Posts tagged Metasploit Weekly Wrapup

2 min Metasploit

Metasploit Weekly Wrap-Up 01/12/24

New module content (1) Windows Gather Mikrotik Winbox "Keep Password" Credentials Extractor Author: Pasquale 'sid' Fiorillo Type: Post Pull request: #18604 [https://github.com/rapid7/metasploit-framework/pull/18604] contributed by siddolo [https://github.com/siddolo] Path: windows/gather/credentials/winbox_settings Description: This pull request introduces a new post module to extract the Mikrotik Winbox credentials, which are saved in the settings.cfg.viw file when the "Keep Password" option

2 min Metasploit

Metasploit Weekly Wrap-Up 1/05/2024

New module content (2) Splunk __raw Server Info Disclosure Authors: KOF2002, h00die, and n00bhaxor Type: Auxiliary Pull request: #18635 [https://github.com/rapid7/metasploit-framework/pull/18635] contributed by n00bhaxor [https://github.com/n00bhaxor] Path: gather/splunk_raw_server_info Description: This PR adds a module for an authenticated Splunk information disclosure vulnerability. This module gathers information about the host machine and the Splunk install including OS version, build, CP

8 min Metasploit

Metasploit 2023 Annual Wrap-Up: Dec. 29, 2023

As 2023 winds down, we’re taking another look back at all the changes and improvements to the Metasploit Framework. This year marked the 20th anniversary since Metasploit version 1.0 was committed and the project is still actively maintained and improved thanks to a thriving community. Version 6.3 Early this year in January, Metasploit version 6.3 [https://www.rapid7.com/blog/post/2023/01/30/metasploit-framework-6-3-released/] was released with a number of improvements for targeting Active Dir

2 min Metasploit

Metasploit Weekly Wrap-Up: Dec. 22, 2023

Metasploit has added exploit content for the glibc LPE CVE-2023-4911 (AKA Looney Tunables) and RCE exploits for Confluence and Vinchin Backup and Recovery.

3 min Metasploit

Metasploit Weekly Wrap-Up: Dec. 15, 2023

Continuing the 12th Labor of Metasploit Metasploit continues its Herculean task of increasing our toolset to tame Kerberos by adding support for AS_REP Roasting, which allows retrieving the password hashes of users who have Do not require Kerberos preauthentication set on the domain controller. The setting is disabled by default, but it is enabled in some environments. Attackers can request the hash for any user with that option enabled, and worse (or better?) you can query the DC to determine

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 12/8/2023

New this week: An OwnCloud gather module and a Docker cgroups container escape. Plus, an early feature that allows users to search module actions, targets, and aliases.

4 min Metasploit

Metasploit Weekly Wrap-Up: Dec. 1, 2023

Customizable DNS resolution Contributor smashery [https://github.com/smashery] added a new dns command to Metasploit console, which allows the user to customize the behavior of DNS resolution. Similarly to the route command, it is now possible to specify where DNS requests should be sent to avoid any information leak. Before these changes, the Framework was using the default local system configuration. Now, it is possible to specify which DNS server should be queried based on rules that match sp

1 min Metasploit

Metasploit Wrap-Up: Nov. 23, 2023

Metasploit 6.3.44 released with stability improvements and module fixes

1 min Metasploit Weekly Wrapup

Metasploit Weekly Wrap-Up: Nov. 17, 2023

Possible Web Service Removal Metasploit has support for running with a local database, or from a remote web service which can be initialized with msfdb init --component webservice. Future versions of Metasploit Framework may remove the msfdb remote webservice. Users that leverage this functionality are invited to react on an issue currently on GitHub [https://github.com/rapid7/metasploit-framework/issues/18439] to inform the maintainers that the feature is used. New module content (1) ZoneMind

3 min Metasploit Weekly Wrapup

Metasploit Weekly Wrap-Up 11/10/23

Apache MQ and Three Cisco Modules in a Trenchcoat This week’s release has a lot of new content and features modules targeting two major recent vulnerabilities that got a great deal of attention: CVE-2023-46604 targeting Apache MQ [https://www.rapid7.com/blog/post/2023/11/01/etr-suspected-exploitation-of-apache-activemq-cve-2023-46604/] resulting in ransomware deployment and CVE-2023-20198 targeting Cisco IOS XE OS [https://www.rapid7.com/blog/post/2023/10/17/etr-cve-2023-20198-active-exploitati

2 min Metasploit

Metasploit Weekly Wrap-Up: Nov. 3, 2023

PTT for DCSync This week, community member smashery [https://github.com/smashery] made an improvement to the windows_secrets_dump module to enable it to dump domain hashes using the DCSync method after having authenticated with a Kerberos ticket. Now, if a user has a valid Kerberos ticket for a privileged account, they can run the windows_secrets_dump module with the DOMAIN action and obtain the desired information. No password required. This is particularly useful in workflows involving the exp

2 min Metasploit

Metasploit Weekly Wrap-Up: Oct. 27, 2023

New module content (4) Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control Authors: Emir Polat and Unknown Type: Auxiliary Pull request: #18447 [https://github.com/rapid7/metasploit-framework/pull/18447] contributed by emirpolatt [https://github.com/emirpolatt] Path: admin/http/atlassian_confluence_auth_bypass AttackerKB reference: CVE-2023-22515 [https://attackerkb.com/topics/Q5f0ItSzw5/cve-2023-22515?referrer=blog] Description: This adds an exploit for

4 min Metasploit

Metasploit Weekly Wrap-Up: Oct. 19, 2023

That Privilege Escalation Escalated Quickly This release features a module leveraging CVE-2023-22515 [https://www.rapid7.com/blog/post/2023/10/04/etr-cve-2023-22515-zero-day-privilege-escalation-in-confluence-server-and-data-center/] , a vulnerability in Atlassian’s on-premises Confluence Server first listed as a privilege escalation, but quickly recategorized as a “broken access control” with a CVSS score of 10. The exploit itself is very simple and easy to use so there was little surprise when

3 min Metasploit

Metasploit Weekly Wrap-Up: Oct. 13, 2023

Pollution in Kibana This week, contributor h00die [https://github.com/h00die] added a module that leverages a prototype pollution bug in Kibana prior to version 7.6.3. Particularly, this issue is within the Upgrade Assistant and enables an attacker to execute arbitrary code. This vulnerability can be triggered by sending a queries that sets a new constructor.prototype.sourceURL directly to Elastic or by using Kibana to submit the same queries. Note that Kibana needs to be restarted or wait for c

2 min Metasploit

Metasploit Weekly Wrap-Up: Oct. 6, 2023

New module content (3) LDAP Login Scanner Author: Dean Welch Type: Auxiliary Pull request: #18197 [https://github.com/rapid7/metasploit-framework/pull/18197] contributed by dwelch-r7 [https://github.com/dwelch-r7] Path: scanner/ldap/ldap_login Description: This PR adds a new login scanner module for LDAP. Login scanners are the classes that provide functionality for testing authentication against various different protocols and mechanisms. This LDAP login scanner supports multiple types of aut