2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/30/19
Back to school blues
Summer is winding down and while our for contributions haven't dropped off
(thanks y'all!), we've been tied up with events and a heap of research. Don't
despair, though: our own Brent Cook [https://github.com/busterb], Pearce Barry,
Jeffrey Martin [https://github.com/jmartin-r7], and Matthew Kienow
[https://github.com/mkienow-r7] will be at DerbyCon 9 running the Metasploit
Town Hall at noon Friday. They'll be delivering a community update and answering
questions, so be sur
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/23/19
A LibreOffice file format exploit, plus improvements to TLS and CredSSP-based fingerprinting.
5 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/16/19
Hacker Summer Camp
Last week, the Metasploit team flew out to sunny, hot, and dry Las Vegas for
Hacker Summer Camp (Black Hat, BSidesLV, and DEF CON). It was a full week of
epic hacks, good conversation, and even a little business!
If you managed to catch us at our Open Source Office Hours
[https://blog.rapid7.com/2019/07/15/metasploit-open-source-office-hours-in-vegas/]
(previously
OSSM, the Open Source Security Meetup) in Bally's, we just wanted to say
thanks for making the trek through the
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/9/19
Keep on Bluekeepin’ on
TomSellers [https://github.com/TomSellers] added a new option to the
increasingly useful Bluekeep Scanner module
[https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb]
that allows execution of a DoS attack when running the module. This adds a new
level of effectiveness in proving the severity of this vulnerability.
As part of this update, TomSellers [https://github.com/TomSellers] moved and
refactored a lot of
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/2/19
A new feature, better `set payload` options, and new modules. Plus, open-source office hours in Vegas during hacker summer camp.
5 min
Metasploit
Introducing Pingback Payloads
The Metasploit team added a new feature to Framework that improves safety and offers another avenue in MSF for novel evasion techniques: pingback payloads.
1 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 7/26/19
First!!
Congrats to Nick Tyrer [https://github.com/NickTyrer] for the first community
contibuted evasion module to land in master. Nick's
evasion/windows/applocker_evasion_install_util module
[https://github.com/rapid7/metasploit-framework/pull/11795] leverages the
trusted InstallUtil.exe binary to execute user supplied code and evade
application whitelisting.
New modules (4)
* WP Database Backup RCE
[https://github.com/rapid7/metasploit-framework/pull/12010] by Mikey
Veenstra
/ Wordf
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 7/19/19
RCE with a Key
An exploit module [https://github.com/rapid7/metasploit-framework/pull/12062]
for Laravel Framework was submitted by community contributor aushack
[https://github.com/aushack]. The module targets an insecure unserialize call
with the X-XSRF-TOKEN HTTP request header, which was discovered by Ståle
Pettersen. Since the exploit requires the Laravel APP_KEY to reach the
vulnerable unserialize call, aushack included information leak
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-
1 min
Metasploit
End of Sale Announced for Metasploit Community
Today we are announcing end of sale for Metasploit Community Edition, effective immediately.
3 min
Events
Metasploit Open Source Office Hours: Vegas 2019
The Metasploit crew at Rapid7 is headed out to Las Vegas for DEF CON 27,
bringing a new incarnation of the Open Source Security Meetup (OSSM) with us! We
will have a Metasploit Suite at Bally’s this year, where we’ll be hosting “Open
Source Office Hours” (OSOH). If you’ll be out in Vegas for DEF CON 27, take a
moment and ask yourself:
* Are you currently working on a Metasploit module/payload and could use some
guidance?
* Are you modifying Framework and you’d like to discuss?
* Are you w
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 7/12/19
We hope our American friends had a wonderful Fourth of July weekend! There are
no new modules this week, so instead we're featuring two enhancements that fix
some long outstanding Framework bugs. Check out last week’s holiday wrap-up for
a list of the modules that landed while the U.S. was watching fireworks.
GatherProof (or don't)
Using ssh_login* on certain non-standard devices such as Brocade switches
[https://github.com/rapid7/metasploit-framework/issues/11905] and Juniper
firewalls [https:
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 7/5/19
Injecting the Time Machine
From contributor timwr [https://github.com/timwr] comes a new module targeting
Time Machine on macOS 10.14.3 and earlier. Specifically, the tmdiagnose binary
for these vulnerable versions suffers from a command injection vulnerability
that can be exploited via a specially crafted disk label. This new module uses
an existing session for exploitation on the target, allowing the Framework user
to run a payload as root.
What’s on TV?
If you are nearby to a vulnerable Supr
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 6/28/19
I am Root
An exploit module [https://github.com/rapid7/metasploit-framework/pull/11987]
for Nagios XI v5.5.6 was added by community contributor yaumn
[https://github.com/yaumn]. This module includes two exploits chained together
to achieve code execution with root privileges, and it all happens without
authentication. A single unsanitized parameter in magpie_debug.php enables the
ability to write arbitrary PHP code to a publicly accessible directory and get
code execution. Privilege escalation
1 min
Metasploit
Metasploit Development Diaries: Q2 2019
Hey folks, it's towards the end of the second quarter, which means it's high
time for another Metasploit Dev Diary! If you already know what this series is
about, feel free to just click on over here
[https://www.rapid7.com/research/report/metasploit-development-diaries-q2-2019]
and read away. If you need more convincing, here's the skinny.
Once a quarter, the indomitable Metasploit
[https://www.rapid7.com/products/metasploit/] engineering team is going to pull
you, dear reader, behind the cur
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 6/21/19
TLS support and expanded options for the BlueKeep scanner module, two new modules for Cisco Prime Infrastructure, and more.