3 min
Metasploit
Metasploit Weekly Wrap-Up: 2/18/22
Nagios XI web shell upload module
New this week is a Nagios Web Shell Upload module
[https://github.com/rapid7/metasploit-framework/pull/16150] from Rapid7' own
Jake Baines [https://github.com/jbaines-r7], which exploits CVE-2021-37343
[https://attackerkb.com/topics/zxpvqMqOHQ/cve-2021-37343?referrer=blog]. This
module builds upon the existing Nagios XI scanner
[https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/scanner/http/nagios_xi_scanner.md]
written
2 min
Metasploit
Metasploit Wrap-Up: Feb. 11, 2022
Welcome, Little Hippo: PetitPotam
Our very own @zeroSteiner [https://github.com/zeroSteiner] ported
[https://github.com/rapid7/metasploit-framework/pull/16136] the PetitPotam
[https://github.com/topotam/PetitPotam] exploit to Metasploit this week. This
module leverages CVE-2021-36942
[https://attackerkb.com/topics/TEBmUAfeCs/cve-2021-36942?referrer=blog], a
vulnerability in the Windows Encrypting File System (EFS) API, to capture
machine NTLM hashes. This uses the EfsRpcOpenFileRaw function of t
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Feb. 4, 2022
A new NOP module, improvements to RPC functionality and PHP Meterpreter, and WordPress and Cisco RV exploits.
3 min
Metasploit
Metasploit Weekly Wrap-Up: Jan. 28, 2022
A new Log4Shell module for unauthenticated RCE on Ubiquiti UniFi devices, getsystem improvements, and more!
2 min
Metasploit
Metasploit Weekly Wrap-Up: 1/21/22
while (j==shell); Log4j;
The Log4j loop continues as we release a module targeting vulnerable vCenter
releases. This is a good time to suggest that you check your vCenter releases
and maybe even increase the protection surrounding them, as it’s been a rough
year-plus for vCenter
[https://attackerkb.com/search?q=vcenter&tags=exploitedInTheWild].
Let your shell do the walking
bcoles [https://github.com/bcoles] sent us a module that targets Grandstream
GXV3175IP phones that allows remote code exec
3 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: 1/14/22
Five new modules, including exploits for Log4Shell and SonicWall SMA 100 series devices, plus a new Meterpreter command that allows users to kill all channels at once.
3 min
Metasploit
Metasploit Wrap-Up: Jan. 7, 2022
Dump Windows secrets from Active Directory
This week, our very own Christophe De La Fuente
[https://github.com/cdelafuente-r7] added an important update
[https://github.com/rapid7/metasploit-framework/pull/15924] to the existing
Windows Secret Dump module. It is now able to dump secrets from Active
Directory, which will be very useful for Metasploit users. This new feature uses
the Directory Replication Service through RPC to retrieve data such as SIDs,
password history, Domain user NTLM hashes
3 min
Metasploit
Metasploit Wrap-Up: Dec. 17, 2021
A new Log4Shell / Log4j scanner module for Metasploit, a new WordPress module, and multiple enhancements and bug fixes
2 min
Metasploit
Metasploit Wrap-Up 12/10/21
Word and Javascript are a rare duo.
Thanks to thesunRider [https://github.com/thesunRider]. you too can experience
the wonder of this mystical duo. The sole new metasploit module this release
adds a file format attack to generate a very special document. By utilizing
Javascript embedded in a Word document to trigger a chain of events that slip
through various Windows facilities, a session as the user who opened the
document can be yours.
Do you like spiders?
It has been 3 years since SMB2 suppo
2 min
Metasploit
Metasploit Wrap-Up: 12/3/21
Metasploit CTF 2021 starts today
It’s that time of year again! Time for the 2021 Metasploit Community CTF
[https://www.rapid7.com/blog/post/2021/11/16/announcing-the-2021-metasploit-community-ctf/]
. Earlier today over 1,100 users in more than 530 teams were registered and
opened for participation to solve this year’s 18 challenges. Next week a recap
and the winners will be announced, so stay tuned for more information.
Overlayfs LPE
This week Metasploit shipped an exploit for the recent Overla
3 min
Metasploit
Metasploit Wrap-Up: Nov. 26 2021
Self-Service Remote Code Execution
This week, our own @wvu-r7 added an exploit module
[https://github.com/rapid7/metasploit-framework/pull/15874] that achieves
unauthenticated remote code execution in ManageEngine ADSelfService Plus, a
self-service password management and single sign-on solution for Active
Directory. This new module leverages a REST API authentication bypass
vulnerability identified as CVE-2021-40539
[https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539?referrer=blog], where
3 min
Metasploit
Metasploit Wrap-Up: 11/19/21
Azure Active Directory login scanner module
Community contributor k0pak4 [https://github.com/k0pak4] added a new login
scanner module for Azure Active Directory
[https://github.com/rapid7/metasploit-framework/pull/15755]. This module
exploits a vulnerable
[https://attackerkb.com/topics/rZ1JlQhXhc/cve-2020-16152?referrer=blog]
authentication endpoint in order to enumerate usernames without generating log
events. The error code returned by the endpoint can be used to discover the
validity of user
4 min
Metasploit
Metasploit Wrap-Up: Nov. 12, 2021
Four new modules, including Microsoft OMI local privilege escalation, and a Win32k local privilege escalation module for CVE-2021-40449, impacting Windows 10 x64 build 14393 and 17763
3 min
Metasploit
Metasploit Wrap-Up: 11/5/21
GitLab RCE
New Rapid7 team member jbaines-r7 [https://github.com/jbaines-r7] wrote an
exploit targeting GitLab via the ExifTool command. Exploiting this vulnerability
results in unauthenticated remote code execution as the git user. What makes
this module extra neat is the fact that it chains two vulnerabilities together
to achieve this desired effect. The first vulnerability is in GitLab itself that
can be leveraged to pass invalid image files to the ExifTool parser which
contained the second v
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Oct. 29, 2021
Modules for Apache Server, Sophos UTM, the OMIgod RCE, and more. Plus, support for reverse port forwarding via established SSH sessions.