2 min
Metasploit
Metasploit Weekly Wrap-Up: 5/19/23
Fetch Based Payloads: Making the Path from Command Injection to Metasploit
Session Shorter
This week we’re releasing Metasploit fetch payloads. Fetch payloads are
command-based payloads that leverage network-enabled applications on remote
hosts and different protocol servers to serve, download, and execute binary
payloads. Over the last year, two thirds of the exploit modules landed to
Metasploit Framework were command injection exploits. These exploits will be
much easier to write with our new
4 min
Metasploit
Metasploit Wrap-Up: May 12, 2023
New modules for Zyxel Router RCE, Pentaho Business Server Auth Bypass, ManageEngine ADAudit authenticated file write RCE, and HTTPTrace functionality added to scanner modules
3 min
Metasploit
Metasploit Weekly Wrap-Up: May 5, 2023
Throw another log [file] on the fire
Our own Stephen Fewer authored a module targeting CVE-2023-26360
[https://attackerkb.com/topics/F36ClHTTIQ/cve-2023-26360?referrer=blog]
affecting ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update
15 and earlier. The vulnerability allows multiple paths to code execution, but
our module works by leveraging a request that will result in the server
evaluating the ColdFusion Markup language on an arbitrary file on the remote
system. This all
2 min
Metasploit
Metasploit Weekly Wrap-Up: 4/28/23
Scanner That Pulls Sensitive Information From Joomla Installations
This week's Metasploit release includes a module for CVE-2023-23752 by h00die
[https://github.com/h00die]. Did you know about the improper API access
vulnerability in Joomla installations, specifically Joomla versions between
4.0.0 and 4.2.7, inclusive? This vulnerability allows unauthenticated users
access to web service endpoints which contain sensitive information such as user
and config information. This module can be used to
3 min
Metasploit
Metasploit Weekly Wrap-Up: 4/21/23
VMware Workspace ONE Access exploit chain
A new module contributed by jheysel-r7 [https://github.com/jheysel-r7] exploits
two vulnerabilities in VMware Workspace ONE Access to attain Remote Code
Execution as the horizon user.
First being CVE-2022-22956 [https://github.com/advisories/GHSA-54hw-pp59-j3rc],
which is an authentication bypass and the second being a JDBC injection in the
form of CVE-2022-22957 [https://github.com/advisories/GHSA-cqx6-4jgp-26m2]
ultimately granting us RCE.
The module
4 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: 4/14/23
Rocket Software UniRPC Exploits
Ron Bowes [https://github.com/rbowes-r7] submitted two exploit modules
[https://github.com/rapid7/metasploit-framework/pull/17832] for vulnerabilities
he discovered
[https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/]
in the UniRPC server for Rocket Software’s UniData product. The first exploit
module, exploit/linux/misc/unidata_udadmin_auth_bypass exploits an
authentication bypass to ultimately gain remot
2 min
Metasploit
Metasploit Weekly Wrap-Up: 4/7/23
The tide rolls in and out.
The flood of new modules last week crested leaving ample time for documentation
updates this week. The team and the community seem to have focused on getting
those sweet sprinkles of information that help everyone understand Metasploit
out to the world.
Enhancements and features (1)
* #17458 [https://github.com/rapid7/metasploit-framework/pull/17458] from
steve-embling [https://github.com/steve-embling] - Updates the
exploit/multi/misc/weblogic_deserialize_ba
7 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 31, 2023
5 new modules including Windows 11 WinSock Priv Esc, SolarWinds Information Service (SWIS) RCE and AMQP Support
3 min
Metasploit
Metasploit Weekly Wrap-Up: 3/24/23
Zxyel Routers Beware
This week we've released a module written by first time community contributor
shr70 [https://github.com/shr70] that can exploit roughly 45 different Zyxel
router and VPN models. The module exploits a buffer overflow vulnerability that
results in unauthenticated remote code execution on affected devices. It's rare
we see a module affect this many devices once and are excited to see this ship
in the framework. We hope pentesters and red-teamers alike can make good use of
this
3 min
Metasploit
Metasploit Weekly Wrap-Up: 3/17/23
FortiNAC EITW Content Added
Whilst we did have a few cool new modules added this week, one particularly
interesting one was a Fortinet FortiNAC vulnerability, CVE-2022-39952
[https://attackerkb.com/topics/9BvxYuiHYJ/cve-2022-39952?referrer=blog], that
was added in by team member Jack Heysel. This module exploits an unauthenticated
RCE in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through
9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0
through 8.5.4,
4 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 10, 2023
Wowza, a new credential gatherer and login scanner!
This week Metasploit Framework gained a credential gatherer for Wowza Streaming
Engine Manager. Credentials for this application are stored in a file named
admin.password in a known location and the file is readable by default by
BUILTIN\Users on Windows and is world readable on Linux.. The module was written
by community contributor bcoles [https://github.com/bcoles] who also wrote a
login scanner for Wowza this week. The login scanner can b
3 min
Metasploit
Metasploit Weekly Wrap-Up: 3/3/23
2022 Vulnerability Intelligence Report Released
Rapid7’s broader vulnerability research team released our 2022 Vulnerability
Intelligence Report
[https://www.rapid7.com/blog/post/2023/02/28/a-shifting-attack-landscape-rapid7s-2022-vulnerability-intelligence-report/]
this week. The report includes Metasploit and research team data on
exploitation, exploitability, and vulnerability profiles that are intended to
help security teams understand and prioritize risk more effectively. Put simply,
secur
2 min
Metasploit
Metasploit Wrap-Up: 2/24/23
Basic discover script improvements
This week two improvements were made to the script/resource/basic_discovery.rc
resource script. The first update from community member samsepi0x0
[https://github.com/samsepi0x0] allowed commas in the RHOSTS value, making it
easier to target multiple hosts. Additionally, adfoster-r7
[https://github.com/adfoster-r7] improved the script by adding better handling
for error output. This continues our trend of trying to provide more useful
diagnostic information to
2 min
Metasploit
Metasploit Wrap-Up: 2/17/23
Cisco RV Series Auth Bypass and Command Injection
Thanks to community contributor neterum [https://github.com/neterum], Metasploit
framework just gained an awesome new module which targets Cisco Small Business
RV Series Routers. The module actually exploits two vulnerabilities, an
authentication bypass CVE-2022-20705
[https://attackerkb.com/topics/1iBoR0w9Ak/cve-2022-20705?referrer=blog] and a
command injection vulnerability CVE-2022-20707
[https://attackerkb.com/topics/J6696vwQVH/cve-2022-20707
4 min
Metasploit
Metasploit Weekly Wrap-Up: 2/10/23
Taking a stroll down memory lane (Tomcat Init Script Privilege Escalation)
Do you remember the issue with Tomcat init script that was originally discovered
by Dawid Golunski [https://twitter.com/dawid_golunski?lang=en] back in 2016 that
led to privilege escalation? This week's Metasploit release includes an exploit
module for CVE-2016-1240 by h00die [https://github.com/h00die]. This
vulnerability allows any local users who already have tomcat accounts to perform
privilege escalation and gain acc