3 min
Metasploit Weekly Wrapup
Metasploit Wrapup 3/9/18
With the Northeast U.S. getting hit with back-to-back nor’easters this week,
it’s probably a good idea to head back inside and wait it out until spring
arrives. So toss another log on the fire, grab a hot drink, raise a toast to
all
the folks making Metasploit awesome
[https://github.com/rapid7/metasploit-framework/graphs/contributors], and catch
up on the latest!
It Goes to 11
While amplification attacks are nothing new, the memcached amplification attack
vector (reffered to as “memcrashed”
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup 2/23/18
More Servers Please
A new module [https://github.com/rapid7/metasploit-framework/pull/9441] by Pedro
Ribeiro combines vulnerabilities for certain firmware versions of AsusWRT, which
allows an unauthenticated user to enable a special command mode on the device.
When the command mode is enabled, the device spins up infosvr on UDP port 9999.
The great thing about infosvr is that you can construct UDP packets to have it
execute commands on your behalf…. as root.
Back in Windows Land
In case your
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup 2/16/18
Wintertime can be a drag. Folks get tired of shoveling snow, scraping ice from
windshields, dealing with busted water pipes, etc.. Thoughts of “fun in the sun”
activities start to seep in, as people begin wistfully daydreaming about
summertime. And for this coming summer, Metasploit has some hotness to daydream
about!
Google Summer of Code: We’re In!
The Metasploit team is SUPER EXCITED to have been recently selected by Google
[https://summerofcode.withgoogle.com/organizations/666336840069939
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 2/9/18
Teenage ROBOT Returns
Imagine the joy robot parents must feel when their infant leaves home and
returns as a teenager. ROBOT (Return of Bleichenbacher Oracle Threat)
[https://www.rapid7.com/blog/post/2017/12/13/attention-humans-the-robot-attack/]
is a 19-year-old vulnerability that allows RSA decryption and signing with the
private key of a TLS server. It allows for an adaptive-chosen ciphertext attack.
It is still very much relevant today as some modern HTTPS hosts are vulnerable
to ROBOT [htt
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Feb. 2, 2018
It’s a special day here in the U.S.. This morning, media folks were hovering
over a specific rodent [https://en.wikipedia.org/wiki/Punxsutawney_Phil] living
in an eastern state to discover that we are in for six more weeks of winter
[https://www.reuters.com/article/us-usa-groundhogday/groundhog-phil-predicts-more-cold-weather-chuck-says-spring-is-coming-idUSKBN1FM14L]
, apparently. ¯\_(ツ)_/¯ Guess we’ll stay inside and work on Metasploit…
EternalSunshine of the Security Minded
If you’re still
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Jan. 26, 2018
In last week’s wrap-up post
[https://www.rapid7.com/blog/post/2018/01/19/metasploit-wrapup-24/], we raised
awareness of the new Metasploit 5 work we’re ramping up on. This week, please
GoAhead [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17562] and
enjoy some new Metasploit goodies!
Get Up, GoAhead
Based on research from danielhodson [https://github.com/danielhodson], hdm
[https://github.com/hdm] and h00die [https://github.com/h00die] put together a
new module [https://www.elttam.
1 min
Metasploit Weekly Wrapup
Metasploit Wrapup 1/19/18
Metasploit 5 Development Has Begun
It's 2018, the ice is melting in Austin, and as we hinted last October
[/2017/10/13/metasploit-wrapup-metasploit-5-or-bust/], Metasploit 5 development
efforts have begun in earnest. We have a laundry list
[https://github.com/rapid7/metasploit-framework/pull/9259] of features that we
are working on for it. The first feature merged in Metasploit 5
[https://github.com/rapid7/metasploit-framework/pull/9220] replaces the module
cache, which decreases the memory used
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Jan. 12, 2018
'Sploits! Get yer 'sploits heeere!
Lots of fresh modules this week with six shiny new exploits to showcase—but
first, a blast from the past:
1992 Called
Solaris wants to help you get password hashes and they've invented the NIS
[https://en.wikipedia.org/wiki/Network_Information_Service] protocol. The next
time you find a Solaris box, locked in a closet, that three generations of
sysadmins have been afraid to touch, you can dump hashes straight to your
Metasploit loot [https://github.com/rapi
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup 1/5/18
2018: a new year, new vulns, and endless opportunities to exploit them. The
Metasploit community is kicking off the year with a variety of new content,
functionality, research, and coordinated vulnerability disclosure.
New Year, New Vulns
After a couple months of coordinated disclosure work, long-time Metasploit
contributor Karn Ganeshen [https://twitter.com/juushya] offered up a handful of
modules and a couple mixins for testing wireless routers from Cambium Networks
[https://www.cambiumnetwor
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Dec. 15, 2017
I Read the News Today, Oh Boy
As we near the end of the year we must express appreciation for the Metasploit
community as a whole. Each contribution is valuable, be it an exploit for the
latest vulnerability, documentation, spelling corrections, or anything in
between. Together we shape the future of Metasploit. The Metasploit community
really surprised us this time around, as the latest release brings five new
exploit and two new auxiliary modules.
Hey! You! Get Off of My Cloud
Zenofex [https:
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Dec. 8, 2017
Have you ever been on a conference call where you really wished you could take
command of the situation? With Metasploit Framework and the new Polycom HDX
exploit, you can (if given permission by the owner of the device, that is)! If
teleconferencing isn't your target's style, you can also pwn correspondence the
old-fashioned way: through a Microsoft Office exploit. Be it written or video,
we here at Rapid7 know you value other people's communication!
After another Python module and the Mac r
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Dec. 1, 2017
Here in the U.S., we just celebrated Thanksgiving, which involves being thankful
[/2017/11/17/metasploit-wrapup-17/], seeing friends and family, and eating
entirely too much (I know that last one is not uncommon here). After a large
meal and vacation, we figured that it would be a nice, slow week for security
research in the States. Then we opened Twitter and were suddenly happy we had
procrastinated and most of us had put off upgrading to High Sierra.
Community CTF
In case you missed yesterd
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Nov. 17, 2017
This is a time of year when many folks in the U.S. reflect on things in their
lives that they are thankful for. There’s also usually a turkey involved, but we
figured we’d pardon the bird
[https://en.wikipedia.org/wiki/National_Thanksgiving_Turkey_Presentation] this
wrapup and just focus on things we Metasploit folks here at Rapid7 are thankful
for.
Community Contributors
We are SUPER THANKFUL for our community contributors
[https://github.com/rapid7/metasploit-framework/graphs/contributors] an
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Nov. 11, 2017
Metasploit kicked November off to a roaring start with a wholesome dose of RCE,
LPE, command injection, DoS, and more fixes/improvements.
So many file choosers…but which one to choose?
Big ups to @RootUP for the DoS module
[https://github.com/rapid7/metasploit-framework/pull/9060] targeting a
vulnerability in IBM’s Lotus Notes [https://en.wikipedia.org/wiki/IBM_Notes]
client (CVE-2017-1130). The DoS module targets the web interface via malicious
JavaScript (😱). An enterprising ‘sploiter can s
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Nov. 3, 2017
What’s New?
This week’s release sees multiple improvements and corrections, some years in
the making! We fixed an interesting bug in the initial handshake with
meterpreter that caused some payload callbacks to fail, improved error and
information reporting in other modules, and then @h00die ran spellcheck
[https://github.com/rapid7/metasploit-framework/pull/9144/files]!
New (and Improved!) Modules (2 New):
After three years, @wvu’s tnftp aux module grew up to become a strong,
well-rounded explo