2 min
Metasploit
Metasploit Weekly Wrap-Up
Ask and you may receive
Module suggestions [https://github.com/rapid7/metasploit-framework/issues/16522]
for the win, this week we see a new module written by jheysel-r7
[https://github.com/jheysel-r7] based on CVE-2022-26352
[https://attackerkb.com/topics/7i5Uf6JNl0/cve-2022-26352?referrer=blog] that
happens to have been suggested by jvoisin [https://github.com/jvoisin] in the
issue queue last month. This module targets an arbitrary file upload in dotCMS
[https://github.com/dotCMS/core.git] ve
5 min
Metasploit
Metasploit Weekly Wrap-Up
Mucking out the pipes.
Thanks to some quick work by timwr [https://github.com/timwr], CVE-2022-0847
[https://attackerkb.com/topics/UwW7SVPaPv/cve-2022-0847?referrer=blog] aka
"Dirty Pipe" gives Metasploit a bit of digital plumber's training. The exploit
targeting modern Linux v5 kernels helps elevate user privileges by overwriting a
SUID binary of your choice by plunging some payload gold through a pipe.
Long live the SMB relay!
SMB, that magical ubiquitous service making all that noise on netw
2 min
Metasploit
Metasploit Wrap-Up
Word and Javascript are a rare duo.
Thanks to thesunRider [https://github.com/thesunRider]. you too can experience
the wonder of this mystical duo. The sole new metasploit module this release
adds a file format attack to generate a very special document. By utilizing
Javascript embedded in a Word document to trigger a chain of events that slip
through various Windows facilities, a session as the user who opened the
document can be yours.
Do you like spiders?
It has been 3 years since SMB2 suppo
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
New modules for Lucee Administrator and ProxyShell, which targets on-premises Microsoft Exchange servers. Plus, tons of enhancements and fixes!
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Updates to how modules interact with cookies, plus exploits for macOS Gatekeeper and DjVu ANT and a whole lot of fixes and enhancements.
4 min
Metasploit
Metasploit Wrap-Up
Flink targeting, process herpaderping, and more in this week's Metasploit wrap-up!
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
A bug fix for EternalBlue on Metasploit 6, four new modules, and a bunch of enhancements.
2 min
Metasploit
Metasploit Wrap-Up
Who watches the watchers?
If you are checking up on an organization using Trend Micro Web Security, it
might be you. A new module this week takes advantage of a chain of
vulnerabilities to give everyone (read unauthenticated users) a chance to decide
what threats the network might let slip through.
Following the trend, what about watchers that are not supposed to be there?
Agent Tesla Panel is a fun little trojan (not to be found zipping around on our
highways and byways) which now offers, agai
2 min
Metasploit
Metasploit Wrap-Up
Is URGENT/11 urgent to your world? Metasploit now has a scanner module to help
find the systems that need URGENT attention. Be sure
to check the options on this one; RPORTS is a list to test multiple services on
each target. Thanks Ben Seri [https://twitter.com/benseri87] for the PoC that
lead off this work.
Everyone likes creds, a new post module
[https://github.com/rapid7/metasploit-framework/pull/12462] landed this week
from Taeber Rapczak [https://github.com/taeber] that brings back credent
1 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
First!!
Congrats to Nick Tyrer [https://github.com/NickTyrer] for the first community
contibuted evasion module to land in master. Nick's
evasion/windows/applocker_evasion_install_util module
[https://github.com/rapid7/metasploit-framework/pull/11795] leverages the
trusted InstallUtil.exe binary to execute user supplied code and evade
application whitelisting.
New modules (4)
* WP Database Backup RCE
[https://github.com/rapid7/metasploit-framework/pull/12010] by Mikey
Veenstra
/ Wordf
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
A more useful use command
From among the many musings of longtime contributor/team member Brent Cook
[https://github.com/busterb], in a combined effort with the ever-present wvu
[https://github.com/wvu-r7], the use command has become so much more useful. PR
11724 [https://github.com/rapid7/metasploit-framework/pull/11724] takes new
functionality [https://github.com/rapid7/metasploit-framework/pull/11652] from
search -u one step further by automatically appying it when use is called with a
uniq
1 min
Metasploit
Metasploit Wrapup
This week, phra offers up a new potato dish to make privilege escalation in Windows just a bit tastier.
1 min
Metasploit
Metasploit Wrapup
New Modules
Exploit modules (3 new)
* Nagios XI Chained Remote Code Execution
[https://www.rapid7.com/db/modules/exploit/linux/http/nagios_xi_chained_rce_2_electric_boogaloo]
by Benny Husted [https://github.com/BennyHusted], Cale Smith
[https://github.com/caleBot], and Jared Arave
[https://www.exploit-db.com/author/?a=9106], which exploits CVE-2018-8736.
Monitor this series of unfortunate events all the way to magical shells.
* Boxoft WAV to MP3 Converter v1.1 Buffer Overflow
1 min
Combining controls on servers to reduce attack surface area
Server coverage in ControlsInsight
[http://www.rapid7.com/products/controls-insight/] provides organizations with a
new way to surface how well Windows Servers are configured to protect against
known tactics that an attacker may use to infiltrate a network. One interesting
way this information can help an organization improve its security posture is by
presenting visibility into what systems are executing services at high privilege
levels. By monitoring the coverage for the "Service processes r
2 min
Gleaning value from the ControlsInsight executive report
The Executive Report in ControlsInsight helps users understand the value of
applying assessed security controls so that they can improve their security
posture as reflected in the overall defense grade.
Current Status
The first section of the report starts out by highlighting the overall grade
based on current coverage of each security control and then expands on that to
show the grade based on the each of the well known attack vectors the controls
affect.
Next this section gives a summary