Posts by Adam Galway

3 min Metasploit

Metasploit Wrap-Up

New Emby version scanner, IPFire authenticated RCE, HashiCorp Nomad RCE, Microsoft SharePoint unsafe control and ViewState RCE.

4 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

GSoC Rocks! In a rare double whammy, one of our 2020 Google Summer of Code (GSoC) participants has authored a PR containing both enhancements & a new module [https://github.com/rapid7/metasploit-framework/pull/14067]! Improvements to our SQL injection library now allow PostgreSQL injection, and this new functionality has been verified with both a test module AND a fully functioning module exploiting CVE-2019-13375 [https://attackerkb.com/topics/n3vokFNBje/cve-2019-13375?referrer=blog], a (Postgr

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

This installment includes a new MicroFocus RCE module, an updated Microsoft Exchange patch bypass, and items without 'Micro' in the title, too!

3 min Metasploit

Metasploit Wrap-Up

Six new modules this week, and a good group of enhancements and fixes!

2 min Metasploit

Metasploit Wrap-Up

Bad WebLogic Our own Shelby Pace [https://github.com/space-r7] authored an exploit taking advantage of a Java object deserialization vulnerability in multiple different versions of WebLogic. The new module has been tested with versions v12.1.3.0.0, v12.2.1.3.0, and v12.2.1.4.0 of WebLogic and allows remote code execution through the of sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable WebLogic servers. Cram it in your Pi-Hole As the incredibly origina

3 min Metasploit

Metasploit Wrap-up

Transgressive Traversal Contributor Dhiraj Mishra [https://github.com/RootUp] authored a neat Directory Traversal module [https://github.com/rapid7/metasploit-framework/pull/12773] targeted at NVMS-1000 Network Surveillance Management Software developed by TVT Digital Technology. Permitting the arbitrary downloading of files stored on a machine running compromised software [https://www.exploit-db.com/exploits/47774] , this module becomes all the more attractive when you consider it's providing