Posts tagged Metasploit

2 min Metasploit Weekly Wrapup

Metasploit Wrapup: 6/15/18

New Privilege Escalation Exploit The glibc 'realpath()' module [https://github.com/rapid7/metasploit-framework/pull/10101] was added by bcoles [https://github.com/bcoles]. It attempts to gain root privileges on Debian-based Linux systems by exploiting a vulnerability in GNU C Library (glibc) version <= 2.26. This exploit uses halfdog's [https://github.com/halfdog] RationalLove exploit to expose a buffer underflow error in glibc realpath() and create a SUID root shell. The module includes offset
2 min Metasploit Weekly Wrapup

Metasploit Wrapup 6/8/18

Just Let Me Grab My Popcorn First This week, rmdavy [https://github.com/rmdavy] contributed a pair of modules designed to fool Windows into authenticating to you so you can capture sweet, sweet NetNTLM hashes. BadODT [https://github.com/rapid7/metasploit-framework/pull/10067] targets LibreOffice/Apache OpenOffice by providing a link to an image on a network share, and the new Multi Dropper [https://github.com/rapid7/metasploit-framework/pull/10115] creates all sorts of files Windows itself lov
1 min Metasploit

Announcement: End of Life for Metasploit Express Edition

Today, June 4th, 2018, Rapid7 announced that Metasploit Express edition will see end of life on June 4th, 2019. This is being done to focus efforts on Metasploit Pro [https://www.rapid7.com/products/metasploit/download/], which continues to be a major investment for Rapid7 and will consistently see new innovations. Milestone Description Date End of life announcement date The date that the end of life date has been announced to the general public. June 4th, 2018 Last date of support The last da
2 min Metasploit Weekly Wrapup

Metasploit Wrapup 6/1/18

Upgrade Your SOCKS Thanks to zeroSteiner [https://github.com/zeroSteiner], we have some very nice additions to the SOCKS5 library this week. His changes enabled BIND connections through the SOCKS5 proxy [https://github.com/rapid7/metasploit-framework/pull/9990], improved automated testing around the code, and broke it up into more manageable, targeted submodules. Now that Trevor’s dying wish [https://twitter.com/Bandrel/status/912312568055771137] has been fulfilled, the team can finally leave

3 min Metasploit Weekly Wrapup

Metasploit Wrapup 5/25/18

Bonjour! Que désirez-vous? We want to know what you'd like to see out of our latest Metasploit improvements. Please take a moment to fill out our community survey to help shape Metasploit's new backend data service. Tell us how you use the Metasploit database, which Metasploit data you use with other tools, how you need to store data from modules you've written, and so on. Please take our survey! [https://docs.google.com/forms/d/e/1FAIpQLSckVYKP9qVg_VSQcYPoFaYperYFBfmjfZXwi6jIxDokdext6Q/viewfor
3 min Metasploit Weekly Wrapup

Metasploit Wrapup 5/18/18

You Compile Me Our very own wchen-r7 [https://github.com/wchen-r7] added the ability to compile C code in metasploit, including (select) dependencies by creating a wrapper for metasm. Right now, support for windows.h is the first salvo in custom compiling tools within the metasploit interface! Hack all the things! For a long time, people have asked us to support RHOSTS in exploits just like we do in AUX modules. We listened, and now framework exploits support RHOSTS! Set your exploit, your

2 min Metasploit Weekly Wrapup

Metasploit Wrapup: 5/11/18

Chaining Vulnerabilities Philip Pettersson discovered vulnerabilities in certain PAN OS versions [http://seclists.org/fulldisclosure/2017/Dec/38] that could lead to remote code execution and hdm wrote a Metasploit module for the exploit chain [https://github.com/rapid7/metasploit-framework/pull/9980]. The exploit chain starts off with an authentication bypass, which allows the module to access a page that is vulnerable to an XML injection. This page is then used to create a directory where a pay
3 min Metasploit Weekly Wrapup

