3 min
Metasploit
Metasploit Wrap-Up 5/1/20
Windows Meterpreter payload improvements
Community contributor OJ [https://github.com/OJ] has made improvements to
Windows Meterpreter payloads. Specifically reducing complexity around extension
building and loading. This change comes with the benefit of removing some
fingerprint artifacts, as well reducing the payload size as a side-effect.
Note that Windows meterpreter sessions that are open prior to this bump will not
be able to load new extensions after the bump if they connect with a new
in
3 min
Metasploit
Metasploit Wrap-Up 4/24/20
Security fix for the libnotify plugin (CVE-2020-7350)
If you use the libnotify plugin to keep track of when file imports complete, the
interaction between it and db_import allows a maliciously crafted XML file
[https://github.com/rapid7/metasploit-framework/pull/13049] to execute arbitrary
commands on your system. In proper Metasploit fashion, pastaoficial
[https://github.com/pastaoficial] PR'd a file format exploit to go along with
the fix, and our own smcintyre-r7 [https://github.com/smcintyre
2 min
Metasploit
Metasploit Wrap-Up: Apr. 17, 2020
Nexus Repository Manager RCE
This week our very own Will Vu [https://github.com/wvu-r7] wrote a module for
CVE-2020-10199 which targets a remote code execution vulnerability within the
Nexus Repository Manager. The vulnerability allows Java Expression Language
(JavaEL) code to be executed. While the flaw requires authentication information
to leverage it, any account is sufficient. This would allow any registered user
to compromise the target server.
Unquoted Service Path LPE
Community contribu
3 min
Risk Management
Meet AttackerKB
Meet AttackerKB: a new community-driven resource that highlights diverse perspectives on which vulnerabilities make the most appealing targets for attackers.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 4/10/20
Meterpreter bug fixes and five new modules, including an LPE exploit for SMBghost (CVE-2020-0796) and a BloodHound post module that gathers information (sessions, local admin, domain trusts, etc.) and stores it as a BloodHound-consumable ZIP file in Framework loot.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 4/3/2020
This week's release includes a local privilege escalation exploit for VMware Fusion through 11.5.3 on OS X, as well as RCE on Apache Solr and DNN cookie deserialization.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 3/27/20
Three new modules, including a post module to automate the installation of an embeddable Python interpreter on a target, and a new exploit for Microsoft SharePoint Workflows.
1 min
Metasploit
How to Participate in Our Metasploit Pro Customer Survey
As a Metasploit Pro customer, we want to know what your priorities are, what challenges you’re facing, and how Metasploit Pro addresses those needs.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 3/20/20
Five new modules plus fixes and enhancements. Exploits for ManageEngine, rConfig, and SQL Server Reporting Services, among others.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 3/13/20
Four new modules and lots of productivity enhancements. You can now run `rubocop -a` to automatically fix most formatting issues when developing modules. Plus, try the new `tip` command in MSF for Framework usage tips!
3 min
Metasploit
Metasploit Wrap-Up 3/6/20
Gift exchange
If you're looking for remote code execution against Microsoft Exchange, Spencer
McIntyre [https://github.com/zeroSteiner] crafted up a cool new module
[https://github.com/rapid7/metasploit-framework/pull/13014] targeting a .NET
serialization vulnerability in the Exchange Control Panel (ECP) web page.
Vulnerable versions of Exchange don't randomize keys on a per-installation
basis, resulting in reuse of the same validationKey and decryptionKey values.
With knowledge of these, an at
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 2/28/20
Android Binder UAF, OpenNetAdmin RCE, and a slew of improvements, including colorized HttpTrace output and a better debugging experience for developers.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 2/21/20
Long live copy and paste
Adam Galway enhanced the set PAYLOAD command to strip the /payload/, payload/,
and / prefixes from a payload name in an effort to improve the user experience
while configuring an exploit's payload. You can see the new behavior
[https://github.com/rapid7/metasploit-framework/pull/12946] below!
msf5 exploit(windows/smb/ms17_010_eternalblue) > set payload /payload/windows/x64/meterpreter/reverse_tcp
payload => windows/x64/meterpreter/reverse_tcp
msf5 exploit(windows/smb/ms
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 2/14/20
Ricoh Privilege Escalation
No ink? No problem. Here’s some SYSTEM access. A new module
[https://github.com/rapid7/metasploit-framework/pull/12906] by our own space-r7
[https://github.com/space-r7] has been added to Metasploit Framework this week
that adds a privilege escalation exploit for various
[https://www.ricoh.com/info/2020/0122_1/list] Ricoh printer drivers on Windows
systems. This module takes advantage of CVE-2019-19363
[https://nvd.nist.gov/vuln/detail/CVE-2019-19363] by overwriting th
2 min
Metasploit
Metasploit Wrap-Up: Feb. 7, 2020
In the week after our CTF, we hope the players had a good time and got back to
their loved ones, jobs, lives, studies, and most importantly, back to their beds
(and you can find out who the winners were here
[/2020/02/03/congrats-to-the-winners-of-the-2020-metasploit-community-ctf/]!).
For the Metasploit team, we went back to baking up fresh, hot modules and
improvements that remind us in this flu season to not just wash your hands, but
also, sanitize your inputs!
SOHOwabout a Shell?
Several
[h