Posts tagged Metasploit Weekly Wrapup

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Spilling the (Gi)tea We have two modules coming in from cdelafuente-r7 [https://github.com/cdelafuente-r7] targeting CVE-2020-14144 [https://attackerkb.com/topics/ZTlYBaSclN/cve-2020-14144?referrer=blog] for both the Gitea and Gogs self-hosted Git services. Both modules are similar: they take advantage of a user’s ability to create Git hooks by authenticating with the web interface, creating a dummy repository with the aforementioned git hook, and triggering it—which will execute the payload! A

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Six new modules targeting F5, SaltStack, Exchange Server, and more, plus some significant performance improvements and fixes.

5 min Metasploit

Metasploit Wrap-Up

New Exchange ProxyLogon modules, VMWare View Planner RCE, Advantech iView RCE, and more!

4 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

A local exploit for a Windows Server 2012 DLL hijacking vulnerability, plus a slew of fixes and improvements.

2 min Metasploit

Metasploit Wrap-Up

Three new modules for achieving code execution, a new way to play favorites, and more! Plus a Google Summer of Code announcement!

3 min Metasploit

Metasploit Wrap-Up

A new exploit for FortiOS and some module target updates.

4 min Metasploit

Metasploit Wrap-Up

Flink targeting, process herpaderping, and more in this week's Metasploit wrap-up!

4 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

GSoC Rocks! In a rare double whammy, one of our 2020 Google Summer of Code (GSoC) participants has authored a PR containing both enhancements & a new module [https://github.com/rapid7/metasploit-framework/pull/14067]! Improvements to our SQL injection library now allow PostgreSQL injection, and this new functionality has been verified with both a test module AND a fully functioning module exploiting CVE-2019-13375 [https://attackerkb.com/topics/n3vokFNBje/cve-2019-13375?referrer=blog], a (Postgr

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

This installment includes a new MicroFocus RCE module, an updated Microsoft Exchange patch bypass, and items without 'Micro' in the title, too!

2 min Metasploit

Metasploit Wrap-Up

This week's edition: Baron Samedit 'sudo' exploit module, OneDrive sync enumeration, and WP credential gathering via Abandoned Cart plugin.

3 min Metasploit

Metasploit Wrap-Up

Five new modules, including RCEs, arbitrary file write, and a Windows Registry check if the DementiaWheel/fanny.bmp malware exists on a target.

3 min Metasploit

Metasploit Wrap-Up

A new Microsoft Windows Spooler privesc module, along with some fixes and improvements!

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Commemorating the 2020 December Metasploit community CTF A new commemorative banner has been added to the Metasploit console to celebrate the teams that participated in the 2020 December Metasploit community CTF [/2020/12/07/congrats-to-the-winners-of-the-2020-december-metasploit-community-ctf/] and achieved 100 or more points: If you missed out on participating in this most recent event, be sure to follow the Metasploit Twitter [https://twitter.com/metasploit] and Metasploit blog posts [/ta

3 min Metasploit

Metasploit Wrap-Up

Eight new Metasploit modules for various targets (and outcomes!), with a good set of improvements and fixes!

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Exploits for Oracle Solaris CVE-2020-14871 and Windows 7 CVE-2020-1054, plus enhancements and bug fixes for Railgun and msfdb init. Happy HaXmas!