2 min
Metasploit
Metasploit Wrapup: Oct. 27, 2017
Would you like to help Metasploit Framework and get a free t-shirt?
There is still a bit of October left, which means you can totally still sign up
for Hacktoberfest [https://hacktoberfest.com/]: a fun annual project to
encourage open source software contributions! Make four pull requests on any
open source GitHub project by Oct 31, and you might find yourself some joy and
fulfilment—but at least a free t-shirt.
Check out the Contribute section on the refreshed metasploit.com
[https://metasploi
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Oct. 20, 2017
Exploits for hours. Gather 'round with a pocket full of shells.
2 min
Metasploit
Metasploit Wrapup: Metasploit 5 or Bust
What's coming down the pipeline for Metasploit? Brent Cook brings you October's first Metasploit wrap-up.
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Sep. 22, 2017
To celebrate this first day of Autumn[1], we've got a potpourri of "things
Metasploit" for you this week. And it might smell a bit like "pumpkin spice"...
Or it might not. Who knows?
Winter is Coming
If you're looking to finish filling your storehouse before the cold sets in,
we've got a couple of new gatherer modules to help. This new Linux post module
[https://www.rapid7.com/db/modules/post/linux/gather/tor_hiddenservices] can
locate and pull TOR hostname and private key files for TOR hidden
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Sept. 15, 2017
It's been a hot minute since the last Metasploit Wrapup. So why not take in our
snazzy new Rapid7 blog makeover and catch up on what's been goin' down!
You can't spell 'Struts' without 'trust'
Or perhaps you can! With the all the current news coverage around an Apache
Struts vulnerability from earlier this year
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638] (thanks to its
involvement in a consumer credit reporting agency data breach), there's a new
Struts vuln [https://lgtm.com/
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: August 11, 2017
Slowloris: SMB edition
Taking a page from the Slowloris HTTP DoS attack
[https://web.archive.org/web/20090822001255/http://ha.ckers.org/slowloris/], the
aptly named SMBLoris DoS attack [/2017/08/03/smbloris-what-you-need-to-know]
exploits a vuln contained in many Windows releases (back to Windows 2000) and
also affects Samba (a popular open source SMB implementation). Through creation
of many connections to a target's SMB port, an attacker can exhaust all
available memory on the target by sendi
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup: June 30, 2017
Metasploit Hackathon
We were happy to host the very first Metasploit framework open source hackathon
this past week in the Rapid7 Austin. Eight Metasploit hackers from outside of
Rapid7 joined forces with the in-house team and worked on a lot of great
projects, small and large.
@bcook started the hackathon working with @sempervictus on his amazing backlog
of framework features, including REX library
[https://github.com/rapid7/rex-socket/pull/6] improvements
[https://github.com/rapid7/rex-socket
2 min
Metasploit
Metasploit Wrapup: June 16, 2017
A fresh, new UAC bypass module for Windows 10!
Leveraging the behavior of fodhelper.exe and a writable registry key as a normal
user, you too can be admin! Unpatched as of last week, this bypass module
[https://github.com/rapid7/metasploit-framework/pull/8434] works on Windows 10
only, but it works like a charm!
Reach out and allocate something
This release offers up a fresh denial/degradation of services exploit against
hosts running a vulnerable version of rpcbind. Specifically, you can repea
2 min
Metasploit
Metasploit Wrapup 6/2/17
It has only been one week since the last wrapup, so it's not like much could
have happened, right? Wrong!
Misery Loves Company
After last week's excitement with Metasploit's version of ETERNALBLUE (AKA the
Wannacry vulnerability)
[https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue],
this week SAMBA had its own "Hold My Beer" moment with the disclosure that an
authenticated (or anonymous) client can upload a shared library to a SAMBA
server, and that server will happily e
2 min
Metasploit
Metasploit Weekly Wrapup
hdm recently provided a new exploit module for a type confusion vulnerability that exists in Ghostscript versions 9.21 and earlier, allowing remote code execution on the target.
3 min
Metasploit
Metasploit Wrapup: 4/20/17
Editor's Note: While this edition of the Metasploit Wrapup is a little late (my
fault, sorry), we're super excited that it's our first ever Metasploit Wrapup to
be authored by an non-Rapid7 contributor. We'd like to thank claudijd
[https://github.com/claudijd] -long-time Metasploit contributor, Mozilla
security wrangler, and overall nice guy - for writing this post. If other
Metasploit contributors want to get involved with spreading the word, we want to
hear from you!
We should be back on trac
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup 3/24/17
Faster, Meterpreter, KILL! KILL!
You can now search for and kill processes by name in Meterpreter with the new
pgrep and pkill commands. They both have flags similar to the older ps command,
allowing you to filter by architecture (-a), user (-u), or to show only child
processes of the current session's process (-c). We've also added a -x flag to
find processes with an exact match instead of a regex, if you're into that.
Fun with radiation
Craig Smith has been killing it lately with all his h
3 min
Metasploit
Metasploit Weekly Wrapup: March 10, 2017
The last couple of weeks in the infosec world have appeared busier, and buzzier,
than most others. It seems almost futile to pry everyone away from the current
drama--that being the bombshell revelation that intelligence agencies collect
intelligence--long enough to have them read our dev blog. Regardless, we've
been busy ourselves. And if you're the least bit like me, you could probably
use a quick respite from the cacophony. Keeping up with all the noise is enough
to make anyone feel lik
2 min
Metasploit Weekly Wrapup
Weekly Metasploit Wrapup: 2/23/17
I gave at the office
The office can be a popular place when it comes to giving. From selling kids'
cookies/candy to raising awareness for a charity, the opportunity to 'give at
the office' is definitely a thing. And now, thanks to Office macros, Metasploit
offers a new way to give (and receive!) at 'the Office'.
These days, using malicious macros in office productivity programs is still a
common attack vector. Designed with a handful of word-processing programs in
mind (including some open sour
3 min
Metasploit
Metasploit Weekly Wrapup: Aug. 12, 2016
Las Vegas 2016 is in The Books
This week's wrap-up actually covers two weeks thanks in large part to the yearly
pilgrimage to Las Vegas. I myself elected not to attend, but I'm told everyone
had a great time. Many on the team are still recuperating, but I'd wager that
they all enjoyed seeing you there as well. Here's to everyone's speedy
recovery.
Centreon Web UserAlias Command Execution
Our first new module this go-around exploits a remote command execution
vulnerability in Centreon Web via