Posts tagged Metasploit Weekly Wrapup

2 min Metasploit

Metasploit Wrap-Up

Bad WebLogic Our own Shelby Pace [https://github.com/space-r7] authored an exploit taking advantage of a Java object deserialization vulnerability in multiple different versions of WebLogic. The new module has been tested with versions v12.1.3.0.0, v12.2.1.3.0, and v12.2.1.4.0 of WebLogic and allows remote code execution through the of sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable WebLogic servers. Cram it in your Pi-Hole As the incredibly origina

2 min Metasploit

Metasploit Wrap-Up

Five new modules, including SaltStack Salt Master root key disclosure and unauthenticated RCE on Salt master and minion. A new Meterpreter fix also ensures correct handling of out-of-order packets in pivoted sessions.

5 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Nine new modules, including three IBM Data Risk Manager exploits, a couple Windows privilege elevation modules, and a .NET deserialization exploit for Veeam ONE Agent. Plus, a new .NET deserialization tool that allows users to generate serialized payloads in the vein of YSoSerial.NET.

3 min Metasploit

Metasploit Wrap-up

Windows Meterpreter payload improvements Community contributor OJ [https://github.com/OJ] has made improvements to Windows Meterpreter payloads. Specifically reducing complexity around extension building and loading. This change comes with the benefit of removing some fingerprint artifacts, as well reducing the payload size as a side-effect. Note that Windows meterpreter sessions that are open prior to this bump will not be able to load new extensions after the bump if they connect with a new in

3 min Metasploit

Metasploit Wrap-up

Security fix for the libnotify plugin (CVE-2020-7350) If you use the libnotify plugin to keep track of when file imports complete, the interaction between it and db_import allows a maliciously crafted XML file [https://github.com/rapid7/metasploit-framework/pull/13049] to execute arbitrary commands on your system. In proper Metasploit fashion, pastaoficial [https://github.com/pastaoficial] PR'd a file format exploit to go along with the fix, and our own smcintyre-r7 [https://github.com/smcintyre

2 min Metasploit

Metasploit Wrap-up

Nexus Repository Manager RCE This week our very own Will Vu [https://github.com/wvu-r7] wrote a module for CVE-2020-10199 which targets a remote code execution vulnerability within the Nexus Repository Manager. The vulnerability allows Java Expression Language (JavaEL) code to be executed. While the flaw requires authentication information to leverage it, any account is sufficient. This would allow any registered user to compromise the target server. Unquoted Service Path LPE Community contribu

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Meterpreter bug fixes and five new modules, including an LPE exploit for SMBghost (CVE-2020-0796) and a BloodHound post module that gathers information (sessions, local admin, domain trusts, etc.) and stores it as a BloodHound-consumable ZIP file in Framework loot.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

This week's release includes a local privilege escalation exploit for VMware Fusion through 11.5.3 on OS X, as well as RCE on Apache Solr and DNN cookie deserialization.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Three new modules, including a post module to automate the installation of an embeddable Python interpreter on a target, and a new exploit for Microsoft SharePoint Workflows.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Five new modules plus fixes and enhancements. Exploits for ManageEngine, rConfig, and SQL Server Reporting Services, among others.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Four new modules and lots of productivity enhancements. You can now run `rubocop -a` to automatically fix most formatting issues when developing modules. Plus, try the new `tip` command in MSF for Framework usage tips!

3 min Metasploit

Metasploit Wrap-Up

Gift exchange If you're looking for remote code execution against Microsoft Exchange, Spencer McIntyre [https://github.com/zeroSteiner] crafted up a cool new module [https://github.com/rapid7/metasploit-framework/pull/13014] targeting a .NET serialization vulnerability in the Exchange Control Panel (ECP) web page. Vulnerable versions of Exchange don't randomize keys on a per-installation basis, resulting in reuse of the same validationKey and decryptionKey values. With knowledge of these, an at

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Android Binder UAF, OpenNetAdmin RCE, and a slew of improvements, including colorized HttpTrace output and a better debugging experience for developers.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Long live copy and paste Adam Galway [https://github.com/adamgalway-r7] enhanced the set PAYLOAD command to strip the /payload/, payload/, and / prefixes from a payload name in an effort to improve the user experience while configuring an exploit's payload. You can see the new behavior [https://github.com/rapid7/metasploit-framework/pull/12946] below! msf5 exploit(windows/smb/ms17_010_eternalblue) > set payload /payload/windows/x64/meterpreter/reverse_tcp payload => windows/x64/meterpreter/reve

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Ricoh Privilege Escalation No ink? No problem. Here’s some SYSTEM access. A new module [https://github.com/rapid7/metasploit-framework/pull/12906] by our own space-r7 [https://github.com/space-r7] has been added to Metasploit Framework this week that adds a privilege escalation exploit for various [https://www.ricoh.com/info/2020/0122_1/list] Ricoh printer drivers on Windows systems. This module takes advantage of CVE-2019-19363 [https://nvd.nist.gov/vuln/detail/CVE-2019-19363] by overwriting th