3 min
Metasploit
Metasploit Wrap-Up: 6/11/21
NSClient++
Community contributor Yann Castel has contributed an exploit module for
NSClient++ which targets an authenticated command execution vulnerability. Users
that are able to authenticate to the service as admin can leverage the external
scripts feature to execute commands with SYSTEM level privileges. This allows
the underlying server to be compromised. Castel is also working on another
exploit module for NSClient++ which happens to be a local privilege escalation
so stay tuned for more N
3 min
Metasploit
Metasploit Wrap-Up: 3/5/21
A new exploit for FortiOS and some module target updates.
3 min
Metasploit
Metasploit 2020 Wrap-Up
2020 was certainly an interesting year - let’s take a look at what it meant for Metasploit.
3 min
Metasploit
Metasploit Wrap-Up: 12/11/20
This week's wrap-up covers five new modules (including scanner, execution, and disclosure modules), some good fixes and enhancements, and more!
2 min
Metasploit
Metasploit Wrap-Up: 10/9/20
Enhancements, bug fixes, and a new SAP IGS module!
9 min
Metasploit
Exploitability Analysis: Smash the Ref Bug Class
Two Metasploit researchers evaluate the "Smash the Ref" win32k bug class for exploitability and practical exploitation use cases for pen testers and red teams looking to obtain an initial foothold in the context of a standard user account.
2 min
Metasploit
Metasploit Wrap-Up: 8/14/20
vBulletin strikes again
This week saw another vBulletin exploit released by returning community member
Zenofex. This exploit module allows an unauthenticated attacker to run arbitrary
PHP code or operating system commands on affected versions of the vBulletin web
application. The vulnerability, which was also discovered by Zenofex, is
identified as CVE-2020-7373
[https://attackerkb.com/topics/aIL9b0uOYc/cve-2020-7373?referrer=blog] and is
effectively a bypass for a previously patched vulnerabili
3 min
Metasploit
Metasploit 6 Now Under Active Development
The Metasploit team announces active development of Metasploit Framework 6. Initial features include end-to-end encryption of Meterpreter communications, SMBv3 client support, and a new polymorphic payload generation routine for Windows shellcode.
2 min
Metasploit
Metasploit Wrap-Up: Apr. 17, 2020
Nexus Repository Manager RCE
This week our very own Will Vu [https://github.com/wvu-r7] wrote a module for
CVE-2020-10199 which targets a remote code execution vulnerability within the
Nexus Repository Manager. The vulnerability allows Java Expression Language
(JavaEL) code to be executed. While the flaw requires authentication information
to leverage it, any account is sufficient. This would allow any registered user
to compromise the target server.
Unquoted Service Path LPE
Community contribu
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 1/3/20
A new OpenBSD local exploit
Community contributor bcoles [http://github.com/bcoles] brings us a new exploit
module for CVE-2019-19726, a vulnerability originally discovered by Qualys
[https://blog.qualys.com/laws-of-vulnerabilities/2019/12/11/openbsd-local-privilege-escalation-vulnerability-cve-2019-19726]
in OpenBSD. This vulnerability is pretty interesting in the sense that it
leverages a bug in the _dl_getenv function that can be triggered to load
libutil.so from an attacker controlled loca
1 min
Python
Recent Python Meterpreter Improvements
The Python Meterpreter
[https://github.com/rapid7/metasploit-framework/wiki/Meterpreter] has received
quite a few improvements this year. In order to generate consistent results, we
now use the same technique to determine the Windows version in both the Windows
and Python instances of Meterpreter. Additionally, the native system language is
now populated in the output of the sysinfo command. This makes it easier to
identify and work with international systems.
The largest change to the Python M