Posts by Brendan Watters

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 5/29/20

Hello, World! This week’s wrapup features six new modules, including a double-dose of Synology and everyone’s favorite, Pi-Hole. Little NAS, featuring RCE Synology stations are small(ish) NAS devices, but as Steve Kaun, Nigusu Kassahun, and h00die have shown, they are not invulnerable. In the first module, a command injection exists in a scanning function that allows for an authenticated RCE, and in the second, a coding feature leaks whether a user exists on the system, allowing for brute-forc

2 min Metasploit

Metasploit Wrap-Up: Feb. 7, 2020

In the week after our CTF, we hope the players had a good time and got back to their loved ones, jobs, lives, studies, and most importantly, back to their beds (and you can find out who the winners were here [/2020/02/03/congrats-to-the-winners-of-the-2020-metasploit-community-ctf/]!). For the Metasploit team, we went back to baking up fresh, hot modules and improvements that remind us in this flu season to not just wash your hands, but also, sanitize your inputs! SOHOwabout a Shell? Several [h

2 min Metasploit

Metasploit Wrap-Up: 12/19/19

It’s beginning to look a lot like HaXmas [/tag/haxmas/], everywhere you go! We have a great selection of gift-wrapped modules this holiday season, sure to have you entertained from one to eight nights, depending on your preference! On a personal note, we here at the Metasploit workshop would like to welcome our newest elf, Spencer McIntyre [https://github.com/smcintyre-r7]. Spencer has been a long-time contributor to the project, and we’re thrilled to have him on the team! In the spirit of givi

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: Sep. 13, 2019

Fall is in the air, October is on the way, and it is Friday the 13th. We have a lot of updates and features that landed this week, though none are particularly spooky, and unfortunately, none are json-related…1 We recently updated our digital signing keys, and some users may have seen warnings that their Metasploit packages were not signed. We’ve fixed this as of this week—apologies for any confusion. If you are still experiencing signing issues, you may need to re-download Metasploit installer

5 min Metasploit

Introducing Pingback Payloads

The Metasploit team added a new feature to Framework that improves safety and offers another avenue in MSF for novel evasion techniques: pingback payloads.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 6/14/19

It’s Summertime, and the Hackin’ is Easy It is still early in the season, but there’s a whole lot of fixes that are already shipping. Straight off a week of intellectual synergy from the world-wide hackathon, we started to fix a lot of things we noticed while we coded over street tacos and Austin-famous beverages. All told, this week we made Metasploit more inclusive, transparent, and configurable! Inclusive @wvu-r7 has been on a roll trying to make Metasploit play well with others. He teamed u

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: Mar. 22, 2019

Spring is here: Four new modules and metashell improvements.

12 min Exploits

Stack-Based Buffer Overflow Attacks: Explained and Examples

Stack-based buffer overflow exploits are likely the shiniest and most common form of exploit for remotely taking over the code execution of a process.

2 min Metasploit

Metasploit Wrapup 12/7/18

If you are tired of all the snake memes and images we pushed out as we stood up support for python external modules over the last year or so, I have terrific news for you!

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 9/21/18

Tomorrow brings the fall equinox, and that means (as we are almost contractually obligated to say at this point) winter is coming.

2 min Metasploit Weekly Wrapup

Metasploit Wrapup: 6/22/18

Welcome to another installment of the week! This installment features a new ETERNALBLUE module in everyone's favorite reptile-brain language, Python! Sporting support for Windows 8 and 10, it has everything you need, including immutable strings and enforced whitespace. In other Windows 10 news, chervalierly [https://github.com/chervaliery] fixed an annoying bug in rex-powershell that prevented PsExec from working on later versions of Windows 10. Now, you can PsExec to your heart’s content. Go f

3 min Metasploit Weekly Wrapup

Metasploit Wrapup 5/18/18

You Compile Me Our very own wchen-r7 [https://github.com/wchen-r7] added the ability to compile C code in metasploit, including (select) dependencies by creating a wrapper for metasm. Right now, support for windows.h is the first salvo in custom compiling tools within the metasploit interface! Hack all the things! For a long time, people have asked us to support RHOSTS in exploits just like we do in AUX modules. We listened, and now framework exploits support RHOSTS! Set your exploit, your

3 min Metasploit Weekly Wrapup

Metasploit Wrapup 4/27/18

After last week's seriously serious write-up [https://www.rapid7.com/blog/post/2018/04/20/metasploit-wrapup-36/], this week we will return to our norml normal, lighthearted (and Metasploit-hearted) wrap-ups, though we remain fans of terrible 80s movies. Drupalgeddon 2: Webdev Boogaloo After last month's Drupal exploit came to light, nearly a dozen developers have been hard at work to add a module targeting CVE-2018-7600 [https://www.rapid7.com/db/vulnerabilities/drupal-cve-2018-7600]. You can

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 4/7/18

Mobile Moose This week marked the beginning of our time in the new office. Everything got packed up and moved: computers, chairs, Rudy’s cups, and odd soy sauce packets in the back of the drawers. One consequence of moving to downtown Austin is that the lunch debates take longer, with flame wars about both the best tacos and the best barbecue. Metasploit: Now With More Snakes! @shellfail [https://twitter.com/shellfail] doubled down this wrapup; way back in March, he wrote a guide to writing P

3 min Metasploit Weekly Wrapup

Metasploit Wrapup 3/23/18

Adding some named pipes to everyone's favorite series of tubes UserExistsError already added 64-bit named pipe payloads, and this week, we got an extra-special upgrade: now Metasploit has 32-bit named pipe payloads! It may feel wrong not setting a port, but connecting to existing network resources feels so right! It is the Final Countdown for GSoC! The final deadline for Google Summer of Code applicants is March 27th, so get your applications in now! We are honored to be a part of the progra

Posts by Brendan Watters

Metasploit Wrap-Up: 5/29/20

Metasploit Wrap-Up: Feb. 7, 2020

Metasploit Wrap-Up: 12/19/19

Metasploit Wrap-Up: Sep. 13, 2019

Introducing Pingback Payloads

Metasploit Wrap-Up 6/14/19

Metasploit Wrap-Up: Mar. 22, 2019

Stack-Based Buffer Overflow Attacks: Explained and Examples

Metasploit Wrapup 12/7/18

Metasploit Wrapup 9/21/18

Metasploit Wrapup: 6/22/18

Metasploit Wrapup 5/18/18

Metasploit Wrapup 4/27/18

Metasploit Wrapup 4/7/18

Metasploit Wrapup 3/23/18

Popular Topics

Tags

Submit your information and we will get in touch with you.

Thank you for contacting us.

We will be in touch shortly.