Posts by Grant Willcox

4 min Metasploit

Metasploit Weekly Wrap-Up: Jun. 7, 2023

Metasploit adds new support for Amazon Web Services EC2 instance enumeration with integrated session support, Apache NiFi scanners, and more

3 min Metasploit

Metasploit Weekly Wrap-Up: 3/17/23

FortiNAC EITW Content Added Whilst we did have a few cool new modules added this week, one particularly interesting one was a Fortinet FortiNAC vulnerability, CVE-2022-39952 [], that was added in by team member Jack Heysel. This module exploits an unauthenticated RCE in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4,

5 min Metasploit

Metasploit Weekly Wrap-Up: Oct. 7, 2022

Bofloader - Windows Meterpreter Gets Beacon Object File Loader Support This week brings a new and frequently requested feature to the Windows Meterpreter, the Beacon Object File loader. This new extension, bofloader, allows for users to execute Beacon Object Files as written for either Cobalt Strike or Sliver. This extension was provided by a group effort among community members kev169 [], GuhnooPlusLinux [], R0wdyJoe [https://twitter.c

3 min Metasploit

Metasploit Weekly Wrap-Up: Jul 15, 2022

JBOSS EAP/AS - More Deserializations? Indeed! Community contributor Heyder Andrade [] added in a new module for a Java deserialization vulnerability in JBOSS EAP/AS Remoting Unified Invoker interface for versions 6.1.0 and prior. As far as we can tell this was first disclosed by Joao Matos [] in his paper at AlligatorCon []. Later a PoC from Marcio Almeida [https://twit

2 min Metasploit

Metasploit Weekly Wrap-Up: Jul. 1, 2022

SAMR Auxiliary Module A new SAMR auxiliary module has been added that allows users to add, lookup, and delete computer accounts from an AD domain. This should be useful for pentesters on engagements who need to create an AD account to gain an initial foothold into the domain for lateral movement attacks, or who need to use this functionality as an attack primitive. Note when using this module that there is a standard number of computers a user can add, so be wary that you may get STATUS_DS_MACH

2 min Metasploit

Metasploit Weekly Wrap-Up: Jun. 17, 2022

vCenter Secret Extracter Expanding on the work of the vcenter_forge_saml_token auxiliary module, community contributor npm-cesium137-io [] has added a new module for extracting the vmdir/vmafd certificates, the IdP keypair, the VMCA root cert, and anything from vmafd that has a private key associated, from an offline copy of the services database. This information can then be used with the vcenter_forge_saml_token module to gain a session cookie that grants acc

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: Feb. 4, 2022

A new NOP module, improvements to RPC functionality and PHP Meterpreter, and WordPress and Cisco RV exploits.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: Oct. 29, 2021

Modules for Apache Server, Sophos UTM, the OMIgod RCE, and more. Plus, support for reverse port forwarding via established SSH sessions.

4 min Metasploit

Metasploit Wrap-Up: Jul. 23, 2021

Now I Control Your Resource Planning Servers Sage X3 is a resource planning product designed by Sage Group which is designed to help established businesses plan out their business operations. But what if you wanted to do more than just manage resources? What if you wanted to hijack the resource server itself? Well wait no more, as thanks to the work of Aaron Herndon [], Jonathan Peterson [], Will

5 min Metasploit

Metasploit Wrap-Up: Apr. 16, 2021

New modules for Nagios, Chrome, and Haserl targets, and also many improvements and fixes!

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 12/18/20

Exploits for Oracle Solaris CVE-2020-14871 and Windows 7 CVE-2020-1054, plus enhancements and bug fixes for Railgun and msfdb init. Happy HaXmas!

3 min Metasploit

Metasploit Wrap-Up - July 31, 2020

SharePoint DataSet/DataTable deserialization First up we have an exploit from Spencer McIntyre (@zeroSteiner) for CVE-2020-1147 [], a deserialization vulnerability in SharePoint instances that was patched by Microsoft on July 14th 2020 and which has been getting quite a bit of attention in the news lately. This module [] utilizes Steven Seeley (@stevenseeley)'s writeup al

5 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: May 8, 2020

Nine new modules, including three IBM Data Risk Manager exploits, a couple Windows privilege elevation modules, and a .NET deserialization exploit for Veeam ONE Agent. Plus, a new .NET deserialization tool that allows users to generate serialized payloads in the vein of YSoSerial.NET.