3 min
Metasploit
Metasploit Weekly Wrap-Up
FortiNAC EITW Content Added
Whilst we did have a few cool new modules added this week, one particularly
interesting one was a Fortinet FortiNAC vulnerability, CVE-2022-39952
[https://attackerkb.com/topics/9BvxYuiHYJ/cve-2022-39952?referrer=blog], that
was added in by team member Jack Heysel. This module exploits an unauthenticated
RCE in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through
9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0
through 8.5.4,
5 min
Metasploit
Metasploit Weekly Wrap-Up
Bofloader - Windows Meterpreter Gets Beacon Object File Loader Support
This week brings a new and frequently requested feature to the Windows
Meterpreter, the Beacon Object File loader. This new extension, bofloader,
allows for users to execute Beacon Object Files as written for either Cobalt
Strike or Sliver. This extension was provided by a group effort among community
members kev169 [https://github.com/kev169], GuhnooPlusLinux
[https://twitter.com/GuhnooPlusLinux], R0wdyJoe [https://twitter.c
3 min
Metasploit
Metasploit Weekly Wrap-Up
JBOSS EAP/AS - More Deserializations? Indeed!
Community contributor Heyder Andrade [https://github.com/heyder] added in a new
module for a Java deserialization vulnerability in JBOSS EAP/AS Remoting Unified
Invoker interface for versions 6.1.0 and prior. As far as we can tell this was
first disclosed by Joao Matos [https://github.com/joaomatosf] in his paper at
AlligatorCon
[https://s3.amazonaws.com/files.joaomatosf.com/slides/alligator_slides.pdf].
Later a PoC from Marcio Almeida [https://twit
2 min
Metasploit
Metasploit Weekly Wrap-Up
SAMR Auxiliary Module
A new SAMR auxiliary module has been added that allows users to add, lookup, and
delete computer accounts from an AD domain. This should be useful for pentesters
on engagements who need to create an AD account to gain an initial foothold into
the domain for lateral movement attacks, or who need to use this functionality
as an attack primitive.
Note when using this module that there is a standard number of computers a user
can add, so be wary that you may get STATUS_DS_MACH
2 min
Metasploit
Metasploit Weekly Wrap-Up
vCenter Secret Extracter
Expanding on the work of the vcenter_forge_saml_token auxiliary module,
community contributor npm-cesium137-io [https://github.com/npm-cesium137-io] has
added a new module for extracting the vmdir/vmafd certificates, the IdP keypair,
the VMCA root cert, and anything from vmafd that has a private key associated,
from an offline copy of the services database. This information can then be used
with the vcenter_forge_saml_token module to gain a session cookie that grants
acc
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
A new NOP module, improvements to RPC functionality and PHP Meterpreter, and WordPress and Cisco RV exploits.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Modules for Apache Server, Sophos UTM, the OMIgod RCE, and more. Plus, support for reverse port forwarding via established SSH sessions.
4 min
Metasploit
Metasploit Wrap-Up
Now I Control Your Resource Planning Servers
Sage X3 is a resource planning product designed by Sage Group which is designed
to help established businesses plan out their business operations. But what if
you wanted to do more than just manage resources? What if you wanted to hijack
the resource server itself? Well wait no more, as thanks to the work of Aaron
Herndon [https://www.linkedin.com/in/aaron-herndon-54079b5a/], Jonathan Peterson
[https://www.linkedin.com/in/jonathan-p-004b76a1/], Will
5 min
Metasploit
Metasploit Wrap-Up
New modules for Nagios, Chrome, and Haserl targets, and also many improvements and fixes!
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Exploits for Oracle Solaris CVE-2020-14871 and Windows 7 CVE-2020-1054, plus enhancements and bug fixes for Railgun and msfdb init. Happy HaXmas!
3 min
Metasploit
Metasploit Wrap-Up
SharePoint DataSet/DataTable deserialization
First up we have an exploit from Spencer McIntyre (@zeroSteiner) for
CVE-2020-1147
[https://attackerkb.com/topics/HgtakVczYd/cve-2020-1147?referrer=blog], a
deserialization vulnerability in SharePoint instances that was patched by
Microsoft on July 14th 2020 and which has been getting quite a bit of attention
in the news lately. This module
[https://github.com/rapid7/metasploit-framework/pull/13920] utilizes Steven
Seeley (@stevenseeley)'s writeup al
5 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Nine new modules, including three IBM Data Risk Manager exploits, a couple Windows privilege elevation modules, and a .NET deserialization exploit for Veeam ONE Agent. Plus, a new .NET deserialization tool that allows users to generate serialized payloads in the vein of YSoSerial.NET.