Posts tagged Metasploit Weekly Wrapup

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 12/21/18

Safari Proxy Object Type Confusion Metasploit committer timwr [https://github.com/timwr] recently added a macOS Safari RCE exploit module [https://github.com/rapid7/metasploit-framework/pull/10944] based on a solution [https://github.com/saelo/pwn2own2018] that saelo [https://github.com/saelo] developed and used successfully at Pwn2Own 2018 [https://www.thezdi.com/blog/2018/3/14/welcome-to-pwn2own-2018-the-schedule]. saelo's exploit is a three-bug chain: a Safari RCE (CVE-2018-4233), a sandbox

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 12/14/18

Backups that Cause Problems hypn0s [https://github.com/hypn0s] contributed a module [https://github.com/rapid7/metasploit-framework/pull/10960] that exploits Snap Creek’s Duplicator plugin for WordPress. Duplicator is a plugin that eases the backup and migration of WordPress installations. For versions 1.2.40 and below, Duplicator leaves behind a number of sensitive files, including one that gives access to controlling the WordPress restoration process. Sending a POST request to the now accessib

Read Full Post

2 min Metasploit

Metasploit Wrapup 12/7/18

If you are tired of all the snake memes and images we pushed out as we stood up support for python external modules over the last year or so, I have terrific news for you!

Read Full Post

4 min Metasploit Weekly Wrapup

Metasploit Wrapup 11/30/18

Why can't I hold all these Pull Requests? It has been a busy month here in Metasploit-land, with the holidays, the holiday community contributions, and our community CTF [/2018/11/05/announcing-the-2018-metasploit-community-ctf/]. It doesn't help that the last few months have seen our open pull request count keep climbing as well, reaching over 90 at times. Our fearless leader, busterb [https://github.com/busterb], decided to take on the challenge and landed over 20 PRs by himself in the last tw

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 11/16/18

The Malicious Git HTTP Server For CVE-2018-17456 module by timwr exploits a vulnerability in Git that can cause arbitrary code execution when a user clones a malicious repository using commands such as git clone --recurse-submodules and git submodule update.

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 11/9/18

Now in Framework: Exploit for jQuery File Upload plugin vuln, two new post modules to exfil images and texts from compromised iOS devices. Plus, this year's community CTF.

Read Full Post

3 min Metasploit Weekly Wrapup

Metasploit Wrapup: 11/2/18

Today marks the 30th anniversary of the Morris worm. We were hit by a wave of nostalgia, so here's a little history and a module-trip down memory lane courtesy of wvu.

Read Full Post

4 min Metasploit

Metasploit Wrapup: 10/26/18

We got to hit the build button three times this week. It's not something that we normally do, since the Metasploit release each week triggers automatically. But it's been such a week of surprise vulnerabilities and improvements that it made sense to get a few extra builds out the door. So, Metasploit this week jumps from 4.14.18 to 4.17.21. Look for it during your next Metasploit romp. Exploit wrapup While the excitement around libssl CVE-2018-10933 [https://github.com/rapid7/metasploit-framewo

Read Full Post

1 min Metasploit Weekly Wrapup

Metasploit Wrapup: 10/19/18

A brand new Solaris module, improved Struts module, and the latest improvements.

Read Full Post

3 min Metasploit Weekly Wrapup

Metasploit Wrapup: 10/12/18

New evasion modules in Metasploit Framework, highlights from our Town Hall at DerbyCon VIII, and the last week's improvements and module additions.

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup: 10/5/18

Metasploit’s Brent Cook, Adam Cammack, Aaron Soto, and Cody Pierce are offering themselves up to the crowds at this year’s fourth annual Metasploit Town Hall at Derbycon.

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup: 9/28/18

Trevor Forget: Metasploit Town Hall @ Derbycon Metasploit’s Brent Cook [/author/brent-cook], Adam Cammack [/author/adam-cammack], Aaron Soto [/author/aaron], and Cody Pierce are offering themselves up to the crowds at this year’s fourth annual Metasploit Town Hall at Derbycon [https://www.derbycon.com/]. Heading to bourbon country next weekend? Block off your 5 PM hour on Saturday, October 6 to join the team as they unveil some new hotness in Metasploit Framework and take questions and requests

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 9/21/18

Tomorrow brings the fall equinox, and that means (as we are almost contractually obligated to say at this point) winter is coming.

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 9/14/18

Your weekly run-down of the modules and improvements that landed in Metasploit Framework.

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 9/7/18

Ghost(script) in the shell There has been a lot of buzz the last couple weeks about Google Project Zero's Tavis Ormandy's new Ghostscript -dSAFER bypass, now complete with a Metasploit module. With some valiant work by wvu [https://github.com/wvu-r7] and taviso [https://github.com/taviso] himself, the latest way to break out of a PDF is now at your fingertips. If you pulled an advanced copy from the PR [https://github.com/rapid7/metasploit-framework/pull/10564], make sure to use the refined vers

Read Full Post

• ...
• 19
• 20
• 21
• 22
• 23
• ...