3 min
Metasploit
Congrats to the Winners of the 2020 December Metasploit Community CTF
Thank you all that participated in the 2020 December Metasploit community CTF
[/2020/11/19/announcing-the-2020-december-metasploit-community-ctf/]! The four
day CTF was well received by the community, with 874 teams and 1903 users
registered! We’ve included the high-level stats and the competition winners
below. If you played the CTF and want to let the Metasploit team know which
challenges you found exhilarating, interesting, or infuriating (in a good way,
of course), we have a feedback survey
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 12/4/20
It's CTF week(end)! Plus, steal files from Apache Tomcat servers thanks to a new Ghostcat exploit, and dump process memory with a new post module that leverages Avast AV's built-in AvDump utility.
3 min
Metasploit
Metasploit Wrap-Up 11/27/20
Five new modules, and a reminder for the upcoming CTF
3 min
Metasploit
Metasploit Wrap-Up: 11/20/20
Two new RCE-capable modules and some good fixes and enhancements!
7 min
Metasploit
Announcing the 2020 December Metasploit Community CTF
It’s time for another Metasploit community CTF! This time around we’re doing a few things differently. Read on for details.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 11/13/20
Four new modules, including an exploit for SaltStack Salt and an exploit for a now-patched vuln in Metasploit, plus new enhancements and fixes.
2 min
Metasploit
Metasploit Wrap-Up: Nov. 6, 2020
Insert 'What Year Is It' meme
h00die [https://github.com/h00die] contributed the Mikrotik unauthenticated
directory traversal file read
[https://github.com/rapid7/metasploit-framework/pull/14280] auxiliary gather
module, largely a port of the PoC by Ali Mosajjal [https://github.com/mosajjal].
The vulnerability CVE-2018-14847
[https://attackerkb.com/topics/oOoUGd0y46/cve-2018-14847?referrer=blog] allows
any file from the router to be read through the Winbox server in RouterOS due to
a lack of val
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 10/30/20
Support for gathering ProxyUsername and ProxyPassword for saved PuTTY sessions, usability improvements for PsExec modules, and another CTF coming soon.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 10/23/20
A bug fix for EternalBlue on Metasploit 6, four new modules, and a bunch of enhancements.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 10/16/20
Hacktoberfest 2020 and wisdom from around the Metasploit water cooler. Keep an eye out for more info on the next Metasploit community CTF (coming soon).
2 min
Metasploit
Metasploit Wrap-Up: 10/9/20
Enhancements, bug fixes, and a new SAP IGS module!
5 min
Metasploit
Metasploit Wrap-Up: Oct. 2, 2020
Windows secrets dump, an 'in' with Safari, and more!
9 min
Metasploit
Exploitability Analysis: Smash the Ref Bug Class
Two Metasploit researchers evaluate the "Smash the Ref" win32k bug class for exploitability and practical exploitation use cases for pen testers and red teams looking to obtain an initial foothold in the context of a standard user account.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-up: 9/25/20
Nine new modules, including a module for Zerologon, a new SOCKS module, some privilege escalations, and another Java deserialization exploit.
3 min
Metasploit
Metasploit Wrap-Up: Sep. 18, 2020
Six new modules this week, and a good group of enhancements and fixes!