Posts by Matthew Kienow

3 min Metasploit

Metasploit Wrap-Up

New modules for vRealize, Druid, Redis, and more! Also some nice improvements and fixes.

2 min Metasploit

Metasploit Wrap-Up

Insert 'What Year Is It' meme h00die [https://github.com/h00die] contributed the Mikrotik unauthenticated directory traversal file read [https://github.com/rapid7/metasploit-framework/pull/14280] auxiliary gather module, largely a port of the PoC by Ali Mosajjal [https://github.com/mosajjal]. The vulnerability CVE-2018-14847 [https://attackerkb.com/topics/oOoUGd0y46/cve-2018-14847?referrer=blog] allows any file from the router to be read through the Winbox server in RouterOS due to a lack of val

2 min Metasploit

Metasploit Wrap-Up

Intensity not on the Fujita scale SOC folks may have been feeling increased pressure as word spread of CVE-2020-5902 [https://attackerkb.com/topics/evLpPlZf0i/cve-2020-5902?referrer=blog#rapid7-analysis] being exploited in the wild. Vulnerabilities in networking equipment always pose a unique set of constraints for IT operations when it comes to mitigations and patches given their role in connecting users to servers, services or applications. Yet from an attacker’s perspective this vulnerabili

3 min Metasploit

Metasploit Wrap-Up

Management delegation of shells Onur ER [https://github.com/onurer] contributed the Ajenti auth username command injection [https://github.com/rapid7/metasploit-framework/pull/12503] exploit module for the vulnerability Jeremy Brown discovered and published a PoC for on 2019-10-13 (EDB 47497) against Ajenti version 2.1.31. Ajenti is an open-source web-based server admin panel written in Python and JS. The application allows admins to remotely perform a variety of server management tasks. The ex

1 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

On the correct list AppLocker and Software Restriction Policies control the applications and files that users are able to run on Windows Operating Systems. These two protections have been available to the blue team for years. AppLocker is supported on Windows 7 and above, and Software Restriction Policies is supported on Windows XP and above. Encountering either during an engagement could slow you down; however, look no further than the evasion modules for assistance. Nick Tyrer [https://github.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Read up on how the recent community hackathon in Austin went, three new modules, and the usual long list of fixes and enhancements.

3 min Metasploit

Metasploit Wrap-Up

The Payload UUID and paranoid mode Meterpreter payload and listener features were first introduced and added to many HTTP and TCP Metasploit payloads in mid-2015.

2 min Metasploit Weekly Wrapup

Metasploit Wrapup

The Malicious Git HTTP Server For CVE-2018-17456 module by timwr exploits a vulnerability in Git that can cause arbitrary code execution when a user clones a malicious repository using commands such as git clone --recurse-submodules and git submodule update.

3 min Metasploit Weekly Wrapup

Metasploit Wrapup

VPN to root The Network Manager VPNC Username Privilege Escalation [https://github.com/rapid7/metasploit-framework/pull/10482] module by bcoles [https://github.com/bcoles] exploits a privilege escalation attack in the Network Manager VPNC plugin configuration data (CVE-2018-10900) to gain root privileges. Network Manager VPNC versions prior to 1.2.6 are vulnerable and the module has been successfully tested against 1.2.4-4 on Debian 9.0.0 (x64) and 1.1.93-1 on Ubuntu Linux 16.04.4 (x64). The e

2 min Metasploit Weekly Wrapup

Metasploit Wrapup

Moar Power OJ Reeves [https://github.com/OJ] added [https://github.com/rapid7/metasploit-framework/pull/10206] two new PowerShell transport functions to Metasploit payloads and made modifications to the PowerShell transport binding functionality. The aptly-named Add-TcpTransport function adds an active TCP transport to the current session and the Add-WebTransport function adds an HTTP/S transport to the current session. These functions are fully documented, allowing the user to leverage the Ge

3 min Metasploit Weekly Wrapup

Metasploit Wrapup

May the fourth be with you… Get comfortable, put on your headphones or turn up your speaker volume, and enjoy this guitar rendition [https://www.youtube.com/watch?v=CBZgLM5HUzU] of the Ewok Celebration, commonly known as Yub Nub [http://starwars.wikia.com/wiki/Ewok_Celebration] while catching up on Metasploit updates for the week. PHP Debugging Xdebug [https://xdebug.org/] is an extension for PHP to facilitate development by providing interactive debugging capabilities and much more. On an en

4 min Haxmas

A Visit From a Printer PoC

The story of a group effort to perform a successful holiday printer hack...translated into rhymed verse for your HaXmas entertainment.

2 min Metasploit Weekly Wrapup

Metasploit Wrapup

I Read the News Today, Oh Boy As we near the end of the year we must express appreciation for the Metasploit community as a whole. Each contribution is valuable, be it an exploit for the latest vulnerability, documentation, spelling corrections, or anything in between. Together we shape the future of Metasploit. The Metasploit community really surprised us this time around, as the latest release brings five new exploit and two new auxiliary modules. Hey! You! Get Off of My Cloud Zenofex [https: