3 min
Metasploit
Metasploit Wrap-Up 05/30/2025
The internet is a series of Tube [SOCKS]
Metasploit has supported SOCKS proxies for years now, being able to both act as
both a client (by setting the Proxies datastore option) and a server (by running
the auxiliary/server/socks_proxy module). While Metasploit has supported both
SOCKS versions 4a and 5, there became some ambiguity in regards to how Domain
Name System (DNS) requests are made by Metasploit through these versions. Both
versions 4a and 5 notably enable clients to make connections to
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 05/16/2025
New modules for everyone
This week’s release is packed with new module content. We have RCE modules for
Car Rental System 1.0, Wordpress plugins SureTriggers, User Registration and
Membership. We also have a persistence module for LINQPad software and an
auxiliary module for POWERCOM UPSMON PRO. We have also added support for 32-bit
architectures to our execute-assembly post module, which now supports injection
of both 64-bit and 32-bit .NET assembly binaries.
New module content (5)
POWERCOM UP
3 min
Metasploit
Metasploit Wrap-Up 05/02/2025
Meterpreter Extended API Clipboard Monitoring
Security is hard, and Open Source Security is a collaborative effort. This week,
Metasploit released a fix for a vulnerability that was privately disclosed to us
by long-time community member bcoles [https://github.com/bcoles]. The
vulnerability in question impacted Metasploit users who were using the clipboard
monitoring functionality contained within the extended-API Meterpreter extension
(extapi). After a user enables monitoring, they would typica
3 min
Metasploit
Metasploit Wrap-Up 04/04/2025
New RCEs
Metasploit added four new modules this week, including three that leverage
vulnerabilities to obtain remote code execution (RCE)
[https://www.rapid7.com/fundamentals/what-is-remote-code-execution-rce/]. Among
these three, two leverage deserialization, showing that the exploit primitive is
still going strong. The Tomcat vulnerability in particular CVE-2025-24813
[https://attackerkb.com/search?q=CVE-2025-24813&referrer=blog] garnered a lot of
attention when it was disclosed; however, to f
3 min
Metasploit
Metasploit Weekly Wrap-Up 01/31/25
ESC4 Detection
This week, Metasploit’s jheysel-r7 [https://github.com/jheysel-r7] updated the
existing ldap_esc_vulnerable_cert_finder module to include detecting template
objects that can be written to by the authenticated user. This means the module
can now identify instances of ESC4 from the perspective of the account that the
Metasploit operator provided the credentials for. Metasploit has been capable of
exploiting ESC4 for some time, but required users to know which certificate
templates t
11 min
Metasploit
Metasploit 2024 Annual Wrap-Up
Another year has come and gone, and the Metasploit team has taken some time to
review the year’s notable additions. This year saw some great new features
added, Metasploit 6.4 released
[https://www.rapid7.com/blog/post/2024/03/25/metasploit-framework-6-4-released/]
and a slew of new modules. We’re grateful to the community members new and old
that have submitted modules and issues this year. The real privilege escalation
was the privilege of working with the contributors and friends we made alo
4 min
Metasploit
Metasploit Weekly Wrap-Up 12/13/2024
It’s raining RCEs!
It's the second week of December and the weather forecast announced another
storm of RCEs in Metasploit-Framework land. This weekly release includes RCEs
for Moodle e-Learning platform, Primefaces, WordPress Really Simple SSL and
CyberPanel along with two modules to change password through LDAP and SMB
protocol.
New module content (7)
Change Password
Author: smashery
Type: Auxiliary
Pull request: #19671 [https://github.com/rapid7/metasploit-framework/pull/19671]
contributed
3 min
Metasploit
Metasploit Weekly Wrap-Up 11/22/2024
JetBrains TeamCity Login Scanner
Metasploit added a login scanner for the TeamCity application to enable users to
check for weak credentials. TeamCity has been the subject of multiple ETR
vulnerabilities
[https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/]
and is a valuable target for attackers.
