3 min
Metasploit
Metasploit Weekly Wrap-Up: 3/24/23
Zxyel Routers Beware
This week we've released a module written by first time community contributor
shr70 [https://github.com/shr70] that can exploit roughly 45 different Zyxel
router and VPN models. The module exploits a buffer overflow vulnerability that
results in unauthenticated remote code execution on affected devices. It's rare
we see a module affect this many devices once and are excited to see this ship
in the framework. We hope pentesters and red-teamers alike can make good use of
this
3 min
Metasploit
Metasploit Weekly Wrap-Up: 3/17/23
FortiNAC EITW Content Added
Whilst we did have a few cool new modules added this week, one particularly
interesting one was a Fortinet FortiNAC vulnerability, CVE-2022-39952
[https://attackerkb.com/topics/9BvxYuiHYJ/cve-2022-39952?referrer=blog], that
was added in by team member Jack Heysel. This module exploits an unauthenticated
RCE in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through
9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0
through 8.5.4,
4 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 10, 2023
Wowza, a new credential gatherer and login scanner!
This week Metasploit Framework gained a credential gatherer for Wowza Streaming
Engine Manager. Credentials for this application are stored in a file named
admin.password in a known location and the file is readable by default by
BUILTIN\Users on Windows and is world readable on Linux.. The module was written
by community contributor bcoles [https://github.com/bcoles] who also wrote a
login scanner for Wowza this week. The login scanner can b
3 min
Metasploit
Metasploit Weekly Wrap-Up: 3/3/23
2022 Vulnerability Intelligence Report Released
Rapid7’s broader vulnerability research team released our 2022 Vulnerability
Intelligence Report
[https://www.rapid7.com/blog/post/2023/02/28/a-shifting-attack-landscape-rapid7s-2022-vulnerability-intelligence-report/]
this week. The report includes Metasploit and research team data on
exploitation, exploitability, and vulnerability profiles that are intended to
help security teams understand and prioritize risk more effectively. Put simply,
secur
2 min
Metasploit
Metasploit Wrap-Up: 2/24/23
Basic discover script improvements
This week two improvements were made to the script/resource/basic_discovery.rc
resource script. The first update from community member samsepi0x0
[https://github.com/samsepi0x0] allowed commas in the RHOSTS value, making it
easier to target multiple hosts. Additionally, adfoster-r7
[https://github.com/adfoster-r7] improved the script by adding better handling
for error output. This continues our trend of trying to provide more useful
diagnostic information to
2 min
Metasploit
Metasploit Wrap-Up: 2/17/23
Cisco RV Series Auth Bypass and Command Injection
Thanks to community contributor neterum [https://github.com/neterum], Metasploit
framework just gained an awesome new module which targets Cisco Small Business
RV Series Routers. The module actually exploits two vulnerabilities, an
authentication bypass CVE-2022-20705
[https://attackerkb.com/topics/1iBoR0w9Ak/cve-2022-20705?referrer=blog] and a
command injection vulnerability CVE-2022-20707
[https://attackerkb.com/topics/J6696vwQVH/cve-2022-20707
4 min
Metasploit
Metasploit Weekly Wrap-Up: 2/10/23
Taking a stroll down memory lane (Tomcat Init Script Privilege Escalation)
Do you remember the issue with Tomcat init script that was originally discovered
by Dawid Golunski [https://twitter.com/dawid_golunski?lang=en] back in 2016 that
led to privilege escalation? This week's Metasploit release includes an exploit
module for CVE-2016-1240 by h00die [https://github.com/h00die]. This
vulnerability allows any local users who already have tomcat accounts to perform
privilege escalation and gain acc
4 min
Metasploit
Metasploit Weekly Wrap-Up: 2/2/23
Metasploit 6.3 is out!
Earlier this week we announced the release of Metasploit 6.3 which came with a
tonne of new modules and improvements.
The whole team worked super hard on this and we're very excited that everyone
can now get their hands on it and all of the new features it has to offer!
I won't go over everything we did here because we have a whole separate blog
post
[https://www.rapid7.com/blog/post/2023/01/30/metasploit-framework-6-3-released/]
dedicated to the 6.3 release that you shou
13 min
Metasploit
Metasploit Framework 6.3 Released
Metasploit Framework 6.3 is now available. New features include native Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 1/27/23
Cacti Unauthenticated Command Injection
Thanks to community contributor Erik Wynter [https://github.com/ErikWynter],
Metasploit Framework now has an exploit module
[https://github.com/rapid7/metasploit-framework/pull/17407] for an
unauthenticated command injection vulnerability in the Cacti network-monitoring
software. The vulnerability is due to a proc_open() call that accepts
unsanitized user input in remote_agent.php. Provided that the target server has
data that's tied to the POLLER_ACTION_S
2 min
Metasploit
Metasploit Weekly Wrap-Up: 1/20/23
See something say something
Have an idea on how to expand on Metasploit Documentation on
https://docs.metasploit.com/? Did you see a typo or some other error on the docs
site? Thanks to adfoster-r7 [https://github.com/adfoster-r7], submitting an
update to the documentation is as easy as clicking the 'Edit this page on
GitHub' link on the page you want to change. The new link will take you directly
to the source in Metasploit's GitHub so you can quickly locate the Markdown
[https://www.markdowng
2 min
Metasploit
Metasploit Weekly Wrap-Up: 1/13/23
New module content (2)
Gather Dbeaver Passwords
Author: Kali-Team
Type: Post
Pull request: #17337 [https://github.com/rapid7/metasploit-framework/pull/17337]
contributed by cn-kali-team [https://github.com/cn-kali-team]
Description: This adds a post exploit module that retrieves Dbeaver session data
from local configuration files. It is able to extract and decrypt credentials
stored in these files for any version of Dbeaver installed on Windows or
Linux/Unix systems.
Gather MinIO Client Key
A
3 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: Jan. 1, 2023
Back from a quiet holiday season
Thankfully, it was a relatively quiet holiday break for security this year, so
we hope everyone had a relaxing time while they could. This wrapup covers the
last three Metasploit releases, and contains three new modules, two updates, and
five bug fixes.
Make sure that your OpenTSDB isn’t too open
Of particular note in this release is a new module from community contributors
Erik Wynter [https://github.com/ErikWynter] and Shai rod
[https://github.com/nightrang3r
5 min
Haxmas
2022 Annual Metasploit Wrap-Up
It's been another gangbusters year for Metasploit, and the holidays are a time
to give thanks to all the people that help make our load a little bit lighter.
So, while this end-of-year wrap-up is a highlight reel of the headline features
and extensions that landed in Metasploit-land in 2022, we also want to express
our gratitude and appreciation for our stellar community of contributors,
maintainers, and users. The Metasploit team merged 824 pull requests across
Metasploit-related projects in 20
4 min
Metasploit
Metasploit Weekly Wrap-Up: 12/16/22
A sack full of cheer from the Hacking Elves of Metasploit
It is clear that the Metasploit elves have been busy this season: Five new
modules, six new enhancements, nine new bug fixes, and a partridge in a pear
tree are headed out this week! (Partridge nor pear tree included.) In this sack
of goodies, we have a gift that keeps on giving: Shelby’s
[https://github.com/space-r7] Acronis TrueImage Privilege Escalation
[https://github.com/rapid7/metasploit-framework/pull/17265] works wonderfully,
even