Posts by Christophe De La Fuente

2 min Metasploit

Metasploit Weekly Wrap-Up 05/03/24

Dump secrets inline This week, our very own cdelafuente-r7 [] added a significant improvement to the well-known Windows Secrets Dump module [] to reduce the footprint when dumping SAM hashes, LSA secrets and cached credentials. The module is now directly reading the Windows Registry remotely without having to dump the full registry keys to disk and parse th

2 min Metasploit

Metasploit Weekly Wrap-Up 03/01/2024

Metasploit adds an RCE exploit for ConnectWise ScreenConnect and new documentation for exploiting ESC13.

4 min Metasploit

Metasploit Weekly Wrap-Up: Dec. 1, 2023

Customizable DNS resolution Contributor smashery [] added a new dns command to Metasploit console, which allows the user to customize the behavior of DNS resolution. Similarly to the route command, it is now possible to specify where DNS requests should be sent to avoid any information leak. Before these changes, the Framework was using the default local system configuration. Now, it is possible to specify which DNS server should be queried based on rules that match sp

3 min Metasploit

Metasploit Weekly Wrap-Up: Oct. 13, 2023

Pollution in Kibana This week, contributor h00die [] added a module that leverages a prototype pollution bug in Kibana prior to version 7.6.3. Particularly, this issue is within the Upgrade Assistant and enables an attacker to execute arbitrary code. This vulnerability can be triggered by sending a queries that sets a new constructor.prototype.sourceURL directly to Elastic or by using Kibana to submit the same queries. Note that Kibana needs to be restarted or wait for c

3 min Metasploit

Metasploit Weekly Wrap-Up: July 28, 2023

Unauthenticated RCE in VMware Product This week, community contributor h00die [] added an exploit module that leverages a command injection vulnerability in VMWare Aria Operations for Networks, formerly known as vRealize Network Insight. Versions 6.2 to 6.10 are vulnerable (CVE-2023-20887 []). A remote attacker could abuse the Apache Thrift RPC interface by sending specially crafted data and get unauthe

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 10/14/22

Remote code execution modules for Spring Cloud Function and pfSense, plus bug fixes for the Windows secrets dump module.

3 min Metasploit

Metasploit Weekly Wrap-Up: 7/22/22

The past, present and future of Metasploit Don't miss Spencer McIntyre's talk on the Help Net Security's blog [] . Spencer is the Lead Security Researcher at Rapid7 and speaks about how Metasploit has evolved since its creation back in 2003. He also explains how the Framework is addressing today's offensive security challenges and how important is the partnership with the community. LDAP swiss army knife This week,

3 min Metasploit

Metasploit Weekly Wrap-Up: 5/20/22

Zyxel firewall unauthenticated command injection This week, our very own Jake Baines [] added an exploit module that leverages CVE-2022-30525 [], an unauthenticated remote command injection vulnerability in Zyxel firewalls with zero touch provisioning (ZTP) support. Jake is also the author of the original research and advisory [

2 min Metasploit

Metasploit Wrap-Up: Feb. 11, 2022

Welcome, Little Hippo: PetitPotam Our very own @zeroSteiner [] ported [] the PetitPotam [] exploit to Metasploit this week. This module leverages CVE-2021-36942 [], a vulnerability in the Windows Encrypting File System (EFS) API, to capture machine NTLM hashes. This uses the EfsRpcOpenFileRaw function of t

3 min Metasploit

Metasploit Wrap-Up: Nov. 26 2021

Self-Service Remote Code Execution This week, our own @wvu-r7 added an exploit module [] that achieves unauthenticated remote code execution in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution for Active Directory. This new module leverages a REST API authentication bypass vulnerability identified as CVE-2021-40539 [], where

5 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 9/3/21

A new SMB server implementation to support capturing NTLM hashes across SMBv2 and SMBv3, even with encrypted SMB traffic. Plus, exploits for eBPF, Git LFS, and Geutebruck IP cameras.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 7/30/21

Five new modules, including an exploit for "HiveNightmare" CVE-2021-36934, and new fixes and enhancements.

2 min Metasploit

Metasploit Wrap-Up: Feb. 5, 2021

This week's edition: Baron Samedit 'sudo' exploit module, OneDrive sync enumeration, and WP credential gathering via Abandoned Cart plugin.

3 min Metasploit

Metasploit Wrap-Up 11/27/20

Five new modules, and a reminder for the upcoming CTF

2 min Metasploit

Metasploit Wrap-Up: Aug. 28, 2020

Give me your hash This week, community contributor HynekPetrak [] added a new module [] for dumping passwords and hashes stored as attributes in LDAP servers. It uses an LDAP connection to retrieve data from an LDAP server and then harvests user credentials in specific attributes. This module can be used against any kind of LDAP server with either anonymous or authenticated bind. Particularly, it can be used