Posts by James Barnett

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Three new modules, including a Pwn2Own addition for OS X, plus proxy support for Python Meterpreter, new search improvements, and a reminder of how to report security issues in Metasploit.

2 min Metasploit

Metasploit Wrap-Up

Five new modules, including SaltStack Salt Master root key disclosure and unauthenticated RCE on Salt master and minion. A new Meterpreter fix also ensures correct handling of out-of-order packets in pivoted sessions.

2 min Metasploit

Metasploit Wrap-Up

Silly admin, Citrix is for script kiddies A hot, new module [https://github.com/rapid7/metasploit-framework/pull/12816] has landed in Metasploit Framework this week. It takes advantage of CVE-2019-19781 which is a directory traversal vulnerability in Citrix Application Delivery Controller (ADC) and Gateway. This exploit takes advantage of unsanitized input within the URL structure of one of the API endpoints to access specified directories. Conveniently there is a directory available that house

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Keep on Bluekeepin’ on TomSellers [https://github.com/TomSellers] added a new option to the increasingly useful Bluekeep Scanner module [https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb] that allows execution of a DoS attack when running the module. This adds a new level of effectiveness in proving the severity of this vulnerability. As part of this update, TomSellers [https://github.com/TomSellers] moved and refactored a lot of

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Better persistence options thanks to two new modules for Yum and APT package managers. Plus, new exploits for Rails DoubleTap and Spring Cloud Config.

2 min Metasploit Weekly Wrapup

Metasploit Wrapup

Check Yourself Before You Wreck Yourself Even if you're a pro sleuth who can sniff out a vulnerability on even the most hardened of networks, it's always nice to be have some added validation that your attack is going to be successful. That's why it's always valuable to have a solid "check" method available to verify that you're barking up the right tree. This week bcoles [https://github.com/bcoles] upgraded the UAC check for Windows [https://github.com/rapid7/metasploit-framework/pull/10419] to

2 min Metasploit Weekly Wrapup

Metasploit Wrapup

Upgrade Your SOCKS Thanks to zeroSteiner [https://github.com/zeroSteiner], we have some very nice additions to the SOCKS5 library this week. His changes enabled BIND connections through the SOCKS5 proxy [https://github.com/rapid7/metasploit-framework/pull/9990], improved automated testing around the code, and broke it up into more manageable, targeted submodules. Now that Trevor’s dying wish [https://twitter.com/Bandrel/status/912312568055771137] has been fulfilled, the team can finally leave