3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 05/16/2025
New modules for everyone
This week’s release is packed with new module content. We have RCE modules for
Car Rental System 1.0, Wordpress plugins SureTriggers, User Registration and
Membership. We also have a persistence module for LINQPad software and an
auxiliary module for POWERCOM UPSMON PRO. We have also added support for 32-bit
architectures to our execute-assembly post module, which now supports injection
of both 64-bit and 32-bit .NET assembly binaries.
New module content (5)
POWERCOM UP
2 min
Metasploit
Metasploit Wrap-Up 05/09/2025
New Toys and New Techniques
This release features a new OPNSense login scanner, a module targeting the Sante
PACS path traversal vulnerability, an additional method for stealing Network
Access Account credentials via SMB to HTTP relay, and the Erlang/OTP SSH exploit
everyone was excited about.
New module content (4)
Sante PACS Server Path Traversal (CVE-2025-2264)
Authors: Michael Heinzl and Tenable
Type: Auxiliary
Pull request: #20124 [https://github.com/rapid7/metasploit-framework/pull/20124]
3 min
Metasploit
Metasploit Wrap-Up 05/02/2025
Meterpreter Extended API Clipboard Monitoring
Security is hard, and Open Source Security is a collaborative effort. This week,
Metasploit released a fix for a vulnerability that was privately disclosed to us
by long-time community member bcoles [https://github.com/bcoles]. The
vulnerability in question impacted Metasploit users who were using the clipboard
monitoring functionality contained within the extended-API Meterpreter extension
(extapi). After a user enables monitoring, they would typica
4 min
Metasploit
Metasploit Wrap-Up 04/25/2025
AD CS workflow improvement with new PKCS12 features
Given the increasing popularity of AD CS misconfiguration exploitation in recent
years, Metasploit has been consistently improving its capabilities in this area.
This week’s release introduces a new certs command to the msfconsole, enabling
users to manage PKCS12 certificates stored in the database, similar to the klist
command
[https://docs.metasploit.com/docs/pentesting/active-directory/kerberos/service_authentication.html#ticket-management
2 min
Metasploit
Metasploit Wrap-Up 04/18/2025
Smaller Fetch Payloads
This week, a significant enhancement was made to the already awesome fetch
payload
[https://docs.metasploit.com/docs/development/developing-modules/guides/how-to-use-fetch-payloads.html]
feature by our very own bwatters-r7 [https://github.com/bwatters-r7]. The
improvement introduces a new option, PIPE_FETCH, which optimizes the process by
serving both the payload and the command to be executed simultaneously.
This enhancement directly addresses the challenge of limited s
3 min
Metasploit
Metasploit Weekly Wrap-Up 04/11/2025
Spring Exploits
This weekly release of Metasploit Framework includes new RCE exploit modules for
several vulnerable applications: Appsmith, a low-code application platform which
contains a misconfiguration on PostgreSQL (CVE-2024-55964); Pandora FMS, a
monitoring solution, where, once gained access to the administrator panel is
possible to inject commands (CVE-2024-12971); Oracle Access Manager, a SSO
application containing an unauthenticated deserialization vulnerability
(CVE-2021-35587); and p
3 min
Metasploit
Metasploit Wrap-Up 04/04/2025
New RCEs
Metasploit added four new modules this week, including three that leverage
vulnerabilities to obtain remote code execution (RCE)
[https://www.rapid7.com/fundamentals/what-is-remote-code-execution-rce/]. Among
these three, two leverage deserialization, showing that the exploit primitive is
still going strong. The Tomcat vulnerability in particular CVE-2025-24813
[https://attackerkb.com/search?q=CVE-2025-24813&referrer=blog] garnered a lot of
attention when it was disclosed; however, to f
2 min
Metasploit
Metasploit Wrap-Up 03/28/2025
Windows LPE - Cloud File Mini Filer Driver Heap Overflow
This Metasploit release includes an exploit module for CVE-2024-30085, an LPE in
cldflt.sys which is known as the Windows Cloud Files Mini Filer Driver. This
driver allows users to manage and sync files between a remote server and a local
client. The exploit module allows users with an existing session on an affected
Windows device to seamlessly escalate their privileges to NT AUTHORITY\SYSTEM.
