Posts by Alan David Foster

9 min Metasploit

Announcing Metasploit 6.2

Metasploit 6.2.0 has been released, marking another milestone that includes new modules, features, improvements, and bug fixes.

4 min Metasploit

Metasploit Weekly Wrap-Up

PetitPotam Improvements Metasploit’s Ruby support has been updated to allow anonymous authentication to SMB servers. This is notably useful while exploiting the PetitPotam vulnerability with Metasploit, which can be used to coerce a Domain Controller to send an authentication attempt over SMB to other machines via MS-EFSRPC methods: msf6 auxiliary(scanner/dcerpc/petitpotam) > run 192.168.159.10 [*] 192.168.159.10:445 - Binding to c681d488-d850-11d0-8c52-00c04fd90f7e:1.0@ncacn_np:192.168.159

3 min Metasploit

Metasploit Wrap-Up

Three new exploit modules, and an update for Windows 11 support

1 min Metasploit

Metasploit Weekly Wrap-Up

CVE-2022-22963 - Spring Cloud Function SpEL RCE A new exploit/multi/http/spring_cloud_function_spel_injection module has been developed by our very own Spencer McIntyre [https://github.com/smcintyre-r7] which targets Spring Cloud Function versions Prior to 3.1.7 and 3.2.3. This module is unrelated to Spring4Shell CVE-2022-22965 [https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/] , which is a separate vulnerability in the WebDataBinder component

3 min Metasploit

Metasploit Weekly Wrap-Up

CVE-2022-21999 - SpoolFool Our very own Shelby Pace [https://github.com/space-r7] has added a new module for the CVE-2022-21999 SpoolFool privilege escalation vulnerability [https://attackerkb.com/topics/vFYqO85asS/cve-2022-21999?referrer=blog]. This escalation vulnerability can be leveraged to achieve code execution as SYSTEM. This new module has successfully been tested on Windows 10 (10.0 Build 19044) and Windows Server 2019 v1809 (Build 17763.1577). CVE-2021-4191 - Gitlab GraphQL API User E

3 min Metasploit

Metasploit Wrap-Up

A new Log4Shell / Log4j scanner module for Metasploit, a new WordPress module, and multiple enhancements and bug fixes

4 min Metasploit

Metasploit Wrap-Up

Four new modules, including Microsoft OMI local privilege escalation, and a Win32k local privilege escalation module for CVE-2021-40449, impacting Windows 10 x64 build 14393 and 17763

3 min Metasploit

Easier URI Targeting With Metasploit Framework

Streamline your Metasploit with Metasploit 6.1.4's new support for RHOST URI values

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Four new modules, with improvements to Eternal Blue support, and AmSi 0BfuSc@t!on for Powershell payloads

3 min Metasploit

Metasploit Wrap-Up

In the spirit of cool module content, there's a new SMBGhost RCE module, plus a hefty set of enhancements and fixes!

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

New session validation enhancements across command shell types verify sessions have been established and are responsive before they can be used. Plus, JSON RPC service improvements, three new modules, and more fixes and enhancements.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Commemorating the 2020 December Metasploit community CTF A new commemorative banner has been added to the Metasploit console to celebrate the teams that participated in the 2020 December Metasploit community CTF [/2020/12/07/congrats-to-the-winners-of-the-2020-december-metasploit-community-ctf/] and achieved 100 or more points: If you missed out on participating in this most recent event, be sure to follow the Metasploit Twitter [https://twitter.com/metasploit] and Metasploit blog posts [/ta

8 min Haxmas

Metasploit Tips and Tricks for HaXmas 2020

For this year's HaXmas, we're giving the gift of Metasploit knowledge!

3 min Metasploit

Congrats to the winners of the 2020 December Metasploit community CTF

Thank you all that participated in the 2020 December Metasploit community CTF [/2020/11/19/announcing-the-2020-december-metasploit-community-ctf/]! The four day CTF was well received by the community, with 874 teams and 1903 users registered! We’ve included the high-level stats and the competition winners below. If you played the CTF and want to let the Metasploit team know which challenges you found exhilarating, interesting, or infuriating (in a good way, of course), we have a feedback survey

7 min Metasploit

Announcing the 2020 December Metasploit community CTF

It’s time for another Metasploit community CTF! This time around we’re doing a few things differently. Read on for details.