2018: a new year, new vulns, and endless opportunities to exploit them. The
Metasploit community is kicking off the year with a variety of new content,
functionality, research, and coordinated vulnerability disclosure.
New Year, New Vulns
After a couple months of coordinated disclosure work, long-time Metasploit
contributor Karn Ganeshen [https://twitter.com/juushya] offered up a handful of
modules and a couple mixins for testing wireless routers from Cambium Networks
Metasploit kicked November off to a roaring start with a wholesome dose of RCE,
LPE, command injection, DoS, and more fixes/improvements.
So many file choosers…but which one to choose?
Big ups to @RootUP for the DoS module
[https://github.com/rapid7/metasploit-framework/pull/9060] targeting a
vulnerability in IBM’s Lotus Notes [https://en.wikipedia.org/wiki/IBM_Notes]
client (CVE-2017-1130). The DoS module targets the web interface via malicious
Integrating InsightVM [https://www.rapid7.com/products/insightvm/] or Nexpose
[https://www.rapid7.com/products/nexpose/] (Rapid7's vulnerability management
solutions [https://www.rapid7.com/solutions/vulnerability-management/]) with
Metasploit [https://www.rapid7.com/products/metasploit/] (our penetration
testing solution [https://www.rapid7.com/solutions/penetration-testing/]) is a
lot like Cupid playing “matchmaker” with vulnerabilities and exploit modules