2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 7/19/19
RCE with a Key
An exploit module [https://github.com/rapid7/metasploit-framework/pull/12062]
for Laravel Framework was submitted by community contributor aushack
[https://github.com/aushack]. The module targets an insecure unserialize call
with the X-XSRF-TOKEN HTTP request header, which was discovered by Ståle
Pettersen. Since the exploit requires the Laravel APP_KEY to reach the
vulnerable unserialize call, aushack included information leak
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 4/12/19
WordPress RCE
tiyeuse [https://github.com/tiyeuse] submitted a Metasploit module
[https://github.com/rapid7/metasploit-framework/pull/11587] for an authenticated
remote code execution vulnerability in WordPress, which was described in a blog
post by RIPS Technology [https://www.sonarsource.com/blog/]. After
authenticating as a user with at least author privileges, the module starts by
uploading an image file with PHP code that will be used later. Then the image
metadata that references the file
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 1/12/19
MSF 5 in the wild
We announced the release
[https://www.rapid7.com/blog/post/2019/01/10/metasploit-framework-5-0-released/]
of Metasploit Framework 5.0 this week. It’s Metasploit’s first major version
release since 2011, and it includes lots of good stuff the team has been working
on for the past year-plus. It will be packaged and integrated into your favorite
software distributions over the next few months; until then, you can get MSF 5
by checking out the 5.0.0 tag
[https://github.com/rapid7/
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 10/5/18
Metasploit’s Brent Cook, Adam Cammack, Aaron Soto, and Cody Pierce are offering themselves up to the crowds at this year’s fourth annual Metasploit Town Hall at Derbycon.
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 7/20/18
Privilege Escalation
Linux BPF
CVE-2017-16995 [https://nvd.nist.gov/vuln/detail/CVE-2017-16995] is a Linux
kernel vulnerability in the way that a Berkeley Packet Filter (BPF) is verified.
Multiple sign extension bugs allows memory corruption by unprivileged users,
which could be used for a local privilege escalation attack by overwriting a
credential structure in memory to gain root access to a compromised host. The
bpf_sign_extension_priv_esc module
[https://github.com/rapid7/metasploit-framew
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 5/11/18
Chaining Vulnerabilities
Philip Pettersson discovered vulnerabilities in certain PAN OS versions
[http://seclists.org/fulldisclosure/2017/Dec/38] that could lead to remote code
execution and hdm wrote a Metasploit module for the exploit chain
[https://github.com/rapid7/metasploit-framework/pull/9980]. The exploit chain
starts off with an authentication bypass, which allows the module to access a
page that is vulnerable to an XML injection. This page is then used to create a
directory where a pay
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 4/13/18
What's Your Favorite Security Site?
When you are browsing sites on the Internet, you may notice some sites
[http://www.irongeek.com/] will include your public IP address on their pages.
But what if you came across a site that also showed your IP address from your
private network range
[https://media.giphy.com/media/3otPoDVeyxTT1jIKqc/giphy.gif]? This might be a
little worrying [https://media.giphy.com/media/xhaHU2l56OSYM/giphy.gif], but
before you run off you check to make sure the coast is cle
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup 2/23/18
More Servers Please
A new module [https://github.com/rapid7/metasploit-framework/pull/9441] by Pedro
Ribeiro combines vulnerabilities for certain firmware versions of AsusWRT, which
allows an unauthenticated user to enable a special command mode on the device.
When the command mode is enabled, the device spins up infosvr on UDP port 9999.
The great thing about infosvr is that you can construct UDP packets to have it
execute commands on your behalf…. as root.
Back in Windows Land
In case your