Targeted DCSync added to Windows Secrets Dump
This week, Metasploit community member smashery [ht
3 min
Metasploit
Metasploit Weekly Wrap-Up 10/18/2024
ESC15: EKUwu
AD CS continues to be a popular target for penetration testers and security
practitioners. The latest escalation technique (hence the the ESC in ESC15) was
discovered [https://trustedsec.com/blog/ekuwu-not-just-another-ad-cs-esc] by
Justin Bollinger [https://x.com/bandrel] with details being released just last
week. This latest configuration flaw has common issuance requirements to other
ESC flaws such as requiring no authorized signatures or manager approval.
Additionally, templa
2 min
Metasploit
Metasploit Weekly Wrap-Up 09/13/2024
SPIP Modules
This week brings more modules targeting the SPIP publishing platform. SPIP has
gained some attention from Metasploit community contributors recently and has
inspired some PHP payload and encoder improvements.
New module content (2)
SPIP BigUp Plugin Unauthenticated RCE
Authors: Julien Voisin, Laluka, Valentin Lobstein, and Vozec
Type: Exploit
Pull request: #19444 [https://github.com/rapid7/metasploit-framework/pull/19444]
contributed by Chocapikk [https://github.com/Chocapikk]
Pat
3 min
Metasploit
Metasploit Wrap-Up 05/17/2024
LDAP Authentication Improvements
This week, in Metasploit v6.4.9, the team has added multiple improvements for
LDAP related attacks. Two improvements relating to authentication is the new
support for Signing [https://github.com/rapid7/metasploit-framework/pull/19127]
and Channel Binding [https://github.com/rapid7/metasploit-framework/pull/19132].
Microsoft has been making changes
[https://support.microsoft.com/en-gb/topic/2020-2023-and-2024-ldap-channel-binding-and-ldap-signing-requirements-for
4 min
Metasploit
Metasploit Weekly Wrap-Up 04/26/24
Rancher Modules
This week, Metasploit community member h00die [https://github.com/h00die] added
the second of two modules targeting Rancher instances. These modules each leak
sensitive information from vulnerable instances of the application which is
intended to manage Kubernetes clusters. These are a great addition to
Metasploit’s coverage for testing Kubernetes environments
[https://docs.metasploit.com/docs/pentesting/metasploit-guide-kubernetes.html].
PAN-OS RCE
Metasploit also released an e
12 min
Metasploit
Metasploit Framework 6.4 Released
Today, Metasploit is pleased to announce the release of Metasploit Framework
6.4. It has been just over a year since the release of version 6.3
[https://www.rapid7.com/blog/post/2023/01/30/metasploit-framework-6-3-released/]
and the team has added many new features and improvements since then.
For news reporters, please reach out to press@rapid7.com.
Kerberos Improvements
Metasploit 6.3 included initial support for Kerberos authentication within
Metasploit and was one of the larger features i
5 min
Metasploit
Metasploit Weekly Wrap-Up 02/16/2024
New Fetch Payload
It has been almost a year since Metasploit released the new fetch payloads
[https://www.rapid7.com/blog/post/2023/05/25/fetch-payloads-a-shorter-path-from-command-injection-to-metasploit-session/]
and since then, 43 of the 79 exploit modules have had support for fetch
payloads. The original payloads supported transferring the second stage over
HTTP, HTTPS and FTP. This week, Metasploit has expanded that protocol support to
include SMB, allowing payloads to be run using rundll3
8 min
Metasploit
Metasploit 2023 Annual Wrap-Up: Dec. 29, 2023
As 2023 winds down, we’re taking another look back at all the changes and
improvements to the Metasploit Framework. This year marked the 20th anniversary
since Metasploit version 1.0 was committed and the project is still actively
maintained and improved thanks to a thriving community.
Version 6.3
Early this year in January, Metasploit version 6.3
[https://www.rapid7.com/blog/post/2023/01/30/metasploit-framework-6-3-released/]
was released with a number of improvements for targeting Active Dir