Posts tagged Metasploit

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 2/14/20

Ricoh Privilege Escalation No ink? No problem. Here’s some SYSTEM access. A new module [https://github.com/rapid7/metasploit-framework/pull/12906] by our own space-r7 [https://github.com/space-r7] has been added to Metasploit Framework this week that adds a privilege escalation exploit for various [https://www.ricoh.com/info/2020/0122_1/list] Ricoh printer drivers on Windows systems. This module takes advantage of CVE-2019-19363 [https://nvd.nist.gov/vuln/detail/CVE-2019-19363] by overwriting th

Read Full Post

2 min Metasploit

Metasploit Wrap-Up: Feb. 7, 2020

In the week after our CTF, we hope the players had a good time and got back to their loved ones, jobs, lives, studies, and most importantly, back to their beds (and you can find out who the winners were here [/2020/02/03/congrats-to-the-winners-of-the-2020-metasploit-community-ctf/]!). For the Metasploit team, we went back to baking up fresh, hot modules and improvements that remind us in this flu season to not just wash your hands, but also, sanitize your inputs! SOHOwabout a Shell? Several [h

Read Full Post

5 min Research

DOUBLEPULSAR over RDP: Baselining Badness on the Internet

How many internet-accessible RDP services have the DOPU implant installed? How much DOPU-over-RDP traffic do we see being sprayed across the internet?

Read Full Post

22 min Research

DOUBLEPULSAR RCE 2: An RDP Story

In this sequel, wvu [https://github.com/wvu-r7] recounts the R&D (in all its imperfect glory) behind creating a Metasploit module for the DOUBLEPULSAR implant's lesser-known RDP variant. If you're unfamiliar with the more common SMB variant, you can read our blog post [/2019/10/02/open-source-command-and-control-of-the-doublepulsar-implant/] detailing how we achieved RCE with it. Table of Contents 0. Background 1. Extracting the implant 2. Installing the implant 3. Pinging the implant 4.

Read Full Post

2 min Metasploit

Congrats to the Winners of the 2020 Metasploit Community CTF

After four days of competition and a whole lot of “trying harder,” we have the winners of this year's Metasploit community CTF [/2020/01/15/announcing-the-2020-metasploit-community-ctf/]. We've included some high-level stats from the game below; check out the scoreboard here [https://metasploitctf.com/scoreboard]. If you played the CTF and want to let the Metasploit team know which challenges you found exhilarating, interesting, or infuriating (in a good way, of course), we have a feedback surve

Read Full Post

2 min Metasploit

Metasploit Team Announces Beta Sign-Up for AttackerKB

AttackerKB is a knowledge base of vulnerabilities and informed opinions on what makes them valuable (or not) targets for exploitation.

Read Full Post

5 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 1/31/20

Happy CTF week, folks! If you haven't already been following along with (or competing in) Metasploit's global community CTF [/2020/01/15/announcing-the-2020-metasploit-community-ctf/], it started yesterday and runs through Monday morning U.S. Eastern Time. Registration has been full for a while, but you can join the #metasploit-ctf channel on Slack [https://metasploit.com/slack] to participate in the joy and frustration vicariously. This week's Metasploit wrap-up takes a look back at work done

Read Full Post

3 min Metasploit

Metasploit Wrap-up: 1/24/20

Transgressive Traversal Contributor Dhiraj Mishra [https://github.com/RootUp] authored a neat Directory Traversal module [https://github.com/rapid7/metasploit-framework/pull/12773] targeted at NVMS-1000 Network Surveillance Management Software developed by TVT Digital Technology. Permitting the arbitrary downloading of files stored on a machine running compromised software [https://www.exploit-db.com/exploits/47774] , this module becomes all the more attractive when you consider it's providing

Read Full Post

4 min Research

Active Exploitation of Citrix NetScaler (CVE-2019-19781): What You Need to Know

A a directory traversal vulnerability was announced in the Citrix Application Discovery Controller and Citrix Gateway, which would allow a remote, unauthenticated user to write a file to a location on disk.

Read Full Post

2 min Metasploit

Metasploit Wrap-Up: 1/17/20

Silly admin, Citrix is for script kiddies A hot, new module [https://github.com/rapid7/metasploit-framework/pull/12816] has landed in Metasploit Framework this week. It takes advantage of CVE-2019-19781 which is a directory traversal vulnerability in Citrix Application Delivery Controller (ADC) and Gateway. This exploit takes advantage of unsanitized input within the URL structure of one of the API endpoints to access specified directories. Conveniently there is a directory available that house

Read Full Post

5 min Metasploit

Announcing the 2020 Metasploit Community CTF

Metasploit's community CTF is back! Starting January 30, players will have four days to find flags and win points and glory. Teams welcome.

Read Full Post

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 1/3/20

A new OpenBSD local exploit Community contributor bcoles [http://github.com/bcoles] brings us a new exploit module for CVE-2019-19726, a vulnerability originally discovered by Qualys [https://blog.qualys.com/laws-of-vulnerabilities/2019/12/11/openbsd-local-privilege-escalation-vulnerability-cve-2019-19726] in OpenBSD. This vulnerability is pretty interesting in the sense that it leverages a bug in the _dl_getenv function that can be triggered to load libutil.so from an attacker controlled loca

Read Full Post

9 min Haxmas

Memorable Metasploit Moments of 2019

Here’s a smattering of the year’s Metasploit Framework highlights from 2019. As ever, we’re grateful to and for the community that keeps us going strong.

Read Full Post

2 min Metasploit

Metasploit Wrap-Up: Dec. 27, 2019

With 2019 almost wrapped up, we’ve been left wondering where the time went! It’s been a busy year for Metasploit, and we’re going out on a reptile-themed note this wrap-up... Python gets compatible With the clock quickly ticking down on Python 2 support [https://pythonclock.org/], contributor xmunoz [https://github.com/xmunoz] came through with some changes [https://github.com/rapid7/metasploit-framework/pull/12524] to help ensure most of Framework works with Python 3. While Python 3’s adoption

Read Full Post

2 min Metasploit

Metasploit Wrap-Up: 12/19/19

It’s beginning to look a lot like HaXmas [/tag/haxmas/], everywhere you go! We have a great selection of gift-wrapped modules this holiday season, sure to have you entertained from one to eight nights, depending on your preference! On a personal note, we here at the Metasploit workshop would like to welcome our newest elf, Spencer McIntyre [https://github.com/smcintyre-r7]. Spencer has been a long-time contributor to the project, and we’re thrilled to have him on the team! In the spirit of givi

Read Full Post

• ...
• 18
• 19
• 20
• 21
• 22
• ...