2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Sep. 11, 2020
Three new modules, including a Pwn2Own addition for OS X, plus proxy support for Python Meterpreter, new search improvements, and a reminder of how to report security issues in Metasploit.
4 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 9/4/20
New reflective PE file loader, a new module, new search improvements, and updates on Google Summer of Code projects.
2 min
Metasploit
Metasploit Wrap-Up: Aug. 28, 2020
Give me your hash
This week, community contributor HynekPetrak [https://github.com/HynekPetrak]
added a new module [https://github.com/rapid7/metasploit-framework/pull/13906]
for dumping passwords and hashes stored as attributes in LDAP servers. It uses
an LDAP connection to retrieve data from an LDAP server and then harvests user
credentials in specific attributes. This module can be used against any kind of
LDAP server with either anonymous or authenticated bind. Particularly, it can be
used
2 min
Metasploit
Metasploit Wrap-Up: 8/21/20
Setting module options just got easier!
Rapid7's own Dean Welch [https://github.com/dwelch-r7] added a new option
[https://github.com/rapid7/metasploit-framework/pull/13961] to framework called
RHOST_HTTP_URL, which allows users to set values for multiple URL components,
such as RHOSTS, RPORT, and SSL, by specifying a single option value. For
example, instead of typing set RHOSTS example.com, set RPORT 5678, set SSL true,
you can now accomplish the same thing with the command set RHOST_HTTP_URL
2 min
Metasploit
Metasploit Wrap-Up: 8/14/20
vBulletin strikes again
This week saw another vBulletin exploit released by returning community member
Zenofex. This exploit module allows an unauthenticated attacker to run arbitrary
PHP code or operating system commands on affected versions of the vBulletin web
application. The vulnerability, which was also discovered by Zenofex, is
identified as CVE-2020-7373
[https://attackerkb.com/topics/aIL9b0uOYc/cve-2020-7373?referrer=blog] and is
effectively a bypass for a previously patched vulnerabili
5 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 8/7/20
Metasploit 6 initial features and active development, the 2020 open-source security meetup (OSSM), four new modules, and the longest list of enhancements and fixes we've ever written in one sitting.
3 min
Metasploit
Metasploit 6 Now Under Active Development
The Metasploit team announces active development of Metasploit Framework 6. Initial features include end-to-end encryption of Meterpreter communications, SMBv3 client support, and a new polymorphic payload generation routine for Windows shellcode.
3 min
Metasploit
Metasploit Wrap-Up - July 31, 2020
SharePoint DataSet/DataTable deserialization
First up we have an exploit from Spencer McIntyre (@zeroSteiner) for
CVE-2020-1147
[https://attackerkb.com/topics/HgtakVczYd/cve-2020-1147?referrer=blog], a
deserialization vulnerability in SharePoint instances that was patched by
Microsoft on July 14th 2020 and which has been getting quite a bit of attention
in the news lately. This module
[https://github.com/rapid7/metasploit-framework/pull/13920] utilizes Steven
Seeley (@stevenseeley)'s writeup al
1 min
Metasploit
Open Source Security Meetup (OSSM): Virtual Edition
The Rapid7 Metasploit team will be hosting our annual Open Source Security Meetup (OSSM) as a virtual event Thursday, August 6th!
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 7/24/20
Yes, it’s a huge enterprise vulnerability week (again)
For our 100th release since the release of 5.0
[/2019/01/10/metasploit-framework-5-0-released/] 18 months ago, our own
zeroSteiner [https://github.com/zeroSteiner] got us a nifty module for the SAP
"RECON" vulnerability
[https://attackerkb.com/topics/JubO1RiVBP/cve-2020-6287-critical-vulnerability-in-sap-netweaver-application-server-as-java]
affecting NetWeaver version 7.30 to 7.50. It turns out those versions will allow
anyone to create a
2 min
Metasploit
Metasploit Wrap-Up: 7/17/20
Plex unpickling
The exploit/windows/http/plex_unpickle_dict_rce module
[https://github.com/rapid7/metasploit-framework/pull/13741] by h00die
[https://github.com/h00die] exploits an authenticated Python deserialization
vulnerability in Plex Media Server. The module exploits the vulnerability by
creating a photo library and uploading a Dict file containing a Python payload
to the library’s path. Code execution is then achieved by triggering the plugin
loading functionality, which unpickles the Dic
2 min
Metasploit
Metasploit Wrap-Up: 7/10/20
Intensity not on the Fujita scale
SOC folks may have been feeling increased pressure as word spread of
CVE-2020-5902
[https://attackerkb.com/topics/evLpPlZf0i/cve-2020-5902?referrer=blog#rapid7-analysis]
being exploited in the wild. Vulnerabilities in networking equipment always pose
a unique set of constraints for IT operations when it comes to mitigations and
patches given their role in connecting users to servers, services or
applications. Yet from an attacker’s perspective this vulnerabili
2 min
Metasploit
Metasploit Wrap-Up: 7/3/20
Shifting (NET)GEARs
Community contributor rdomanski [https://github.com/rdomanski] added a module
for Netgear R6700v3 routers
[https://github.com/rapid7/metasploit-framework/pull/13768] that allows
unauthenticated attackers on the same network to reset the password for the
admin user back to the factory default of password. Attackers can then manually
change the admin user's password and log into it after enabling telnet via the
exploit/linux/telnet/netgear_telnetenable module, which will gran
2 min
Metasploit
Metasploit Wrap-Up: 6/26/20
Who watches the watchers?
If you are checking up on an organization using Trend Micro Web Security, it
might be you. A new module this week takes advantage of a chain of
vulnerabilities to give everyone (read unauthenticated users) a chance to decide
what threats the network might let slip through.
Following the trend, what about watchers that are not supposed to be there?
Agent Tesla Panel is a fun little trojan (not to be found zipping around on our
highways and byways) which now offers, agai
2 min
Metasploit
Metasploit Wrap-Up: 6/19/20
Arista Shell Escape Exploit
Community contributor SecurityBytesMe [https://github.com/SecurityBytesMe] added
an exploit module [https://github.com/rapid7/metasploit-framework/pull/13303]
for various Arista switches. With credentials, an attacker can SSH into a
vulnerable device and leverage a TACACS+ shell configuration to bypass
restrictions. The configuration allows the pipe character to be used only if the
pipe is preceded by a grep command. This configuration ultimately allows the
chaining