4 min
Metasploit
Metasploit Wrap-Up
Flink targeting, process herpaderping, and more in this week's Metasploit wrap-up!
Read Full Post
4 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
GSoC Rocks!
In a rare double whammy, one of our 2020 Google Summer of Code (GSoC)
participants has authored a PR containing both enhancements & a new module
[https://github.com/rapid7/metasploit-framework/pull/14067]! Improvements to our
SQL injection library now allow PostgreSQL injection, and this new functionality
has been verified with both a test module AND a fully functioning module
exploiting CVE-2019-13375
[https://attackerkb.com/topics/n3vokFNBje/cve-2019-13375?referrer=blog], a
(Postgr
Read Full Post
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
This installment includes a new MicroFocus RCE module, an updated Microsoft Exchange patch bypass, and items without 'Micro' in the title, too!
Read Full Post
2 min
Metasploit
Metasploit Wrap-Up
This week's edition: Baron Samedit 'sudo' exploit module, OneDrive sync enumeration, and WP credential gathering via Abandoned Cart plugin.
Read Full Post
3 min
Metasploit
Metasploit Wrap-Up
Five new modules, including RCEs, arbitrary file write, and a Windows Registry check if the DementiaWheel/fanny.bmp malware exists on a target.
Read Full Post
3 min
Metasploit
Metasploit Wrap-Up
A new Microsoft Windows Spooler privesc module, along with some fixes and improvements!
Read Full Post
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Commemorating the 2020 December Metasploit community CTF
A new commemorative banner has been added to the Metasploit console to celebrate
the teams that participated in the 2020 December Metasploit community CTF
[/2020/12/07/congrats-to-the-winners-of-the-2020-december-metasploit-community-ctf/]
and achieved 100 or more points:
If you missed out on participating in this most recent event, be sure to follow
the Metasploit Twitter [https://twitter.com/metasploit] and Metasploit blog
posts [/ta
Read Full Post
3 min
Metasploit
Metasploit Wrap-Up
Eight new Metasploit modules for various targets (and outcomes!), with a good set of improvements and fixes!
Read Full Post
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Exploits for Oracle Solaris CVE-2020-14871 and Windows 7 CVE-2020-1054, plus enhancements and bug fixes for Railgun and msfdb init. Happy HaXmas!
Read Full Post
3 min
Metasploit
Metasploit Wrap-Up
This week's wrap-up covers five new modules (including scanner, execution, and disclosure modules), some good fixes and enhancements, and more!
Read Full Post
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
It's CTF week(end)! Plus, steal files from Apache Tomcat servers thanks to a new Ghostcat exploit, and dump process memory with a new post module that leverages Avast AV's built-in AvDump utility.
Read Full Post
3 min
Metasploit
Metasploit Wrap-Up
Five new modules, and a reminder for the upcoming CTF
Read Full Post
3 min
Metasploit
Metasploit Wrap-Up
Two new RCE-capable modules and some good fixes and enhancements!
Read Full Post
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Four new modules, including an exploit for SaltStack Salt and an exploit for a now-patched vuln in Metasploit, plus new enhancements and fixes.
Read Full Post
2 min
Metasploit
Metasploit Wrap-Up
Insert 'What Year Is It' meme
h00die [https://github.com/h00die] contributed the Mikrotik unauthenticated
directory traversal file read
[https://github.com/rapid7/metasploit-framework/pull/14280] auxiliary gather
module, largely a port of the PoC by Ali Mosajjal [https://github.com/mosajjal].
The vulnerability CVE-2018-14847
[https://attackerkb.com/topics/oOoUGd0y46/cve-2018-14847?referrer=blog] allows
any file from the router to be read through the Winbox server in RouterOS due to
a lack of val
Read Full Post