3 min
Metasploit
Metasploit Weekly Wrapup
The last couple of weeks in the infosec world have appeared busier, and buzzier,
than most others. It seems almost futile to pry everyone away from the current
drama--that being the bombshell revelation that intelligence agencies collect
intelligence--long enough to have them read our dev blog. Regardless, we've
been busy ourselves. And if you're the least bit like me, you could probably
use a quick respite from the cacophony. Keeping up with all the noise is enough
to make anyone feel lik
Read Full Post
9 min
Exploits
12 Days of HaXmas: A Fireside Foray into a Firefox Fracas
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas/] with
12 blog posts on hacking-related topics and roundups from the year. This year,
we're highlighting some of the “gifts” we want to give back to the community.
And while these gifts may not come wrapped with a bow, we hope you enjoy them.
Towards the end of November, the Tor community was shaken up by the revelation
of an previously unknown vulnerability being actively exploited against
pedo^H^H^H^H Tor Browser user
Read Full Post
3 min
Metasploit
Metasploit Weekly Wrapup
Las Vegas 2016 is in The Books
This week's wrap-up actually covers two weeks thanks in large part to the yearly
pilgrimage to Las Vegas. I myself elected not to attend, but I'm told everyone
had a great time. Many on the team are still recuperating, but I'd wager that
they all enjoyed seeing you there as well. Here's to everyone's speedy
recovery.
Centreon Web UserAlias Command Execution
Our first new module this go-around exploits a remote command execution
vulnerability in Centreon Web via
Read Full Post
10 min
Metasploit
A Short Approach: The Cisco ASA 5505 as a Stepping Stone Into Embedded Reverse Engineering
Back in February, Exodus Intelligence released their blog entry titled "Execute
My Packet", which detailed their discovery and exploitation of CVE-2016-1287.
Since then, I've fielded numerous requests for modules and witnessed much
discussion generated from it. From this discussion, I've gathered that many
researchers seem to consider the Cisco ASA as an unruly beast, difficult to
approach, even harder to tame. I feel that this is far from the truth, and this
article is a response to such not
Read Full Post
3 min
Metasploit Weekly Wrapup
Weekly Metasploit Wrapup
New Modules
First up this week, we have a new module from rastating which exploits an
unauthenticated file upload vulnerability in the popular WordPress plugin, Ninja
Forms. Versions affected include those within the range of v2.9.36 to 2.9.42,
and the vulnerability can be leveraged into a shell running within the security
context of the web server process in a fairly silent manner. With over 2.5
million downloads and 500k active installs, according to the developer and the
Wordpress plugin re
Read Full Post