2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Remote code execution modules for Spring Cloud Function and pfSense, plus bug fixes for the Windows secrets dump module.
3 min
Metasploit
Metasploit Weekly Wrap-Up
The past, present and future of Metasploit
Don't miss Spencer McIntyre's talk on the Help Net Security's blog
[https://www.helpnetsecurity.com/2022/07/20/past-present-future-metasploit-video/]
. Spencer is the Lead Security Researcher at Rapid7 and speaks about how
Metasploit has evolved since its creation back in 2003. He also explains how the
Framework is addressing today's offensive security challenges and how important
is the partnership with the community.
LDAP swiss army knife
This week,
3 min
Metasploit
Metasploit Weekly Wrap-Up
Zyxel firewall unauthenticated command injection
This week, our very own Jake Baines [https://github.com/jbaines-r7] added an
exploit module that leverages CVE-2022-30525
[https://attackerkb.com/topics/LbcysnvxO2/cve-2022-30525?referrer=blog], an
unauthenticated remote command injection vulnerability in Zyxel firewalls with
zero touch provisioning (ZTP) support. Jake is also the author of the original
research and advisory
[https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-f
2 min
Metasploit
Metasploit Wrap-Up
Welcome, Little Hippo: PetitPotam
Our very own @zeroSteiner [https://github.com/zeroSteiner] ported
[https://github.com/rapid7/metasploit-framework/pull/16136] the PetitPotam
[https://github.com/topotam/PetitPotam] exploit to Metasploit this week. This
module leverages CVE-2021-36942
[https://attackerkb.com/topics/TEBmUAfeCs/cve-2021-36942?referrer=blog], a
vulnerability in the Windows Encrypting File System (EFS) API, to capture
machine NTLM hashes. This uses the EfsRpcOpenFileRaw function of t
3 min
Metasploit
Metasploit Wrap-Up
Self-Service Remote Code Execution
This week, our own @wvu-r7 [https://github.com/wvu-r7] added an exploit module
[https://github.com/rapid7/metasploit-framework/pull/15874] that achieves
unauthenticated remote code execution in ManageEngine ADSelfService Plus, a
self-service password management and single sign-on solution for Active
Directory. This new module leverages a REST API authentication bypass
vulnerability identified as CVE-2021-40539
[https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-
5 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
A new SMB server implementation to support capturing NTLM hashes across SMBv2 and SMBv3, even with encrypted SMB traffic. Plus, exploits for eBPF, Git LFS, and Geutebruck IP cameras.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Five new modules, including an exploit for "HiveNightmare" CVE-2021-36934, and new fixes and enhancements.
2 min
Metasploit
Metasploit Wrap-Up
This week's edition: Baron Samedit 'sudo' exploit module, OneDrive sync enumeration, and WP credential gathering via Abandoned Cart plugin.
3 min
Metasploit
Metasploit Wrap-Up
Five new modules, and a reminder for the upcoming CTF
2 min
Metasploit
Metasploit Wrap-Up
Give me your hash
This week, community contributor HynekPetrak [https://github.com/HynekPetrak]
added a new module [https://github.com/rapid7/metasploit-framework/pull/13906]
for dumping passwords and hashes stored as attributes in LDAP servers. It uses
an LDAP connection to retrieve data from an LDAP server and then harvests user
credentials in specific attributes. This module can be used against any kind of
LDAP server with either anonymous or authenticated bind. Particularly, it can be
used
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
This week's release includes a local privilege escalation exploit for VMware Fusion through 11.5.3 on OS X, as well as RCE on Apache Solr and DNN cookie deserialization.
3 min
Metasploit
Metasploit Wrap-Up
Powershell Express Delivery
The web_delivery module
[https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/script/web_delivery.rb]
is often used to deliver a payload during post exploitation by quickly firing up
a local web server. Since it does not write anything on target’s disk, payloads
are less likely to be caught by anti-virus protections. However, since Microsoft
added Antimalware Scan Interface (AMSI)
[https://docs.microsoft.com/en-us/windows/win32/amsi/antim