Posts by Dev Mohanty

3 min Metasploit Weekly Wrapup

Metasploit Wrapup

2018: a new year, new vulns, and endless opportunities to exploit them. The Metasploit community is kicking off the year with a variety of new content, functionality, research, and coordinated vulnerability disclosure. New Year, New Vulns After a couple months of coordinated disclosure work, long-time Metasploit contributor Karn Ganeshen [https://twitter.com/juushya] offered up a handful of modules and a couple mixins for testing wireless routers from Cambium Networks [https://www.cambiumnetwor

2 min Metasploit Weekly Wrapup

Metasploit Wrapup

Metasploit kicked November off to a roaring start with a wholesome dose of RCE, LPE, command injection, DoS, and more fixes/improvements. So many file choosers…but which one to choose? Big ups to @RootUP for the DoS module [https://github.com/rapid7/metasploit-framework/pull/9060] targeting a vulnerability in IBM’s Lotus Notes [https://en.wikipedia.org/wiki/IBM_Notes] client (CVE-2017-1130). The DoS module targets the web interface via malicious JavaScript (😱). An enterprising ‘sploiter can s

3 min Metasploit

Exploitable Vulnerabilities: A Metasploit-Vulnerability Management Love Story

Integrating InsightVM [https://www.rapid7.com/products/insightvm/] or Nexpose [https://www.rapid7.com/products/nexpose/] (Rapid7's vulnerability management solutions [https://www.rapid7.com/solutions/vulnerability-management/]) with Metasploit [https://www.rapid7.com/products/metasploit/] (our penetration testing solution [https://www.rapid7.com/solutions/penetration-testing/]) is a lot like Cupid playing “matchmaker” with vulnerabilities and exploit modules [https://www.rapid7.com/fundamentals