3 min
Metasploit
Metasploit Weekly Wrap-Up 04/05/2024
New ESC4 Templates for AD CS
Metasploit added capabilities
[https://docs.metasploit.com/docs/pentesting/active-directory/ad-certificates/attacking-ad-cs-esc-vulnerabilities.html]
for exploiting the ESC family of flaws in AD CS in Metasploit 6.3. The ESC4
technique in particular has been supported for some time now thanks to the
ad_cs_cert_templates module which enables users to read and write certificate
template objects. This facilitates the exploitation of ESC4 which is a
misconfiguration in
5 min
Metasploit
Metasploit Weekly Wrap-Up 01/26/24
Direct Syscalls Support for Windows Meterpreter
Direct system calls are a well-known technique that is often used to bypass
EDR/AV detection. This technique is particularly useful when dynamic analysis is
performed, where the security software monitors every process on the system to
detect any suspicious activity. One common way to do so is to add user-land
hooks on Win32 API calls, especially those commonly used by malware. Direct
syscalls are a way to run system calls directly and enter kernel
3 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 29, 2023
TeamCity authentication bypass and remote code execution
This week’s Metasploit release includes a new module for a critical
authentication bypass in JetBrains TeamCity CI/CD Server. All versions of
TeamCity prior to version 2023.05.4 are vulnerable to this issue. The
vulnerability was originally discovered by SonarSource, and the Metasploit
module was developed by Rapid7’s Principal Security Researcher Stephen Fewer who
additionally published a technical analysis on AttackerKB for CVE-2023-4279
5 min
Metasploit
Metasploit Weekly Wrap-Up: Jun. 16, 2023
Metasploit T-Shirt Design Contest
In honor of Metasploit's 20th anniversary, Rapid7 is launching special edition
t-shirts - and we're inviting members of our community to have a hand in its
creation. The contest winner will have their design featured on the shirts,
which will then be available to pick up at Black Hat 2023.
We will be accepting submissions from now through June 30! Contest details,
design guidelines, and submission instructions here
[https://docs.google.com/forms/d/e/1FAIpQLSeWU
4 min
Metasploit
Metasploit Wrap-Up: May 12, 2023
New modules for Zyxel Router RCE, Pentaho Business Server Auth Bypass, ManageEngine ADAudit authenticated file write RCE, and HTTPTrace functionality added to scanner modules
7 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 31, 2023
5 new modules including Windows 11 WinSock Priv Esc, SolarWinds Information Service (SWIS) RCE and AMQP Support
13 min
Metasploit
Metasploit Framework 6.3 Released
Metasploit Framework 6.3 is now available. New features include native Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats.
3 min
Metasploit
Metasploit Weekly Wrap-Up: 11/11/22
ADCS - ESC Vulnerable certificate template finder
Our very own Grant Willcox has developed a new module which allows users to
query a LDAP server for vulnerable Active Directory Certificate Services (AD CS)
certificate templates. The module will print the detected certificate details,
and the attack it is susceptible to. This module is capable of checking for
ESC1, ESC2, and ESC3 vulnerable certificates.
Example module output showing an identified vulnerable certificate template:
msf6 auxiliar
3 min
Metasploit
Metasploit Wrap-Up: 8/19/22
Advantech iView NetworkServlet Command Injection
This week Shelby Pace [https://github.com/space-r7] has developed a new exploit
module for CVE-2022-2143
[https://attackerkb.com/topics/XYFOEYsgKa/cve-2022-2143?referrer=blog]. This
module uses an unauthenticated command injection vulnerability to gain remote
code execution against vulnerable versions of Advantech iView software below
5.7.04.6469. The software runs as NT AUTHORITY\SYSTEM, granting the module user
unauthenticated privileged access
9 min
Metasploit
Announcing Metasploit 6.2
Metasploit 6.2.0 has been released, marking another milestone that includes new modules, features, improvements, and bug fixes.
4 min
Metasploit
Metasploit Weekly Wrap-Up: 5/27/22
PetitPotam Improvements
Metasploit’s Ruby support has been updated to allow anonymous authentication to
SMB servers. This is notably useful while exploiting the PetitPotam
vulnerability with Metasploit, which can be used to coerce a Domain Controller
to send an authentication attempt over SMB to other machines via MS-EFSRPC
methods:
msf6 auxiliary(scanner/dcerpc/petitpotam) > run 192.168.159.10
[*] 192.168.159.10:445 - Binding to c681d488-d850-11d0-8c52-00c04fd90f7e:1.0@ncacn_np:192.168.159
3 min
Metasploit
Metasploit Wrap-Up: May 6, 2022
Three new exploit modules, and an update for Windows 11 support
1 min
Metasploit
Metasploit Weekly Wrap-Up: 4/1/22
CVE-2022-22963 - Spring Cloud Function SpEL RCE
A new exploit/multi/http/spring_cloud_function_spel_injection module has been
developed by our very own Spencer McIntyre [https://github.com/smcintyre-r7]
which targets Spring Cloud Function versions Prior to 3.1.7 and 3.2.3. This
module is unrelated to Spring4Shell CVE-2022-22965
[https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/]
, which is a separate vulnerability in the WebDataBinder component
3 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 18, 2022
CVE-2022-21999 - SpoolFool
Our very own Shelby Pace [https://github.com/space-r7] has added a new module
for the CVE-2022-21999 SpoolFool privilege escalation vulnerability
[https://attackerkb.com/topics/vFYqO85asS/cve-2022-21999?referrer=blog]. This
escalation vulnerability can be leveraged to achieve code execution as SYSTEM.
This new module has successfully been tested on Windows 10 (10.0 Build 19044)
and Windows Server 2019 v1809 (Build 17763.1577).
CVE-2021-4191 - Gitlab GraphQL API User E
3 min
Metasploit
Metasploit Wrap-Up: Dec. 17, 2021
A new Log4Shell / Log4j scanner module for Metasploit, a new WordPress module, and multiple enhancements and bug fixes