Posts by Alan David Foster

13 min Metasploit

Metasploit Framework 6.3 Released

Metasploit Framework 6.3 is now available. New features include native Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats.

3 min Metasploit

Metasploit Weekly Wrap-Up

ADCS - ESC Vulnerable certificate template finder Our very own Grant Willcox has developed a new module which allows users to query a LDAP server for vulnerable Active Directory Certificate Services (AD CS) certificate templates. The module will print the detected certificate details, and the attack it is susceptible to. This module is capable of checking for ESC1, ESC2, and ESC3 vulnerable certificates. Example module output showing an identified vulnerable certificate template: msf6 auxiliar
3 min Metasploit

Metasploit Wrap-Up

Advantech iView NetworkServlet Command Injection This week Shelby Pace [https://github.com/space-r7] has developed a new exploit module for CVE-2022-2143 [https://attackerkb.com/topics/XYFOEYsgKa/cve-2022-2143?referrer=blog]. This module uses an unauthenticated command injection vulnerability to gain remote code execution against vulnerable versions of Advantech iView software below 5.7.04.6469. The software runs as NT AUTHORITY\SYSTEM, granting the module user unauthenticated privileged access
9 min Metasploit

Announcing Metasploit 6.2

Metasploit 6.2.0 has been released, marking another milestone that includes new modules, features, improvements, and bug fixes.
4 min Metasploit

Metasploit Weekly Wrap-Up

PetitPotam Improvements Metasploit’s Ruby support has been updated to allow anonymous authentication to SMB servers. This is notably useful while exploiting the PetitPotam vulnerability with Metasploit, which can be used to coerce a Domain Controller to send an authentication attempt over SMB to other machines via MS-EFSRPC methods: msf6 auxiliary(scanner/dcerpc/petitpotam) > run 192.168.159.10 [*] 192.168.159.10:445 - Binding to c681d488-d850-11d0-8c52-00c04fd90f7e:1.0@ncacn_np:192.168.159
3 min Metasploit

Metasploit Wrap-Up

Three new exploit modules, and an update for Windows 11 support
1 min Metasploit

Metasploit Weekly Wrap-Up

CVE-2022-22963 - Spring Cloud Function SpEL RCE A new exploit/multi/http/spring_cloud_function_spel_injection module has been developed by our very own Spencer McIntyre [https://github.com/smcintyre-r7] which targets Spring Cloud Function versions Prior to 3.1.7 and 3.2.3. This module is unrelated to Spring4Shell CVE-2022-22965 [https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/] , which is a separate vulnerability in the WebDataBinder component
3 min Metasploit

Metasploit Weekly Wrap-Up

CVE-2022-21999 - SpoolFool Our very own Shelby Pace [https://github.com/space-r7] has added a new module for the CVE-2022-21999 SpoolFool privilege escalation vulnerability [https://attackerkb.com/topics/vFYqO85asS/cve-2022-21999?referrer=blog]. This escalation vulnerability can be leveraged to achieve code execution as SYSTEM. This new module has successfully been tested on Windows 10 (10.0 Build 19044) and Windows Server 2019 v1809 (Build 17763.1577). CVE-2021-4191 - Gitlab GraphQL API User E
3 min Metasploit

Metasploit Wrap-Up

A new Log4Shell / Log4j scanner module for Metasploit, a new WordPress module, and multiple enhancements and bug fixes
4 min Metasploit

Metasploit Wrap-Up

Four new modules, including Microsoft OMI local privilege escalation, and a Win32k local privilege escalation module for CVE-2021-40449, impacting Windows 10 x64 build 14393 and 17763
3 min Metasploit

Easier URI Targeting With Metasploit Framework

Streamline your Metasploit with Metasploit 6.1.4's new support for RHOST URI values
3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Four new modules, with improvements to Eternal Blue support, and AmSi 0BfuSc@t!on for Powershell payloads
3 min Metasploit

Metasploit Wrap-Up

In the spirit of cool module content, there's a new SMBGhost RCE module, plus a hefty set of enhancements and fixes!
3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

New session validation enhancements across command shell types verify sessions have been established and are responsive before they can be used. Plus, JSON RPC service improvements, three new modules, and more fixes and enhancements.
3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Commemorating the 2020 December Metasploit community CTF A new commemorative banner has been added to the Metasploit console to celebrate the teams that participated in the 2020 December Metasploit community CTF [/2020/12/07/congrats-to-the-winners-of-the-2020-december-metasploit-community-ctf/] and achieved 100 or more points: If you missed out on participating in this most recent event, be sure to follow the Metasploit Twitter [https://twitter.com/metasploit] and Metasploit blog posts [/ta

Popular Topics

Tags