_esc_vulnerable_cert_finder module to include detecting template
objects that can be written to by the authenticated user. This means the module
can now identify instances of ESC4 from the perspective of the account that the
Metasploit operator provided the credentials for. Metasploit has been capable of
exploiting ESC4 for some time, but required users to know which certificate
templates t
2 min
Metasploit
Metasploit Weekly Wrap-Up 01/24/2025
LibreNMS Authenticated RCE module and ESC15 improvements
This week the Metasploit Framework was blessed with an authenticated RCE module
in LibreNMS, an autodiscovering PHP/MySQL-based network monitoring system. An
authenticated attacker can create dangerous directory names on the system and
alter sensitive configuration parameters through the web portal. These two
defects combined to allow arbitrary OS commands inside shell_exec() calls, thus
achieving arbitrary code execution.
Additionally, i
2 min
Metasploit
Metasploit Wrap-Up 01/17/2025
Three new Metasploit exploit modules released, including a module targeting Cleo File Transfer Software (CVE-2024-55956)
3 min
Metasploit
Metasploit Wrap-Up 01/10/2025
New module content (5)
OneDev Unauthenticated Arbitrary File Read
Authors: Siebene and vultza
Type: Auxiliary
Pull request: #19614 [https://github.com/rapid7/metasploit-framework/pull/19614]
contributed by vultza [https://github.com/vultza]
Path: gather/onedev_arbitrary_file_read
AttackerKB reference: CVE-2024-45309
[https://attackerkb.com/search?q=CVE-2024-45309&referrer=blog]
Description: This adds an exploit module for an unauthenticated arbitrary file
read vulnerability, tracked as CVE-202
11 min
Metasploit
Metasploit 2024 Annual Wrap-Up
Another year has come and gone, and the Metasploit team has taken some time to
review the year’s notable additions. This year saw some great new features
added, Metasploit 6.4 released
[https://www.rapid7.com/blog/post/2024/03/25/metasploit-framework-6-4-released/]
and a slew of new modules. We’re grateful to the community members new and old
that have submitted modules and issues this year. The real privilege escalation
was the privilege of working with the contributors and friends we made alo
2 min
Metasploit
Metasploit Weekly Wrap-Up 12/20/2024
New module content (4)
GameOver(lay) Privilege Escalation and Container Escape
Authors: bwatters-r7, g1vi, gardnerapp, and h00die
Type: Exploit
Pull request: #19460 [https://github.com/rapid7/metasploit-framework/pull/19460]
contributed by gardnerapp [https://github.com/gardnerapp]
Path: linux/local/gameoverlay_privesc
AttackerKB reference: CVE-2023-2640
[https://attackerkb.com/search?q=CVE-2023-2640&referrer=blog]
Description: Adds a module for CVE-2023-2640 and CVE-2023-32629, a local
privil
4 min
Metasploit
Metasploit Weekly Wrap-Up 12/13/2024
It’s raining RCEs!
It's the second week of December and the weather forecast announced another
storm of RCEs in Metasploit-Framework land. This weekly release includes RCEs
for Moodle e-Learning platform, Primefaces, WordPress Really Simple SSL and
CyberPanel along with two modules to change password through LDAP and SMB
protocol.
New module content (7)
Change Password
Author: smashery
Type: Auxiliary
Pull request: #19671 [https://github.com/rapid7/metasploit-framework/pull/19671]
contributed