This module has been tested on Windows workst
2 min
Metasploit
Metasploit Wrap-Up 03/21/2025
SMB to LDAP Relay
This week, the Metasploit team have added an exciting relay module that has been
in the works for a long time. This relay module is used to host an SMB server,
and execute an SMB to LDAP relay attack against a Domain controller with an LDAP
server when NTLMv1 is being used as the SMB authentication method. PetitPotam
can be used to coerce authentication on the victim system and relay it to the
Domain Controller.The module automatically takes care of removing the relevant
flags
1 min
Metasploit
Metasploit Weekly Wrap-Up 03/14/25
New module content (1)
InvoiceShelf unauthenticated PHP Deserialization Vulnerability
Authors: Mickaël Benassouli, Rémi Matasse, and h00die-gr3y
[https://github.com/h00die-gr3y]
Type: Exploit
Pull request: #19950 [https://github.com/rapid7/metasploit-framework/pull/19950]
contributed by h00die-gr3y [https://github.com/h00die-gr3y]
Path: linux/http/invoiceshelf_unauth_rce_cve_2024_55556
AttackerKB reference: CVE-2024-55556
[https://attackerkb.com/search?q=CVE-2024-55556&referrer=blog]
Descripti
3 min
Metasploit
Metasploit Wrap-Up 03/06/2025
New module content (3)
Get NAA Credentials
Authors: skelsec, smashery, and xpn
Type: Auxiliary
Pull request: #19712 [https://github.com/rapid7/metasploit-framework/pull/19712]
contributed by smashery [https://github.com/smashery]
Path: admin/sccm/get_naa_credentials
Description: Adds an auxiliary module which performs the retrieval of Network
Access Account (NAA) credentials from an System Center Configuration Manager
(SCCM) server. Given a computer name and password (which can typically be
cr
2 min
Metasploit
Metasploit Weekly Wrap-Up: 02/28/2025
New module content (5)
mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)
Author: Michael Heinzl
Type: Auxiliary
Pull request: #19878 [https://github.com/rapid7/metasploit-framework/pull/19878]
contributed by h4x-x0r [https://github.com/h4x-x0r]
Path: admin/scada/mypro_mgr_creds
AttackerKB reference: CVE-2025-22896
[https://attackerkb.com/search?q=CVE-2025-22896&referrer=blog]
Description: This module adds credential harvesting for MySCADA MyPro Manager
using CVE-20
2 min
Metasploit
Metasploit Weekly Wrap-Up 02/21/2025
BeyondTrust exploit + fetch payload updates
This Metasploit release includes an exploit module that chains two
vulnerabilities, one exploited in the wild by APT groups and another one, a
0-day discovered by Rapid7
[https://attackerkb.com/topics/vC7mUlftWA/cve-2025-1094?referrer=search] during
the vulnerability analysis. This week's release also includes a significant
enhancement to Metasploit's fetch payloads, which now support PPC, MIPS and ARM
architectures. This allows the payloads to be use
2 min
Metasploit
Metasploit Weekly Wrap-Up 02/14/2025
New module content (2)
Unauthenticated RCE in NetAlertX
Authors: Chebuya (Rhino Security Labs) and Takahiro Yokoyama
Type: Exploit
Pull request: #19868 [https://github.com/rapid7/metasploit-framework/pull/19868]
contributed by Takahiro-Yoko [https://github.com/Takahiro-Yoko]
Path: linux/http/netalertx_rce_cve_2024_46506
AttackerKB reference: CVE-2024-46506
[https://attackerkb.com/search?q=CVE-2024-46506&referrer=blog]
Description: A new module for an unauthenticated remote code execution bug i
3 min
Metasploit
Metasploit Weekly Wrap-Up 02/07/2025
Gathering data and improving workflows
This week's release includes 2 new auxiliary modules targeting Argus
Surveillance DVR and Ivanti Connect Secure. The former, contributed by Maxwell
Francis, and based on the work of John Page, can be used to retrieve arbitrary
files on the target's filesystem by exploiting an unauthenticated directory
traversal vulnerability. The latter, brought by our very own Martin Šutovský
[https://github.com/msutovsky-r7], is a HTTP login scanner for Ivanti Connect
Sec
