Posts tagged Metasploit Weekly Wrapup

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 11/16/18

The Malicious Git HTTP Server For CVE-2018-17456 module by timwr exploits a vulnerability in Git that can cause arbitrary code execution when a user clones a malicious repository using commands such as git clone --recurse-submodules and git submodule update.

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 11/9/18

Now in Framework: Exploit for jQuery File Upload plugin vuln, two new post modules to exfil images and texts from compromised iOS devices. Plus, this year's community CTF.

Read Full Post

3 min Metasploit Weekly Wrapup

Metasploit Wrapup: 11/2/18

Today marks the 30th anniversary of the Morris worm. We were hit by a wave of nostalgia, so here's a little history and a module-trip down memory lane courtesy of wvu.

Read Full Post

4 min Metasploit

Metasploit Wrapup: 10/26/18

We got to hit the build button three times this week. It's not something that we normally do, since the Metasploit release each week triggers automatically. But it's been such a week of surprise vulnerabilities and improvements that it made sense to get a few extra builds out the door. So, Metasploit this week jumps from 4.14.18 to 4.17.21. Look for it during your next Metasploit romp. Exploit wrapup While the excitement around libssl CVE-2018-10933 [https://github.com/rapid7/metasploit-framewo

Read Full Post

1 min Metasploit Weekly Wrapup

Metasploit Wrapup: 10/19/18

A brand new Solaris module, improved Struts module, and the latest improvements.

Read Full Post

3 min Metasploit Weekly Wrapup

Metasploit Wrapup: 10/12/18

New evasion modules in Metasploit Framework, highlights from our Town Hall at DerbyCon VIII, and the last week's improvements and module additions.

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup: 10/5/18

Metasploit’s Brent Cook, Adam Cammack, Aaron Soto, and Cody Pierce are offering themselves up to the crowds at this year’s fourth annual Metasploit Town Hall at Derbycon.

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup: 9/28/18

Trevor Forget: Metasploit Town Hall @ Derbycon Metasploit’s Brent Cook [/author/brent-cook], Adam Cammack [/author/adam-cammack], Aaron Soto [/author/aaron], and Cody Pierce are offering themselves up to the crowds at this year’s fourth annual Metasploit Town Hall at Derbycon [https://www.derbycon.com/]. Heading to bourbon country next weekend? Block off your 5 PM hour on Saturday, October 6 to join the team as they unveil some new hotness in Metasploit Framework and take questions and requests

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 9/21/18

Tomorrow brings the fall equinox, and that means (as we are almost contractually obligated to say at this point) winter is coming.

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 9/14/18

Your weekly run-down of the modules and improvements that landed in Metasploit Framework.

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 9/7/18

Ghost(script) in the shell There has been a lot of buzz the last couple weeks about Google Project Zero's Tavis Ormandy's new Ghostscript -dSAFER bypass, now complete with a Metasploit module. With some valiant work by wvu [https://github.com/wvu-r7] and taviso [https://github.com/taviso] himself, the latest way to break out of a PDF is now at your fingertips. If you pulled an advanced copy from the PR [https://github.com/rapid7/metasploit-framework/pull/10564], make sure to use the refined vers

Read Full Post

3 min Metasploit Weekly Wrapup

Metasploit Wrapup: 8/31/18

VPN to root The Network Manager VPNC Username Privilege Escalation [https://github.com/rapid7/metasploit-framework/pull/10482] module by bcoles [https://github.com/bcoles] exploits a privilege escalation attack in the Network Manager VPNC plugin configuration data (CVE-2018-10900) to gain root privileges. Network Manager VPNC versions prior to 1.2.6 are vulnerable and the module has been successfully tested against 1.2.4-4 on Debian 9.0.0 (x64) and 1.1.93-1 on Ubuntu Linux 16.04.4 (x64). The e

Read Full Post

1 min Metasploit Weekly Wrapup

Metasploit Wrapup: 8/24/18

ssh_enumusers Gets An Update wvu integrated the malformed packet technique [https://nvd.nist.gov/vuln/detail/CVE-2018-15473] into the ssh_enumusers module originally written by kenkeiras [https://github.com/kenkeiras]. This module allows an attacker to guess the user accounts on an OpenSSH server on versions up to 7.7, allowing the module to work on more versions than before. GSoC Wraps Up As Google Summer of Code finished up, Framework received an array of new and exciting features. WangYihang

Read Full Post

3 min Metasploit

Metasploit Wrapup: 8/17/18

We had a great time meeting everyone at the various Metasploit events at hacker summer camp last week, including two popup capture the flag events with Metasploitable3, the Open Source Security Meetup and selling Metasploit 0xf Anniversary Tour.

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 8/10/18

Check Yourself Before You Wreck Yourself Even if you're a pro sleuth who can sniff out a vulnerability on even the most hardened of networks, it's always nice to be have some added validation that your attack is going to be successful. That's why it's always valuable to have a solid "check" method available to verify that you're barking up the right tree. This week bcoles [https://github.com/bcoles] upgraded the UAC check for Windows [https://github.com/rapid7/metasploit-framework/pull/10419] to

Read Full Post

• ...
• 18
• 19
• 20
• 21
• 22
• ...