Posts by Sonny Gonzalez

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

LearnPress authenticated SQL injection Metasploit contributor h00die [https://github.com/h00die] added a new module that exploits CVE-2020-6010 [https://attackerkb.com/topics/x12K9JOfk2/cve-2020-6010?referrer=blog], an authenticated SQL injection vulnerability in the WordPress LearnPress plugin. When a user is logged in with contributor privileges or higher, the id parameter can be used to inject arbitrary code through an SQL query. This exploit can be used to collect usernames and password hash

3 min Metasploit

Metasploit Wrap-Up

New modules for gathering (info+config!), escalation (of privilege!), and execution (of code!).

3 min Metasploit

Metasploit Wrap-Up

Eight new Metasploit modules for various targets (and outcomes!), with a good set of improvements and fixes!

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Hacktoberfest 2020 and wisdom from around the Metasploit water cooler. Keep an eye out for more info on the next Metasploit community CTF (coming soon).

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Android Binder UAF, OpenNetAdmin RCE, and a slew of improvements, including colorized HttpTrace output and a better debugging experience for developers.

3 min Metasploit

Metasploit Wrap-Up

At our (final!) DerbyCon Town Hall today, the Metasploit team announced the release of an initial exploit module PR for CVE-2019-0708, aka BlueKeep.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

TLS support and expanded options for the BlueKeep scanner module, two new modules for Cisco Prime Infrastructure, and more.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

elFinder remote command injection elFinder [https://github.com/Studio-42/elFinder] is a client-side open-source file manager tool written for web applications. In a browser it has the look and feel of a native file manager application. It ships with a PHP connector [https://github.com/Studio-42/elFinder/tree/master/php], which integrates the client side with the back end server. The connector provides the ability for unauthenticated users to upload an image and resize it. It does so by shelling

2 min Metasploit Weekly Wrapup

Metasploit Wrapup

Safari Proxy Object Type Confusion Metasploit committer timwr [https://github.com/timwr] recently added a macOS Safari RCE exploit module [https://github.com/rapid7/metasploit-framework/pull/10944] based on a solution [https://github.com/saelo/pwn2own2018] that saelo [https://github.com/saelo] developed and used successfully at Pwn2Own 2018 [https://www.thezdi.com/blog/2018/3/14/welcome-to-pwn2own-2018-the-schedule]. saelo's exploit is a three-bug chain: a Safari RCE (CVE-2018-4233), a sandbox

2 min Metasploit Weekly Wrapup

Metasploit Wrapup

Your weekly run-down of the modules and improvements that landed in Metasploit Framework.

2 min Metasploit Weekly Wrapup

Metasploit Wrapup

New Privilege Escalation Exploit The glibc 'realpath()' module [https://github.com/rapid7/metasploit-framework/pull/10101] was added by bcoles [https://github.com/bcoles]. It attempts to gain root privileges on Debian-based Linux systems by exploiting a vulnerability in GNU C Library (glibc) version <= 2.26. This exploit uses halfdog's [https://github.com/halfdog] RationalLove exploit to expose a buffer underflow error in glibc realpath() and create a SUID root shell. The module includes offset

2 min Metasploit Weekly Wrapup

Metasploit Wrapup

Teenage ROBOT Returns Imagine the joy robot parents must feel when their infant leaves home and returns as a teenager. ROBOT (Return of Bleichenbacher Oracle Threat) [/2017/12/13/attention-humans-the-robot-attack/] is a 19-year-old vulnerability that allows RSA decryption and signing with the private key of a TLS server. It allows for an adaptive-chosen ciphertext attack. It is still very much relevant today as some modern HTTPS hosts are vulnerable to ROBOT [https://robotattack.org]. Metasploit