2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 11/13/20
Four new modules, including an exploit for SaltStack Salt and an exploit for a now-patched vuln in Metasploit, plus new enhancements and fixes.
2 min
Metasploit
Metasploit Wrap-Up: Nov. 6, 2020
Insert 'What Year Is It' meme
h00die [https://github.com/h00die] contributed the Mikrotik unauthenticated
directory traversal file read
[https://github.com/rapid7/metasploit-framework/pull/14280] auxiliary gather
module, largely a port of the PoC by Ali Mosajjal [https://github.com/mosajjal].
The vulnerability CVE-2018-14847
[https://attackerkb.com/topics/oOoUGd0y46/cve-2018-14847?referrer=blog] allows
any file from the router to be read through the Winbox server in RouterOS due to
a lack of val
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 10/30/20
Support for gathering ProxyUsername and ProxyPassword for saved PuTTY sessions, usability improvements for PsExec modules, and another CTF coming soon.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 10/23/20
A bug fix for EternalBlue on Metasploit 6, four new modules, and a bunch of enhancements.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 10/16/20
Hacktoberfest 2020 and wisdom from around the Metasploit water cooler. Keep an eye out for more info on the next Metasploit community CTF (coming soon).
2 min
Metasploit
Metasploit Wrap-Up: 10/9/20
Enhancements, bug fixes, and a new SAP IGS module!
5 min
Metasploit
Metasploit Wrap-Up: Oct. 2, 2020
Windows secrets dump, an 'in' with Safari, and more!
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-up: 9/25/20
Nine new modules, including a module for Zerologon, a new SOCKS module, some privilege escalations, and another Java deserialization exploit.
3 min
Metasploit
Metasploit Wrap-Up: Sep. 18, 2020
Six new modules this week, and a good group of enhancements and fixes!
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Sep. 11, 2020
Three new modules, including a Pwn2Own addition for OS X, plus proxy support for Python Meterpreter, new search improvements, and a reminder of how to report security issues in Metasploit.
4 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 9/4/20
New reflective PE file loader, a new module, new search improvements, and updates on Google Summer of Code projects.
2 min
Metasploit
Metasploit Wrap-Up: Aug. 28, 2020
Give me your hash
This week, community contributor HynekPetrak [https://github.com/HynekPetrak]
added a new module [https://github.com/rapid7/metasploit-framework/pull/13906]
for dumping passwords and hashes stored as attributes in LDAP servers. It uses
an LDAP connection to retrieve data from an LDAP server and then harvests user
credentials in specific attributes. This module can be used against any kind of
LDAP server with either anonymous or authenticated bind. Particularly, it can be
used
2 min
Metasploit
Metasploit Wrap-Up: 8/21/20
Setting module options just got easier!
Rapid7's own Dean Welch [https://github.com/dwelch-r7] added a new option
[https://github.com/rapid7/metasploit-framework/pull/13961] to framework called
RHOST_HTTP_URL, which allows users to set values for multiple URL components,
such as RHOSTS, RPORT, and SSL, by specifying a single option value. For
example, instead of typing set RHOSTS example.com, set RPORT 5678, set SSL true,
you can now accomplish the same thing with the command set RHOST_HTTP_URL
2 min
Metasploit
Metasploit Wrap-Up: 8/14/20
vBulletin strikes again
This week saw another vBulletin exploit released by returning community member
Zenofex. This exploit module allows an unauthenticated attacker to run arbitrary
PHP code or operating system commands on affected versions of the vBulletin web
application. The vulnerability, which was also discovered by Zenofex, is
identified as CVE-2020-7373
[https://attackerkb.com/topics/aIL9b0uOYc/cve-2020-7373?referrer=blog] and is
effectively a bypass for a previously patched vulnerabili
5 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 8/7/20
Metasploit 6 initial features and active development, the 2020 open-source security meetup (OSSM), four new modules, and the longest list of enhancements and fixes we've ever written in one sitting.