Metasploit Wrapup 5/4/18

May the fourth be with you… Get comfortable, put on your headphones or turn up your speaker volume, and enjoy this guitar rendition [https://www.youtube.com/watch?v=CBZgLM5HUzU] of the Ewok Celebration, commonly known as Yub Nub [https://starwars.fandom.com/wiki/Ewok_Celebration] while catching up on Metasploit updates for the week. PHP Debugging Xdebug [https://xdebug.org/] is an extension for PHP to facilitate development by providing interactive debugging capabilities and much more. On an

7 min Metasploit

Hiding Metasploit Shellcode to Evade Windows Defender

Being on the offensive side in the security field, I personally have a lot of respect for the researchers and engineers in the antivirus industry, and the companies dedicated to investing so much in them. If malware development is a cat-and-mouse game, then I would say that the industry creates some of the most terrifying hunters. Penetration testers and red teamers suffer the most from this while using Metasploit [https://www.rapid7.com/products/metasploit/], which forced me to look into how to
3 min Metasploit Weekly Wrapup

Metasploit Wrapup 4/27/18

After last week's seriously serious write-up [https://www.rapid7.com/blog/post/2018/04/20/metasploit-wrapup-36/], this week we will return to our norml normal, lighthearted (and Metasploit-hearted) wrap-ups, though we remain fans of terrible 80s movies. Drupalgeddon 2: Webdev Boogaloo After last month's Drupal exploit came to light, nearly a dozen developers have been hard at work to add a module targeting CVE-2018-7600 [https://www.rapid7.com/db/vulnerabilities/drupal-cve-2018-7600]. You can

5 min Vulnerability Management

Drupalgeddon Vulnerability: What is it? Are You Impacted?

First up: many thanks to Brent Cook [/author/brent-cook/], William Vu [/author/william-vu/] and Matt Hand for their massive assistance in both the Rapid7 research into “Drupalgeddon” and their contributions to this post. Background on the Drupalgeddon vulnerability The Drupalgeddon 2 vulnerability announcement came out in late March (2018-03-28 ) as SA-CORE-2018-002 [https://www.drupal.org/sa-core-2018-002]. The advisory was released with a patch and CVE (CVE-2018-7600) [https://www.rapid7.com/
2 min Metasploit Weekly Wrapup

Metasploit Wrapup 4/20/18

You may have noticed that our weekly wrapups [https://www.rapid7.com/blog/tag/metasploit-weekly-wrapup/] tend to be very light-hearted. A few might say our blog is humourous. Some might even argue that they incorporate low-brow internet jokes and an excessive quantity of memes. Well, I'm here to say we've turned over a new leaf. No longer will cheap comedy cover the pages of this professional publication. In honor of April 20th, this blog post will remain serious. Seriously. Google Summer of
2 min Metasploit Weekly Wrapup

Metasploit Wrapup 4/13/18

What's Your Favorite Security Site? When you are browsing sites on the Internet, you may notice some sites [http://www.irongeek.com/] will include your public IP address on their pages. But what if you came across a site that also showed your IP address from your private network range [https://media.giphy.com/media/3otPoDVeyxTT1jIKqc/giphy.gif]? This might be a little worrying [https://media.giphy.com/media/xhaHU2l56OSYM/giphy.gif], but before you run off you check to make sure the coast is cle
2 min Metasploit Weekly Wrapup

Metasploit Wrapup 4/7/18

Mobile Moose This week marked the beginning of our time in the new office. Everything got packed up and moved: computers, chairs, Rudy’s cups, and odd soy sauce packets in the back of the drawers. One consequence of moving to downtown Austin is that the lunch debates take longer, with flame wars about both the best tacos and the best barbecue. Metasploit: Now With More Snakes! @shellfail [https://twitter.com/shellfail] doubled down this wrapup; way back in March, he wrote a guide to writing P
4 min Metasploit Weekly Wrapup

Metasploit Wrapup 4/2/18

Spring has come again to Austin, TX, home of the Rapid7 Metasploit team. While the season here brings pollen and allergies, it also brings fields full of bluebonnets and folks taking pictures before they all disappear. Let's celebrate by looking at what's popped up in Metasploit this week. New Data Model Last week, we landed the beginning of a new backend service for Metasploit, dubbed 'Goliath', which creates a new abstraction between Metasploit Framework and how it interacts with the databa

Popular Topics

Tags