Posts tagged Metasploit

5 min Metasploit

Metasploit Weekly Wrap-Up: Mar. 11, 2022

Mucking out the pipes. Thanks to some quick work by timwr [https://github.com/timwr], CVE-2022-0847 [https://attackerkb.com/topics/UwW7SVPaPv/cve-2022-0847?referrer=blog] aka "Dirty Pipe" gives Metasploit a bit of digital plumber's training. The exploit targeting modern Linux v5 kernels helps elevate user privileges by overwriting a SUID binary of your choice by plunging some payload gold through a pipe. Long live the SMB relay! SMB, that magical ubiquitous service making all that noise on netw
4 min Metasploit

Metasploit Weekly Wrap-Up: Mar. 4, 2022

This week’s Metasploit Framework release brings us seven new modules. IP Camera Exploitation Rapid7’s Jacob Baines [https://github.com/jbaines-r7] was busy this week with two exploit modules that target IP cameras. The first [https://github.com/rapid7/metasploit-framework/pull/16190] module exploits an authenticated file upload on Axis IP cameras. Due to lack of proper sanitization, an attacker can upload and install an eap application which, when executed, will grant the attacker root privileg
2 min Metasploit

Metasploit Weekly Wrap-Up: 2/25/22

Exchange RCE Exchange remote code execution vulnerabilities are always valuable exploits to have. This week Metasploit added an exploit for an authenticated RCE in Microsoft Exchange servers 2016 and server 2019 identified as CVE-2021-42321 [https://attackerkb.com/topics/4JMe2Y1WSY/cve-2021-42321?referrer=blog]. The flaw leveraged by the exploit exists in a misconfigured denylist that failed to prevent a serialized blob from being loaded resulting in code execution. While this is an authenticate
3 min Metasploit

Metasploit Weekly Wrap-Up: 2/18/22

Nagios XI web shell upload module New this week is a Nagios Web Shell Upload module [https://github.com/rapid7/metasploit-framework/pull/16150] from Rapid7' own Jake Baines [https://github.com/jbaines-r7], which exploits CVE-2021-37343 [https://attackerkb.com/topics/zxpvqMqOHQ/cve-2021-37343?referrer=blog]. This module builds upon the existing Nagios XI scanner [https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/scanner/http/nagios_xi_scanner.md] written
2 min Metasploit

Metasploit Wrap-Up: Feb. 11, 2022

Welcome, Little Hippo: PetitPotam Our very own @zeroSteiner [https://github.com/zeroSteiner] ported [https://github.com/rapid7/metasploit-framework/pull/16136] the PetitPotam [https://github.com/topotam/PetitPotam] exploit to Metasploit this week. This module leverages CVE-2021-36942 [https://attackerkb.com/topics/TEBmUAfeCs/cve-2021-36942?referrer=blog], a vulnerability in the Windows Encrypting File System (EFS) API, to capture machine NTLM hashes. This uses the EfsRpcOpenFileRaw function of t
3 min Metasploit

Metasploit Weekly Wrap-Up: Jan. 28, 2022

A new Log4Shell module for unauthenticated RCE on Ubiquiti UniFi devices, getsystem improvements, and more!
2 min Metasploit

Metasploit Weekly Wrap-Up: 1/21/22

while (j==shell); Log4j; The Log4j loop continues as we release a module targeting vulnerable vCenter releases. This is a good time to suggest that you check your vCenter releases and maybe even increase the protection surrounding them, as it’s been a rough year-plus for vCenter [https://attackerkb.com/search?q=vcenter&tags=exploitedInTheWild]. Let your shell do the walking bcoles [https://github.com/bcoles] sent us a module that targets Grandstream GXV3175IP phones that allows remote code exec
3 min Metasploit Weekly Wrapup

Metasploit Weekly Wrap-Up: 1/14/22

Five new modules, including exploits for Log4Shell and SonicWall SMA 100 series devices, plus a new Meterpreter command that allows users to kill all channels at once.
3 min Metasploit

Metasploit Wrap-Up: Jan. 7, 2022

Dump Windows secrets from Active Directory This week, our very own Christophe De La Fuente [https://github.com/cdelafuente-r7] added an important update [https://github.com/rapid7/metasploit-framework/pull/15924] to the existing Windows Secret Dump module. It is now able to dump secrets from Active Directory, which will be very useful for Metasploit users. This new feature uses the Directory Replication Service through RPC to retrieve data such as SIDs, password history, Domain user NTLM hashes

6 min Hacky Holidays 2021

Metasploit 2021 Annual Wrap-Up

Like years past, 2021 brought some surprises and had its shared of celebrity vulnerabilities. Here's are the Metasploit highlights from last year.

3 min Metasploit

Metasploit Wrap-Up: Dec. 17, 2021

A new Log4Shell / Log4j scanner module for Metasploit, a new WordPress module, and multiple enhancements and bug fixes
2 min Metasploit

Metasploit Wrap-Up 12/10/21

Word and Javascript are a rare duo. Thanks to thesunRider [https://github.com/thesunRider]. you too can experience the wonder of this mystical duo. The sole new metasploit module this release adds a file format attack to generate a very special document. By utilizing Javascript embedded in a Word document to trigger a chain of events that slip through various Windows facilities, a session as the user who opened the document can be yours. Do you like spiders? It has been 3 years since SMB2 suppo
2 min Metasploit

Congrats to the Winners of the 2021 Metasploit Community CTF

Thanks to everyone who participated in this year's Metasploit community CTF! In this post, we're announcing the winners.
2 min Metasploit

Metasploit Wrap-Up: 12/3/21

Metasploit CTF 2021 starts today It’s that time of year again! Time for the 2021 Metasploit Community CTF [https://www.rapid7.com/blog/post/2021/11/16/announcing-the-2021-metasploit-community-ctf/] . Earlier today over 1,100 users in more than 530 teams were registered and opened for participation to solve this year’s 18 challenges. Next week a recap and the winners will be announced, so stay tuned for more information. Overlayfs LPE This week Metasploit shipped an exploit for the recent Overla
3 min Metasploit

Metasploit Wrap-Up: Nov. 26 2021

Self-Service Remote Code Execution This week, our own @wvu-r7 added an exploit module [https://github.com/rapid7/metasploit-framework/pull/15874] that achieves unauthenticated remote code execution in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution for Active Directory. This new module leverages a REST API authentication bypass vulnerability identified as CVE-2021-40539 [https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539?referrer=blog], where

Popular Topics

Tags