2 min
Metasploit
Metasploit Wrap-Up: Dec. 27, 2019
With 2019 almost wrapped up, we’ve been left wondering where the time went! It’s
been a busy year for Metasploit, and we’re going out on a reptile-themed note
this wrap-up...
Python gets compatible
With the clock quickly ticking down on Python 2 support
[https://pythonclock.org/], contributor xmunoz [https://github.com/xmunoz] came
through with some changes
[https://github.com/rapid7/metasploit-framework/pull/12524] to help ensure most
of Framework works with Python 3. While Python 3’s adoption
2 min
Metasploit
Metasploit Wrap-Up: 12/19/19
It’s beginning to look a lot like HaXmas [/tag/haxmas/], everywhere you go! We
have a great selection of gift-wrapped modules this holiday season, sure to have
you entertained from one to eight nights, depending on your preference! On a
personal note, we here at the Metasploit workshop would like to welcome our
newest elf, Spencer McIntyre [https://github.com/smcintyre-r7]. Spencer has been
a long-time contributor to the project, and we’re thrilled to have him on the
team!
In the spirit of givi
3 min
Metasploit
Metasploit Wrap-Up: Dec. 13, 2019
Powershell Express Delivery
The web_delivery module
[https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/script/web_delivery.rb]
is often used to deliver a payload during post exploitation by quickly firing up
a local web server. Since it does not write anything on target’s disk, payloads
are less likely to be caught by anti-virus protections. However, since Microsoft
added Antimalware Scan Interface (AMSI)
[https://docs.microsoft.com/en-us/windows/win32/amsi/antim
3 min
Metasploit
Metasploit Wrap-Up: 12/6/19
Management delegation of shells
Onur ER [https://github.com/onurer] contributed the Ajenti auth username
command
injection [https://github.com/rapid7/metasploit-framework/pull/12503] exploit
module for the vulnerability Jeremy Brown discovered and published a PoC for on
2019-10-13 (EDB 47497) against Ajenti version 2.1.31. Ajenti is an open-source
web-based server admin panel written in Python and JS. The application allows
admins to remotely perform a variety of server management tasks. The
ex
3 min
Metasploit
Metasploit Wrap-Up: 11/22/19
Payload payday
As we blogged about yesterday
[/2019/11/21/metasploit-shellcode-grows-up-encrypted-and-authenticated-c-shells/]
, a new form of payload that is compiled directly from C when generated was
added by space-7 [https://github.com/space-r7]. We hope this is only the first
step in a journey of applying the myriad tools that obfuscate C programs to our
core payloads, so be sure to check out all the nifty workings of the code! If
that wasn't enough, we also got a pair of payloads written f
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 11/15/19
Pulse Secure VPN exploit modules, a notable BlueKeep exploit reliability improvement, and an overhaul of MSF's password cracking integration, including new support for hashcat.
2 min
Metasploit
Metasploit Wrap-Up: Nov. 8, 2019
Config R Us
Many versions of network management tool rConfig are vulnerable to
unauthenticated command injection, and contributor bcoles
[https://github.com/bcoles] added a new exploit module
[https://github.com/rapid7/metasploit-framework/pull/12507] for targeting those
versions. Present in v3.9.2 and prior, this vulnerability centers around the
install directory not being automatically cleaned up following software
installation, leaving behind a PHP file that can be utilized to execute
arbitr
1 min
Metasploit
Metasploit Wrap-Up 11/1/19
This week's Metasploit wrap-up ships a new exploit module against Nostromo, a
directory traversal vulnerability that allows system commands to be executed
remotely. Also, improvements have been made for the grub_creds module for better
post exploitation experience against Unix-like machines. Plus a few bugs that
have been addressed, including the -s option for NOPs generation, the
meterpreter prompt, and reverse_tcp hanging due to newer Ruby versions.
New modules (1)
* Nostromo Directory Trave
2 min
Metasploit
Metasploit Wrap-Up 10/25/19
Is URGENT/11 urgent to your world? Metasploit now has a scanner module to help
find the systems that need URGENT attention. Be sure
to check the options on this one; RPORTS is a list to test multiple services on
each target. Thanks Ben Seri [https://twitter.com/benseri87] for the PoC that
lead off this work.
Everyone likes creds, a new post module
[https://github.com/rapid7/metasploit-framework/pull/12462] landed this week
from Taeber Rapczak [https://github.com/taeber] that brings back credent
2 min
Metasploit
Metasploit Wrap-Up 10/18/19
Nagios XI post module
Nagios XI may store the credentials of the hosts it monitors, and with the new
post module [https://github.com/rapid7/metasploit-framework/pull/12136] by Cale
Smith [https://github.com/caleBot], we're now able to extract the Nagios
database content along with its SSH keys and dump them into the MSF database.
With the addition of this new post module, we can conveniently increase the
opportunities for lateral movement.
Environment-based API token authentication
Our own ekel
2 min
Metasploit
Metasploit Wrap-Up 10/11/19
Exploiting Windows tools
There are two new Windows modules this week, both brought to you by the
Metasploit team.
The Windows Silent Process Exit Persistence module
[https://github.com/rapid7/metasploit-framework/pull/12375], from our own
bwatters-r7 [https://github.com/bwatters-r7], exploits a Windows tool that
allows for debugging a specified process on exit. With escalated privileges, an
attacker can configure the debug process and then use the module to upload a
payload which will launch e
1 min
Metasploit
Metasploit Wrap-Up 10/4/19
Command and Control with DOUBLEPULSAR
We now have a DOUBLEPULSAR exploit module
[https://github.com/rapid7/metasploit-framework/pull/12374] thanks to some
amazing work by our own wvu [https://github.com/wvu-r7], Jacob Robles, and some
significant contributions from the wider community. The module allows you to
check for the DOUBLEPULSAR implant, disable it, or even load your own payloads
as well; it really deserves its own blog post…
[https://www.rapid7.com/blog/post/2019/10/02/open-source-comma
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 9/27/19
BlueKeep is Here
The BlueKeep exploit module
[https://github.com/rapid7/metasploit-framework/pull/12283] is now officially a
part of Metasploit Framework. This module reached merged status thanks to lots
of collaboration between Rapid7 and the MSF community members. The module
requires some manual configuration per target, and targets include both
virtualized and non-virtualized versions of Windows 7 and Windows Server 2008.
For a full overview of the exploit’s development and notes on use and d
1 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 9/20/19
On the correct list
AppLocker and Software Restriction Policies control the applications and files
that users are able to run on Windows Operating Systems. These two protections
have been available to the blue team for years. AppLocker is supported on
Windows 7 and above, and Software Restriction Policies is supported on Windows
XP and above. Encountering either during an engagement could slow you down;
however, look no further than the evasion modules for assistance. Nick Tyrer
[https://github.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Sep. 13, 2019
Fall is in the air, October is on the way, and it is Friday the 13th. We have a
lot of updates and features that landed this week, though none are particularly
spooky, and unfortunately, none are json-related…1
We recently updated our digital signing keys, and some users may have seen
warnings that their Metasploit packages were not signed. We’ve fixed this as of
this week—apologies for any confusion. If you are still experiencing signing
issues, you may need to re-download Metasploit installer