5 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: Mar. 25, 2022
Capture Plugin
Capturing credentials is a critical and early phase in the playbook of many
offensive security testers. Metasploit has facilitated this for years with
protocol-specific modules all under the auxiliary/server/capture. Users can
start and configure each of these modules individually, but now the capture
plugin can streamline the process. The capture plugin can easily start 13
different services (17 including SSL enabled versions) on the same listening IP
address including remote int
3 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 18, 2022
CVE-2022-21999 - SpoolFool
Our very own Shelby Pace [https://github.com/space-r7] has added a new module
for the CVE-2022-21999 SpoolFool privilege escalation vulnerability
[https://attackerkb.com/topics/vFYqO85asS/cve-2022-21999?referrer=blog]. This
escalation vulnerability can be leveraged to achieve code execution as SYSTEM.
This new module has successfully been tested on Windows 10 (10.0 Build 19044)
and Windows Server 2019 v1809 (Build 17763.1577).
CVE-2021-4191 - Gitlab GraphQL API User E
5 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 11, 2022
Mucking out the pipes.
Thanks to some quick work by timwr [https://github.com/timwr], CVE-2022-0847
[https://attackerkb.com/topics/UwW7SVPaPv/cve-2022-0847?referrer=blog] aka
"Dirty Pipe" gives Metasploit a bit of digital plumber's training. The exploit
targeting modern Linux v5 kernels helps elevate user privileges by overwriting a
SUID binary of your choice by plunging some payload gold through a pipe.
Long live the SMB relay!
SMB, that magical ubiquitous service making all that noise on netw
4 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 4, 2022
This week’s Metasploit Framework release brings us seven new modules.
IP Camera Exploitation
Rapid7’s Jacob Baines [https://github.com/jbaines-r7] was busy this week with
two exploit modules that target IP cameras. The first
[https://github.com/rapid7/metasploit-framework/pull/16190] module exploits an
authenticated file upload on Axis IP cameras. Due to lack of proper
sanitization, an attacker can upload and install an eap application which, when
executed, will grant the attacker root privileg
2 min
Metasploit
Metasploit Weekly Wrap-Up: 2/25/22
Exchange RCE
Exchange remote code execution vulnerabilities are always valuable exploits to
have. This week Metasploit added an exploit for an authenticated RCE in
Microsoft Exchange servers 2016 and server 2019 identified as CVE-2021-42321
[https://attackerkb.com/topics/4JMe2Y1WSY/cve-2021-42321?referrer=blog]. The
flaw leveraged by the exploit exists in a misconfigured denylist that failed to
prevent a serialized blob from being loaded resulting in code execution. While
this is an authenticate
3 min
Metasploit
Metasploit Weekly Wrap-Up: 2/18/22
Nagios XI web shell upload module
New this week is a Nagios Web Shell Upload module
[https://github.com/rapid7/metasploit-framework/pull/16150] from Rapid7' own
Jake Baines [https://github.com/jbaines-r7], which exploits CVE-2021-37343
[https://attackerkb.com/topics/zxpvqMqOHQ/cve-2021-37343?referrer=blog]. This
module builds upon the existing Nagios XI scanner
[https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/scanner/http/nagios_xi_scanner.md]
written
2 min
Metasploit
Metasploit Wrap-Up: Feb. 11, 2022
Welcome, Little Hippo: PetitPotam
Our very own @zeroSteiner [https://github.com/zeroSteiner] ported
[https://github.com/rapid7/metasploit-framework/pull/16136] the PetitPotam
[https://github.com/topotam/PetitPotam] exploit to Metasploit this week. This
module leverages CVE-2021-36942
[https://attackerkb.com/topics/TEBmUAfeCs/cve-2021-36942?referrer=blog], a
vulnerability in the Windows Encrypting File System (EFS) API, to capture
machine NTLM hashes. This uses the EfsRpcOpenFileRaw function of t
3 min
Metasploit
Metasploit Weekly Wrap-Up: Jan. 28, 2022
A new Log4Shell module for unauthenticated RCE on Ubiquiti UniFi devices, getsystem improvements, and more!
2 min
Metasploit
Metasploit Weekly Wrap-Up: 1/21/22
while (j==shell); Log4j;
The Log4j loop continues as we release a module targeting vulnerable vCenter
releases. This is a good time to suggest that you check your vCenter releases
and maybe even increase the protection surrounding them, as it’s been a rough
year-plus for vCenter
[https://attackerkb.com/search?q=vcenter&tags=exploitedInTheWild].
Let your shell do the walking
bcoles [https://github.com/bcoles] sent us a module that targets Grandstream
GXV3175IP phones that allows remote code exec
3 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: 1/14/22
Five new modules, including exploits for Log4Shell and SonicWall SMA 100 series devices, plus a new Meterpreter command that allows users to kill all channels at once.
3 min
Metasploit
Metasploit Wrap-Up: Jan. 7, 2022
Dump Windows secrets from Active Directory
This week, our very own Christophe De La Fuente
[https://github.com/cdelafuente-r7] added an important update
[https://github.com/rapid7/metasploit-framework/pull/15924] to the existing
Windows Secret Dump module. It is now able to dump secrets from Active
Directory, which will be very useful for Metasploit users. This new feature uses
the Directory Replication Service through RPC to retrieve data such as SIDs,
password history, Domain user NTLM hashes
6 min
Hacky Holidays 2021
Metasploit 2021 Annual Wrap-Up
Like years past, 2021 brought some surprises and had its shared of celebrity vulnerabilities. Here's are the Metasploit highlights from last year.
3 min
Metasploit
Metasploit Wrap-Up: Dec. 17, 2021
A new Log4Shell / Log4j scanner module for Metasploit, a new WordPress module, and multiple enhancements and bug fixes
2 min
Metasploit
Metasploit Wrap-Up 12/10/21
Word and Javascript are a rare duo.
Thanks to thesunRider [https://github.com/thesunRider]. you too can experience
the wonder of this mystical duo. The sole new metasploit module this release
adds a file format attack to generate a very special document. By utilizing
Javascript embedded in a Word document to trigger a chain of events that slip
through various Windows facilities, a session as the user who opened the
document can be yours.
Do you like spiders?
It has been 3 years since SMB2 suppo
2 min
Metasploit
Congrats to the Winners of the 2021 Metasploit Community CTF
Thanks to everyone who participated in this year's Metasploit community CTF! In this post, we're announcing the winners.