2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 6/28/19
I am Root
An exploit module [https://github.com/rapid7/metasploit-framework/pull/11987]
for Nagios XI v5.5.6 was added by community contributor yaumn
[https://github.com/yaumn]. This module includes two exploits chained together
to achieve code execution with root privileges, and it all happens without
authentication. A single unsanitized parameter in magpie_debug.php enables the
ability to write arbitrary PHP code to a publicly accessible directory and get
code execution. Privilege escalation
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 3/29/19
Introducing Metasploit Development Diaries
We are happy to introduce a new quarterly series, the Metasploit Development
Diaries. The dev diaries walk users and developers through some example exploits
and give detailed analysis of how the exploits operate and how Metasploit
evaluates vulnerabilities for inclusion in Framework. The first in the dev
diaries series features technical analysis by sinn3r
[https://twitter.com/_sinn3r?lang=en] and includes modules from community
members and fellow rese
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 12/14/18
Backups that Cause Problems
hypn0s [https://github.com/hypn0s] contributed a module
[https://github.com/rapid7/metasploit-framework/pull/10960] that exploits Snap
Creek’s Duplicator plugin for WordPress. Duplicator is a plugin that eases the
backup and migration of WordPress installations. For versions 1.2.40 and below,
Duplicator leaves behind a number of sensitive files, including one that gives
access to controlling the WordPress restoration process. Sending a POST request
to the now accessib
1 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 8/24/18
ssh_enumusers Gets An Update
wvu integrated the malformed packet technique
[https://nvd.nist.gov/vuln/detail/CVE-2018-15473] into the ssh_enumusers module
originally written by kenkeiras [https://github.com/kenkeiras]. This module
allows an attacker to guess the user accounts on an OpenSSH server on versions
up to 7.7, allowing the module to work on more versions than before.
GSoC Wraps Up
As Google Summer of Code finished up, Framework received an array of new and
exciting features. WangYihang