Posts by Spencer McIntyre

3 min Metasploit

Metasploit Wrap-Up

A new exploit for FortiOS and some module target updates.

3 min Metasploit

Metasploit 2020 Wrap-Up

2020 was certainly an interesting year - let’s take a look at what it meant for Metasploit.

3 min Metasploit

Metasploit Wrap-Up

This week's wrap-up covers five new modules (including scanner, execution, and disclosure modules), some good fixes and enhancements, and more!

2 min Metasploit

Metasploit Wrap-Up

Enhancements, bug fixes, and a new SAP IGS module!

9 min Metasploit

Exploitability Analysis: Smash the Ref Bug Class

Two Metasploit researchers evaluate the "Smash the Ref" win32k bug class for exploitability and practical exploitation use cases for pen testers and red teams looking to obtain an initial foothold in the context of a standard user account.

2 min Metasploit

Metasploit Wrap-Up

vBulletin strikes again This week saw another vBulletin exploit released by returning community member Zenofex. This exploit module allows an unauthenticated attacker to run arbitrary PHP code or operating system commands on affected versions of the vBulletin web application. The vulnerability, which was also discovered by Zenofex, is identified as CVE-2020-7373 [https://attackerkb.com/topics/aIL9b0uOYc/cve-2020-7373?referrer=blog] and is effectively a bypass for a previously patched vulnerabili

3 min Metasploit

Metasploit 6 Now Under Active Development

The Metasploit team announces active development of Metasploit Framework 6. Initial features include end-to-end encryption of Meterpreter communications, SMBv3 client support, and a new polymorphic payload generation routine for Windows shellcode.

2 min Metasploit

Metasploit Wrap-up

Nexus Repository Manager RCE This week our very own Will Vu [https://github.com/wvu-r7] wrote a module for CVE-2020-10199 which targets a remote code execution vulnerability within the Nexus Repository Manager. The vulnerability allows Java Expression Language (JavaEL) code to be executed. While the flaw requires authentication information to leverage it, any account is sufficient. This would allow any registered user to compromise the target server. Unquoted Service Path LPE Community contribu

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

A new OpenBSD local exploit Community contributor bcoles [http://github.com/bcoles] brings us a new exploit module for CVE-2019-19726, a vulnerability originally discovered by Qualys [https://blog.qualys.com/laws-of-vulnerabilities/2019/12/11/openbsd-local-privilege-escalation-vulnerability-cve-2019-19726] in OpenBSD. This vulnerability is pretty interesting in the sense that it leverages a bug in the _dl_getenv function that can be triggered to load libutil.so from an attacker controlled loca

1 min Python

Recent Python Meterpreter Improvements

The Python Meterpreter [https://github.com/rapid7/metasploit-framework/wiki/Meterpreter] has received quite a few improvements this year. In order to generate consistent results, we now use the same technique to determine the Windows version in both the Windows and Python instances of Meterpreter. Additionally, the native system language is now populated in the output of the sysinfo command. This makes it easier to identify and work with international systems. The largest change to the Python M