Posts tagged Metasploit

1 min Metasploit

Metasploit Weekly Wrap-Up 08/09/2024

Black Hat & DEF CON Hopefully folks were able to catch our Rapid7 researchers @zeroSteiner [https://x.com/zeroSteiner] & Jack Heysel show off the Metasploit 6.4's features, focusing on combinations that allow for new, streamlined attack workflows at Black Hat. If not they will also be demoing at DEF CON tomorrow in room W304! New module content (1) Calibre Python Code Injection (CVE-2024-6782) Authors: Amos Ng and Michael Heinzl Type: Exploit Pull request: #19357 [https://github.com/rapid7/meta

2 min Metasploit

Metasploit Weekly Wrap-Up 08/02/2024

Metasploit goes to Hacker Summer Camp Next week, Metasploit will have demos at both Black Hat [https://www.blackhat.com/us-24/arsenal/schedule/index.html#the-metasploit-framework-39570] and DEF CON [https://defcon.org/html/defcon-32/dc-32-demolabs.html#54186] where the latest functionality from this year will be presented. The Black Hat demo will be on Thursday the 8th from 10:10 to 11:25 and the DEF CON demo will be on Saturday the 10th from 12:00 to 13:45. The highlights will include demonst

2 min Metasploit

Metasploit Weekly Wrap-Up 07/26/2024

New module content (3) Magento XXE Unserialize Arbitrary File Read Authors: Heyder and Sergey Temnikov Type: Auxiliary Pull request: #19304 [https://github.com/rapid7/metasploit-framework/pull/19304] contributed by heyder [https://github.com/heyder] Path: gather/magento_xxe_cve_2024_34102 AttackerKB reference: CVE-2024-34102 [https://attackerkb.com/search?q=CVE-2024-34102&referrer=blog] Description: This adds an auxiliary module for an XXE which results in an arbitrary file in Magento which is

2 min Metasploit Weekly Wrapup

Metasploit Weekly Wrap-Up 7/19/2024

A new unauthenticated RCE exploit for GeoServer, plus library and Meterpreter updates and enhancements.

2 min Metasploit

Metasploit Weekly Wrap-Up 07/12/2024

The Usual Suspects This release features two new exploits targeting old friends: Confluence and Ivanti. CVE-2024-21683 [https://attackerkb.com/search?q=CVE-2024-21683&referrer=blog] is a very easy vulnerability to exploit, but as pointed out in the AttackerKB Review [https://attackerkb.com/assessments/5ad314a1-9fd7-47d7-835f-f29680b3961d?referrer=blog] , it requires authentication as a ‘Confluence Administrator.’ On the other hand, CVE-2024-29824 is an unauthenticated SQL Injection in Ivanti End

2 min Metasploit

Metasploit Weekly Wrap-Up 07/05/2024

3 new modules - MOVEit Transfer authentication bypass CVE-2024-5806, Zyxel command injection, and Azure CLI credentials gatherer

2 min Metasploit

Metasploit Weekly Wrap-Up 06/28/2024

Unauthenticated Command Injection in Netis Router This week's Metasploit release includes an exploit module for an unauthenticated command injection vulnerability in the Netis MW5360 router which is being tracked as CVE-2024-22729. The vulnerability stems from improper handling of the password parameter within the router's web interface which allows for command injection. Fortunately for attackers, the router's login page authorization can be bypassed by simply deleting the authorization header,

3 min Metasploit

Metasploit Weekly Wrap-Up 06/21/2024

Argument Injection for PHP on Windows This week includes modules that target file traversal and arbitrary file read vulnerabilities for software such as Apache, SolarWinds and Check Point, with the highlight being a module for the recent PHP vulnerability submitted by sfewer-r7 [https://github.com/sfewer-r7]. This module exploits an argument injection vulnerability, resulting in remote code execution and a Meterpreter shell running in the context of the Administrator user. Note, that this attac

3 min Metasploit

Metasploit Weekly Wrap-Up 06/14/2024

New module content (5) Telerik Report Server Auth Bypass Authors: SinSinology and Spencer McIntyre Type: Auxiliary Pull request: #19242 [https://github.com/rapid7/metasploit-framework/pull/19242] contributed by zeroSteiner [https://github.com/zeroSteiner] Path: scanner/http/telerik_report_server_auth_bypass AttackerKB reference: CVE-2024-4358 [https://attackerkb.com/search?q=CVE-2024-4358?referrer=blog] Description: This adds an exploit for CVE-2024-4358 which is an authentication bypass in Te

2 min Metasploit

Metasploit Weekly Wrap-Up 06/07/2024

New OSX payloads:ARMed and Dangerous In addition to an RCE leveraging CVE-2024-5084 to gain RCE through a WordPress Hash form, this release features the addition of several new binary OSX stageless payloads with aarch64 support: Execute Command, Shell Bind TCP, and Shell Reverse TCP. The new osx/aarch64/shell_bind_tcp payload opens a listening port on the target machine, which allows the attacker to connect to this open port to spawn a command shell using the user provided command using the exe

2 min Metasploit

Metasploit Weekly Wrap-Up 05/31/2024

Quis dīrumpet ipsos dīrumpēs In this release, we feature a double-double: two exploits each targeting two pieces of software. The first pair is from h00die [https://github.com/h00die] targeting the Jasmine Ransomeware Web Server. The first uses CVE-2024-30851 to retrieve the login for the ransomware server, and the second is a directory traversal vulnerability allowing arbitrary file read. The second pair from Dave Yesland of Rhino Security targets Progress Flowmon with CVE-2024-2389 and it pai

3 min Metasploit

Metasploit Weekly Wrap-Up 05/23/2024

Infiltrate the Broadcast! A new module from Chocapikk [https://github.com/Chocapikk] allows the user to perform remote code execution on vulnerable versions of streaming platform AVideo (12.4 - 14.2). The multi/http/avideo_wwbnindex_unauth_rce module leverages CVE-2024-31819 [https://attackerkb.com/topics/y127ezofMQ/cve-2024-31819], a vulnerability to PHP Filter Chaining, to gain unauthenticated and unprivileged access, earning it an attacker value of High on AttackerKB [https://attackerkb.com/t

3 min Metasploit

Metasploit Wrap-Up 05/17/2024

LDAP Authentication Improvements This week, in Metasploit v6.4.9, the team has added multiple improvements for LDAP related attacks. Two improvements relating to authentication is the new support for Signing [https://github.com/rapid7/metasploit-framework/pull/19127] and Channel Binding [https://github.com/rapid7/metasploit-framework/pull/19132]. Microsoft has been making changes [https://support.microsoft.com/en-gb/topic/2020-2023-and-2024-ldap-channel-binding-and-ldap-signing-requirements-for

2 min Metasploit

Metasploit Wrap-Up 05/10/2024

Password Spraying support Multiple bruteforce/login scanner modules have been updated to support a PASSWORD_SPRAY module option. This work was completed in pull request #19079 [https://github.com/rapid7/metasploit-framework/pull/19079] from nrathaus [https://github.com/nrathaus] as well as an additional update from our developers [https://github.com/rapid7/metasploit-framework/pull/19158] . When the password spraying option is set, the order of attempted users and password attempts are changed

2 min Metasploit

Metasploit Weekly Wrap-Up 05/03/24

Dump secrets inline This week, our very own cdelafuente-r7 [https://github.com/cdelafuente-r7] added a significant improvement to the well-known Windows Secrets Dump module [https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/windows_secrets_dump.rb] to reduce the footprint when dumping SAM hashes, LSA secrets and cached credentials. The module is now directly reading the Windows Registry remotely without having to dump the full registry keys to disk and parse th