Posts tagged Metasploit

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 12/21/18

Safari Proxy Object Type Confusion Metasploit committer timwr [https://github.com/timwr] recently added a macOS Safari RCE exploit module [https://github.com/rapid7/metasploit-framework/pull/10944] based on a solution [https://github.com/saelo/pwn2own2018] that saelo [https://github.com/saelo] developed and used successfully at Pwn2Own 2018 [https://www.thezdi.com/blog/2018/3/14/welcome-to-pwn2own-2018-the-schedule]. saelo's exploit is a three-bug chain: a Safari RCE (CVE-2018-4233), a sandbox

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 12/14/18

Backups that Cause Problems hypn0s [https://github.com/hypn0s] contributed a module [https://github.com/rapid7/metasploit-framework/pull/10960] that exploits Snap Creek’s Duplicator plugin for WordPress. Duplicator is a plugin that eases the backup and migration of WordPress installations. For versions 1.2.40 and below, Duplicator leaves behind a number of sensitive files, including one that gives access to controlling the WordPress restoration process. Sending a POST request to the now accessib

Read Full Post

2 min Metasploit

Metasploit Wrapup 12/7/18

If you are tired of all the snake memes and images we pushed out as we stood up support for python external modules over the last year or so, I have terrific news for you!

Read Full Post

2 min Metasploit

Congrats to the 2018 Metasploit Community CTF Winners

After three days of fierce competition, we have the winners of this year's Metasploit community CTF [https://www.rapid7.com/blog/post/2018/11/05/announcing-the-2018-metasploit-community-ctf/] . We've included some high-level stats from the game below; check out the scoreboard. If you played the CTF this weekend and want to let the Metasploit team know which challenges you found exhilarating, interesting, or infuriating (in a good way, of course). Congratulations to everyone who teamed up with

Read Full Post

4 min Metasploit Weekly Wrapup

Metasploit Wrapup 11/30/18

Why can't I hold all these Pull Requests? It has been a busy month here in Metasploit-land, with the holidays, the holiday community contributions, and our community CTF [/2018/11/05/announcing-the-2018-metasploit-community-ctf/]. It doesn't help that the last few months have seen our open pull request count keep climbing as well, reaching over 90 at times. Our fearless leader, busterb [https://github.com/busterb], decided to take on the challenge and landed over 20 PRs by himself in the last tw

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 11/16/18

The Malicious Git HTTP Server For CVE-2018-17456 module by timwr exploits a vulnerability in Git that can cause arbitrary code execution when a user clones a malicious repository using commands such as git clone --recurse-submodules and git submodule update.

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 11/9/18

Now in Framework: Exploit for jQuery File Upload plugin vuln, two new post modules to exfil images and texts from compromised iOS devices. Plus, this year's community CTF.

Read Full Post

3 min Metasploit

Announcing the 2018 Metasploit Community CTF

Two targets, three days, and a thousand teams: Put your skills to the test for a chance to win prizes and bragging rights in Metasploit’s 2018 community CTF.

Read Full Post

3 min Metasploit Weekly Wrapup

Metasploit Wrapup: 11/2/18

Today marks the 30th anniversary of the Morris worm. We were hit by a wave of nostalgia, so here's a little history and a module-trip down memory lane courtesy of wvu.

Read Full Post

4 min Metasploit

Metasploit Wrapup: 10/26/18

We got to hit the build button three times this week. It's not something that we normally do, since the Metasploit release each week triggers automatically. But it's been such a week of surprise vulnerabilities and improvements that it made sense to get a few extra builds out the door. So, Metasploit this week jumps from 4.14.18 to 4.17.21. Look for it during your next Metasploit romp. Exploit wrapup While the excitement around libssl CVE-2018-10933 [https://github.com/rapid7/metasploit-framewo

Read Full Post

1 min Metasploit Weekly Wrapup

Metasploit Wrapup: 10/19/18

A brand new Solaris module, improved Struts module, and the latest improvements.

Read Full Post

3 min Metasploit Weekly Wrapup

Metasploit Wrapup: 10/12/18

New evasion modules in Metasploit Framework, highlights from our Town Hall at DerbyCon VIII, and the last week's improvements and module additions.

Read Full Post

1 min Metasploit

Introducing Metasploit’s First Evasion Modules

Rapid7's Metasploit team is proud to announce we have released the first-ever antivirus evasion module in Metasploit Framework.

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup: 10/5/18

Metasploit’s Brent Cook, Adam Cammack, Aaron Soto, and Cody Pierce are offering themselves up to the crowds at this year’s fourth annual Metasploit Town Hall at Derbycon.

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrapup: 9/28/18

Trevor Forget: Metasploit Town Hall @ Derbycon Metasploit’s Brent Cook [/author/brent-cook], Adam Cammack [/author/adam-cammack], Aaron Soto [/author/aaron], and Cody Pierce are offering themselves up to the crowds at this year’s fourth annual Metasploit Town Hall at Derbycon [https://www.derbycon.com/]. Heading to bourbon country next weekend? Block off your 5 PM hour on Saturday, October 6 to join the team as they unveil some new hotness in Metasploit Framework and take questions and requests

Read Full Post

• ...
• 23
• 24
• 25
• 26
• 27
• ...