2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/9/19
Keep on Bluekeepin’ on
TomSellers [https://github.com/TomSellers] added a new option to the
increasingly useful Bluekeep Scanner module
[https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb]
that allows execution of a DoS attack when running the module. This adds a new
level of effectiveness in proving the severity of this vulnerability.
As part of this update, TomSellers [https://github.com/TomSellers] moved and
refactored a lot of
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/2/19
A new feature, better `set payload` options, and new modules. Plus, open-source office hours in Vegas during hacker summer camp.
1 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 7/26/19
First!!
Congrats to Nick Tyrer [https://github.com/NickTyrer] for the first community
contibuted evasion module to land in master. Nick's
evasion/windows/applocker_evasion_install_util module
[https://github.com/rapid7/metasploit-framework/pull/11795] leverages the
trusted InstallUtil.exe binary to execute user supplied code and evade
application whitelisting.
New modules (4)
* WP Database Backup RCE
[https://github.com/rapid7/metasploit-framework/pull/12010] by Mikey
Veenstra
/ Wordf
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 7/19/19
RCE with a Key
An exploit module [https://github.com/rapid7/metasploit-framework/pull/12062]
for Laravel Framework was submitted by community contributor aushack
[https://github.com/aushack]. The module targets an insecure unserialize call
with the X-XSRF-TOKEN HTTP request header, which was discovered by Ståle
Pettersen. Since the exploit requires the Laravel APP_KEY to reach the
vulnerable unserialize call, aushack included information leak
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 7/12/19
We hope our American friends had a wonderful Fourth of July weekend! There are
no new modules this week, so instead we're featuring two enhancements that fix
some long outstanding Framework bugs. Check out last week’s holiday wrap-up for
a list of the modules that landed while the U.S. was watching fireworks.
GatherProof (or don't)
Using ssh_login* on certain non-standard devices such as Brocade switches
[https://github.com/rapid7/metasploit-framework/issues/11905] and Juniper
firewalls [https:
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 7/5/19
Injecting the Time Machine
From contributor timwr [https://github.com/timwr] comes a new module targeting
Time Machine on macOS 10.14.3 and earlier. Specifically, the tmdiagnose binary
for these vulnerable versions suffers from a command injection vulnerability
that can be exploited via a specially crafted disk label. This new module uses
an existing session for exploitation on the target, allowing the Framework user
to run a payload as root.
What’s on TV?
If you are nearby to a vulnerable Supr
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 6/28/19
I am Root
An exploit module [https://github.com/rapid7/metasploit-framework/pull/11987]
for Nagios XI v5.5.6 was added by community contributor yaumn
[https://github.com/yaumn]. This module includes two exploits chained together
to achieve code execution with root privileges, and it all happens without
authentication. A single unsanitized parameter in magpie_debug.php enables the
ability to write arbitrary PHP code to a publicly accessible directory and get
code execution. Privilege escalation
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 6/21/19
TLS support and expanded options for the BlueKeep scanner module, two new modules for Cisco Prime Infrastructure, and more.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 6/14/19
It’s Summertime, and the Hackin’ is Easy
It is still early in the season, but there’s a whole lot of fixes that are
already shipping. Straight off a week of intellectual synergy from the
world-wide hackathon, we started to fix a lot of things we noticed while we
coded over street tacos and Austin-famous beverages. All told, this week we made
Metasploit more inclusive, transparent, and configurable!
Inclusive
@wvu-r7 has been on a roll trying to make Metasploit play well with others. He
teamed u
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 6/7/19
Read up on how the recent community hackathon in Austin went, three new modules, and the usual long list of fixes and enhancements.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 5/31/19
Unauthenticated scanner for BlueKeep, community hackathon in Austin, and the usual long list of fixes and enhancements.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 5/24/19
BSD love
Outside of macOS, not many people run (or run into) a BSD-flavored system very
often. Even still, bcoles [https://github.com/bcoles] and space-r7
[https://github.com/space-r7] teamed up for a pair of BSD enhancements. The
first, a privilege escalation, affects FreeBSD's runtime linker dealing with
LD_PRELOAD in FreeBSD 7.1, 7.2, and 8.0. The next enhancement adds BSD targets
to our known-credential ssh executor which now allows BSD-specific payloads. Not
wanting macOS to be left out ti
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: May 17, 2019
Take a moment from this week's barrage of vulnerabilities in seemingly everything to see the cool stuff happening with the Metasploit team of contributors: a video interview between two greats, a new exploit module in GetSimple CMS, and a whole host of improvements.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 5/10/19
A new Chrome browser exploit, some WebLogic RCE, and an exploit for PostgreSQL. Also announcing the return of our annual Open-Source Security Meetup in Vegas!
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 5/3/19
Better persistence options thanks to two new modules for Yum and APT package managers. Plus, new exploits for Rails DoubleTap and Spring Cloud Config.