Posts by Pearce Barry

1 min Metasploit

Open Source Security Meetup (OSSM): Virtual Edition

The Rapid7 Metasploit team will be hosting our annual Open Source Security Meetup (OSSM) as a virtual event Thursday, August 6th!

2 min Metasploit

Metasploit Wrap-Up

Shifting (NET)GEARs Community contributor rdomanski [https://github.com/rdomanski] added a module for Netgear R6700v3 routers [https://github.com/rapid7/metasploit-framework/pull/13768] that allows unauthenticated attackers on the same network to reset the password for the admin user back to the factory default of password. Attackers can then manually change the admin user's password and log into it after enabling telnet via the exploit/linux/telnet/netgear_telnetenable module, which will gran

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Meterpreter bug fixes and five new modules, including an LPE exploit for SMBghost (CVE-2020-0796) and a BloodHound post module that gathers information (sessions, local admin, domain trusts, etc.) and stores it as a BloodHound-consumable ZIP file in Framework loot.

3 min Metasploit

Metasploit Wrap-Up

Gift exchange If you're looking for remote code execution against Microsoft Exchange, Spencer McIntyre [https://github.com/zeroSteiner] crafted up a cool new module [https://github.com/rapid7/metasploit-framework/pull/13014] targeting a .NET serialization vulnerability in the Exchange Control Panel (ECP) web page. Vulnerable versions of Exchange don't randomize keys on a per-installation basis, resulting in reuse of the same validationKey and decryptionKey values. With knowledge of these, an at

2 min Metasploit

Metasploit Wrap-Up

With 2019 almost wrapped up, we’ve been left wondering where the time went! It’s been a busy year for Metasploit, and we’re going out on a reptile-themed note this wrap-up... Python gets compatible With the clock quickly ticking down on Python 2 support [https://pythonclock.org/], contributor xmunoz [https://github.com/xmunoz] came through with some changes [https://github.com/rapid7/metasploit-framework/pull/12524] to help ensure most of Framework works with Python 3. While Python 3’s adoption

2 min Metasploit

Metasploit Wrap-Up

Config R Us Many versions of network management tool rConfig are vulnerable to unauthenticated command injection, and contributor bcoles [https://github.com/bcoles] added a new exploit module [https://github.com/rapid7/metasploit-framework/pull/12507] for targeting those versions. Present in v3.9.2 and prior, this vulnerability centers around the install directory not being automatically cleaned up following software installation, leaving behind a PHP file that can be utilized to execute arbitr

3 min Events

Metasploit Open Source Office Hours: Vegas 2019

The Metasploit crew at Rapid7 is headed out to Las Vegas for DEF CON 27, bringing a new incarnation of the Open Source Security Meetup (OSSM) with us! We will have a Metasploit Suite at Bally’s this year, where we’ll be hosting “Open Source Office Hours” (OSOH). If you’ll be out in Vegas for DEF CON 27, take a moment and ask yourself: * Are you currently working on a Metasploit module/payload and could use some guidance? * Are you modifying Framework and you’d like to discuss? * Are you w

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Injecting the Time Machine From contributor timwr [https://github.com/timwr] comes a new module targeting Time Machine on macOS 10.14.3 and earlier. Specifically, the tmdiagnose binary for these vulnerable versions suffers from a command injection vulnerability that can be exploited via a specially crafted disk label. This new module uses an existing session for exploitation on the target, allowing the Framework user to run a payload as root. What’s on TV? If you are nearby to a vulnerable Supr

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

A new Chrome browser exploit, some WebLogic RCE, and an exploit for PostgreSQL. Also announcing the return of our annual Open-Source Security Meetup in Vegas!

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Ubiquitous Devices Our Rapid7 Labs team pulled the thread [/2019/02/01/ubiquiti-discovery-service-exposures/] on some recent buzz around exploitable Ubiquiti devices, which led to a new scanner module [https://github.com/rapid7/metasploit-framework/pull/11338] ( auxiliary/scanner/ubiquiti/ubiquiti_discover.rb) from jhart-r7 [https://github.com/jhart-r7]. This module uses a simple UDP protocol to identify potentially exploitable Ubiquiti devices on your network, and can return details like MAC an

2 min Metasploit Weekly Wrapup

Metasploit Wrapup

Now in Framework: Exploit for jQuery File Upload plugin vuln, two new post modules to exfil images and texts from compromised iOS devices. Plus, this year's community CTF.

3 min Metasploit Weekly Wrapup

Metasploit Wrapup

With the Northeast U.S. getting hit with back-to-back nor’easters this week, it’s probably a good idea to head back inside and wait it out until spring arrives. So toss another log on the fire, grab a hot drink, raise a toast to all the folks making Metasploit awesome [https://github.com/rapid7/metasploit-framework/graphs/contributors], and catch up on the latest! It Goes to 11 While amplification attacks are nothing new, the memcached amplification attack vector (reffered to as “memcrashed”

3 min Metasploit Weekly Wrapup

Metasploit Wrapup

Wintertime can be a drag. Folks get tired of shoveling snow, scraping ice from windshields, dealing with busted water pipes, etc.. Thoughts of “fun in the sun” activities start to seep in, as people begin wistfully daydreaming about summertime. And for this coming summer, Metasploit has some hotness to daydream about! Google Summer of Code: We’re In! The Metasploit team is SUPER EXCITED to have been recently selected by Google [https://summerofcode.withgoogle.com/organizations/666336840069939

3 min Metasploit Weekly Wrapup

Metasploit Wrapup

It’s a special day here in the U.S.. This morning, media folks were hovering over a specific rodent [https://en.wikipedia.org/wiki/Punxsutawney_Phil] living in an eastern state to discover that we are in for six more weeks of winter [https://www.reuters.com/article/us-usa-groundhogday/groundhog-phil-predicts-more-cold-weather-chuck-says-spring-is-coming-idUSKBN1FM14L] , apparently. ¯\_(ツ)_/¯ Guess we’ll stay inside and work on Metasploit… EternalSunshine of the Security Minded If you’re still

2 min Metasploit Weekly Wrapup

Metasploit Wrapup

In last week’s wrap-up post [/2018/01/19/metasploit-wrapup-24/], we raised awareness of the new Metasploit 5 work we’re ramping up on. This week, please GoAhead [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17562] and enjoy some new Metasploit goodies! Get Up, GoAhead Based on research from danielhodson [https://github.com/danielhodson], hdm [https://github.com/hdm] and h00die [https://github.com/h00die] put together a new module [https://www.elttam.com.au/blog/goahead/] which targ