2 min
Metasploit
Metasploit Wrap-Up: Feb. 7, 2020
In the week after our CTF, we hope the players had a good time and got back to
their loved ones, jobs, lives, studies, and most importantly, back to their beds
(and you can find out who the winners were here
[/2020/02/03/congrats-to-the-winners-of-the-2020-metasploit-community-ctf/]!).
For the Metasploit team, we went back to baking up fresh, hot modules and
improvements that remind us in this flu season to not just wash your hands, but
also, sanitize your inputs!
SOHOwabout a Shell?
Several
[h
2 min
Metasploit
Metasploit Wrap-Up: 12/19/19
It’s beginning to look a lot like HaXmas [/tag/haxmas/], everywhere you go! We
have a great selection of gift-wrapped modules this holiday season, sure to have
you entertained from one to eight nights, depending on your preference! On a
personal note, we here at the Metasploit workshop would like to welcome our
newest elf, Spencer McIntyre [https://github.com/smcintyre-r7]. Spencer has been
a long-time contributor to the project, and we’re thrilled to have him on the
team!
In the spirit of givi
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Sep. 13, 2019
Fall is in the air, October is on the way, and it is Friday the 13th. We have a
lot of updates and features that landed this week, though none are particularly
spooky, and unfortunately, none are json-related…1
We recently updated our digital signing keys, and some users may have seen
warnings that their Metasploit packages were not signed. We’ve fixed this as of
this week—apologies for any confusion. If you are still experiencing signing
issues, you may need to re-download Metasploit installer
5 min
Metasploit
Introducing Pingback Payloads
The Metasploit team added a new feature to Framework that improves safety and offers another avenue in MSF for novel evasion techniques: pingback payloads.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 6/14/19
It’s Summertime, and the Hackin’ is Easy
It is still early in the season, but there’s a whole lot of fixes that are
already shipping. Straight off a week of intellectual synergy from the
world-wide hackathon, we started to fix a lot of things we noticed while we
coded over street tacos and Austin-famous beverages. All told, this week we made
Metasploit more inclusive, transparent, and configurable!
Inclusive
@wvu-r7 has been on a roll trying to make Metasploit play well with others. He
teamed u
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Mar. 22, 2019
Spring is here: Four new modules and metashell improvements.
12 min
Exploits
Stack-Based Buffer Overflow Attacks: Explained and Examples
Stack-based buffer overflow exploits are likely the shiniest and most common form of exploit for remotely taking over the code execution of a process.
2 min
Metasploit
Metasploit Wrapup 12/7/18
If you are tired of all the snake memes and images we pushed out as we stood up support for python external modules over the last year or so, I have terrific news for you!
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 9/21/18
Tomorrow brings the fall equinox, and that means (as we are almost contractually obligated to say at this point) winter is coming.
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 6/22/18
Welcome to another installment of the week! This installment features a new
ETERNALBLUE module in everyone's favorite reptile-brain language, Python!
Sporting support for Windows 8 and 10, it has everything you need, including
immutable strings and enforced whitespace.
In other Windows 10 news, chervalierly [https://github.com/chervaliery] fixed an
annoying bug in rex-powershell that prevented PsExec from working on later
versions of Windows 10. Now, you can PsExec to your heart’s content. Go f
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup 5/18/18
You Compile Me
Our very own wchen-r7 [https://github.com/wchen-r7] added the ability to compile
C code in metasploit, including (select) dependencies by creating a wrapper for
metasm. Right now, support for windows.h is the first salvo in custom compiling
tools within the metasploit interface!
Hack all the things!
For a long time, people have asked us to support RHOSTS in exploits just like we
do in AUX modules. We listened, and now framework exploits support RHOSTS! Set
your exploit, your
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup 4/27/18
After last week's seriously serious write-up
[https://www.rapid7.com/blog/post/2018/04/20/metasploit-wrapup-36/], this week
we will return to our norml normal, lighthearted (and Metasploit-hearted)
wrap-ups, though we remain fans of terrible 80s movies.
Drupalgeddon 2: Webdev Boogaloo
After last month's Drupal exploit came to light, nearly a dozen developers have
been hard at work to add a module targeting CVE-2018-7600
[https://www.rapid7.com/db/vulnerabilities/drupal-cve-2018-7600]. You can
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 4/7/18
Mobile Moose
This week marked the beginning of our time in the new office. Everything got
packed up and moved: computers, chairs, Rudy’s cups, and odd soy sauce packets
in the back of the drawers. One consequence of moving to downtown Austin is that
the lunch debates take longer, with flame wars about both the best tacos and the
best barbecue.
Metasploit: Now With More Snakes!
@shellfail [https://twitter.com/shellfail] doubled down this wrapup; way back in
March, he wrote a guide to writing P
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup 3/23/18
Adding some named pipes to everyone's favorite series of tubes
UserExistsError already added 64-bit named pipe payloads, and this week, we got
an extra-special upgrade: now Metasploit has 32-bit named pipe payloads! It may
feel wrong not setting a port, but connecting to existing network resources
feels so right!
It is the Final Countdown for GSoC!
The final deadline for Google Summer of Code applicants is March 27th, so get
your applications in now! We are honored to be a part of the progra
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Dec. 8, 2017
Have you ever been on a conference call where you really wished you could take
command of the situation? With Metasploit Framework and the new Polycom HDX
exploit, you can (if given permission by the owner of the device, that is)! If
teleconferencing isn't your target's style, you can also pwn correspondence the
old-fashioned way: through a Microsoft Office exploit. Be it written or video,
we here at Rapid7 know you value other people's communication!
After another Python module and the Mac r