Posts by Sonny Gonzalez

3 min Metasploit

Metasploit Wrap-Up

New modules for gathering (info+config!), escalation (of privilege!), and execution (of code!).

3 min Metasploit

Metasploit Wrap-Up

Eight new Metasploit modules for various targets (and outcomes!), with a good set of improvements and fixes!

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Hacktoberfest 2020 and wisdom from around the Metasploit water cooler. Keep an eye out for more info on the next Metasploit community CTF (coming soon).

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Android Binder UAF, OpenNetAdmin RCE, and a slew of improvements, including colorized HttpTrace output and a better debugging experience for developers.

3 min Metasploit

Metasploit Wrap-Up

At our (final!) DerbyCon Town Hall today, the Metasploit team announced the release of an initial exploit module PR for CVE-2019-0708, aka BlueKeep.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

TLS support and expanded options for the BlueKeep scanner module, two new modules for Cisco Prime Infrastructure, and more.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

elFinder remote command injection elFinder [https://github.com/Studio-42/elFinder] is a client-side open-source file manager tool written for web applications. In a browser it has the look and feel of a native file manager application. It ships with a PHP connector [https://github.com/Studio-42/elFinder/tree/master/php], which integrates the client side with the back end server. The connector provides the ability for unauthenticated users to upload an image and resize it. It does so by shelling

2 min Metasploit Weekly Wrapup

Metasploit Wrapup

Safari Proxy Object Type Confusion Metasploit committer timwr [https://github.com/timwr] recently added a macOS Safari RCE exploit module [https://github.com/rapid7/metasploit-framework/pull/10944] based on a solution [https://github.com/saelo/pwn2own2018] that saelo [https://github.com/saelo] developed and used successfully at Pwn2Own 2018 [https://www.thezdi.com/blog/2018/3/14/welcome-to-pwn2own-2018-the-schedule]. saelo's exploit is a three-bug chain: a Safari RCE (CVE-2018-4233), a sandbox

2 min Metasploit Weekly Wrapup

Metasploit Wrapup

Your weekly run-down of the modules and improvements that landed in Metasploit Framework.

2 min Metasploit Weekly Wrapup

Metasploit Wrapup

New Privilege Escalation Exploit The glibc 'realpath()' module [https://github.com/rapid7/metasploit-framework/pull/10101] was added by bcoles [https://github.com/bcoles]. It attempts to gain root privileges on Debian-based Linux systems by exploiting a vulnerability in GNU C Library (glibc) version <= 2.26. This exploit uses halfdog's [https://github.com/halfdog] RationalLove exploit to expose a buffer underflow error in glibc realpath() and create a SUID root shell. The module includes offset

2 min Metasploit Weekly Wrapup

Metasploit Wrapup

Teenage ROBOT Returns Imagine the joy robot parents must feel when their infant leaves home and returns as a teenager. ROBOT (Return of Bleichenbacher Oracle Threat) [/2017/12/13/attention-humans-the-robot-attack/] is a 19-year-old vulnerability that allows RSA decryption and signing with the private key of a TLS server. It allows for an adaptive-chosen ciphertext attack. It is still very much relevant today as some modern HTTPS hosts are vulnerable to ROBOT [https://robotattack.org]. Metasploit