20 min
Research
Open-Source Command and Control of the DOUBLEPULSAR Implant
Metasploit researcher William Vu shares technical analysis behind a recent addition to Framework: a module that executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB and allows users to remotely disable the implant.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 9/27/19
BlueKeep is Here
The BlueKeep exploit module
[https://github.com/rapid7/metasploit-framework/pull/12283] is now officially a
part of Metasploit Framework. This module reached merged status thanks to lots
of collaboration between Rapid7 and the MSF community members. The module
requires some manual configuration per target, and targets include both
virtualized and non-virtualized versions of Windows 7 and Windows Server 2008.
For a full overview of the exploit’s development and notes on use and d
1 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 9/20/19
On the correct list
AppLocker and Software Restriction Policies control the applications and files
that users are able to run on Windows Operating Systems. These two protections
have been available to the blue team for years. AppLocker is supported on
Windows 7 and above, and Software Restriction Policies is supported on Windows
XP and above. Encountering either during an engagement could slow you down;
however, look no further than the evasion modules for assistance. Nick Tyrer
[https://github.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Sep. 13, 2019
Fall is in the air, October is on the way, and it is Friday the 13th. We have a
lot of updates and features that landed this week, though none are particularly
spooky, and unfortunately, none are json-related…1
We recently updated our digital signing keys, and some users may have seen
warnings that their Metasploit packages were not signed. We’ve fixed this as of
this week—apologies for any confusion. If you are still experiencing signing
issues, you may need to re-download Metasploit installer
3 min
Metasploit
Metasploit Wrap-Up 9/6/19
At our (final!) DerbyCon Town Hall today, the Metasploit team announced the release of an initial exploit module PR for CVE-2019-0708, aka BlueKeep.
4 min
Metasploit
Initial Metasploit Exploit Module for BlueKeep (CVE-2019-0708)
Today, Metasploit is releasing an initial public exploit module for CVE-2019-0708, also known as BlueKeep, as a pull request on Metasploit Framework.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/30/19
Back to school blues
Summer is winding down and while our for contributions haven't dropped off
(thanks y'all!), we've been tied up with events and a heap of research. Don't
despair, though: our own Brent Cook [https://github.com/busterb], Pearce Barry,
Jeffrey Martin [https://github.com/jmartin-r7], and Matthew Kienow
[https://github.com/mkienow-r7] will be at DerbyCon 9 running the Metasploit
Town Hall at noon Friday. They'll be delivering a community update and answering
questions, so be sur
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/23/19
A LibreOffice file format exploit, plus improvements to TLS and CredSSP-based fingerprinting.
5 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/16/19
Hacker Summer Camp
Last week, the Metasploit team flew out to sunny, hot, and dry Las Vegas for
Hacker Summer Camp (Black Hat, BSidesLV, and DEF CON). It was a full week of
epic hacks, good conversation, and even a little business!
If you managed to catch us at our Open Source Office Hours
[https://blog.rapid7.com/2019/07/15/metasploit-open-source-office-hours-in-vegas/]
(previously
OSSM, the Open Source Security Meetup) in Bally's, we just wanted to say
thanks for making the trek through the
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/9/19
Keep on Bluekeepin’ on
TomSellers [https://github.com/TomSellers] added a new option to the
increasingly useful Bluekeep Scanner module
[https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb]
that allows execution of a DoS attack when running the module. This adds a new
level of effectiveness in proving the severity of this vulnerability.
As part of this update, TomSellers [https://github.com/TomSellers] moved and
refactored a lot of
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/2/19
A new feature, better `set payload` options, and new modules. Plus, open-source office hours in Vegas during hacker summer camp.
5 min
Metasploit
Introducing Pingback Payloads
The Metasploit team added a new feature to Framework that improves safety and offers another avenue in MSF for novel evasion techniques: pingback payloads.
1 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 7/26/19
First!!
Congrats to Nick Tyrer [https://github.com/NickTyrer] for the first community
contibuted evasion module to land in master. Nick's
evasion/windows/applocker_evasion_install_util module
[https://github.com/rapid7/metasploit-framework/pull/11795] leverages the
trusted InstallUtil.exe binary to execute user supplied code and evade
application whitelisting.
New modules (4)
* WP Database Backup RCE
[https://github.com/rapid7/metasploit-framework/pull/12010] by Mikey
Veenstra
/ Wordf
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 7/19/19
RCE with a Key
An exploit module [https://github.com/rapid7/metasploit-framework/pull/12062]
for Laravel Framework was submitted by community contributor aushack
[https://github.com/aushack]. The module targets an insecure unserialize call
with the X-XSRF-TOKEN HTTP request header, which was discovered by Ståle
Pettersen. Since the exploit requires the Laravel APP_KEY to reach the
vulnerable unserialize call, aushack included information leak
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-
1 min
Metasploit
End of Sale Announced for Metasploit Community
Today we are announcing end of sale for Metasploit Community Edition, effective immediately.