Posts tagged Metasploit Weekly Wrapup

2 min Metasploit

Metasploit Weekly Wrap-Up: Aug. 18, 2023

Meterpreter Testing This week’s release adds new payload tests to our automated test suite. This is intended to help the team and community members identify issues and behavior discrepancies before changes are made. Payloads run on a variety of different platforms including Windows, Linux, and OS X each of which has multiple Meterpreter implementations available that are now tested to help ensure consistency. This should improve payload stability and make testing easier for community members tha

2 min Metasploit

Metasploit Weekly Wrap-Up: Aug. 11, 2023

A new Metabase RCE module, updates to the citrix_formssso_target_rce module for CVE-2023-3519 to include two new targets, Citrix ADC (NetScaler) 12.1-65.25, and 12.1-64.17, and more

4 min Metasploit

Metasploit Weekly Wrap-Up: Aug. 4, 2023

Fly High in the Sky With This New Cloud Exploit! This week, a new module was added that takes advantage of both authentication bypass and command injection in certain versions of Western Digital's MyCloud hardware. Submitted by community member Erik Wynter [https://github.com/ErikWynter], this module gains access to the target, attempts to bypass authentication, verifies whether that was successful, then executes the payload with root privileges. This works on versions before 2.30.196, and offer

3 min Metasploit

Metasploit Weekly Wrap-Up: July 28, 2023

Unauthenticated RCE in VMware Product This week, community contributor h00die [https://github.com/h00die] added an exploit module that leverages a command injection vulnerability in VMWare Aria Operations for Networks, formerly known as vRealize Network Insight. Versions 6.2 to 6.10 are vulnerable (CVE-2023-20887 [https://attackerkb.com/topics/gxz1cUyFh2/cve-2023-20887?referrer=blog]). A remote attacker could abuse the Apache Thrift RPC interface by sending specially crafted data and get unauthe

2 min Metasploit

Metasploit Weekly Wrap Up: July 21, 2023

This week's weekly wrapup includes two new Metasploit modules - Piwigo Gather Credentials via SQL Injection ( CVE-2023-26876 ) and Openfire authentication bypass with RCE plugin (CVE-2023-32315)

2 min Metasploit

Metasploit Weekly Wrap-Up: July 14, 2023

Authentication bypass in Wordpress Plugin WooCommerce Payments This week's Metasploit release includes a module for CVE-2023-28121 by h00die [https://github.com/h00die]. This module can be used against any wordpress instance that uses WooCommerce payments < 5.6.1. This module exploits an auth by-pass vulnerability in the WooCommerce WordPress plugin. You can simply add a header to execute the bypass and use the API to create a new admin user in Wordpress. New module content (3) Wordpress Plugin

2 min Metasploit

Metasploit Weekly Wrap-Up: 7/7/23

Apache RocketMQ We saw some great teamwork this week from jheysel-r7 [https://github.com/jheysel-r7] and h00die [https://github.com/h00die] to bring you an exploit module for CVE-2023-33246 [https://attackerkb.com/topics/YBI7e7fY0a/cve-2023-33246?referrer=blog]. In Apache RocketMQ version 5.1.0 and under, there is an access control issue which the module leverages to update the broker's configuration file without authentication. From here we can gain remote code execution as whichever user is ru

2 min Metasploit

Metasploit Weekly Wrap-Up: 6/30/23

Nothing but .NET? Smashery continues to… smash it by updating our .NET assembly execution module. The original module allowed users to run a .NET exe as a thread within a process they created on a remote host. Smashery’s improvements let users run the executable within a thread of the process hosting Meterpreter and also changed the I/O for the executing thread to support pipes, allowing interaction with the spawned .NET thread, even when the other process has control over STDIN and STDOUT. The

2 min Metasploit

Metasploit Weekly Wrap-Up: 6/23/23

I like to MOVEit, MOVEit, We like to MOVEit! Party hard just like it's Mardi Gras! bwatters-r7 [https://github.com/bwatters-r7] delivered the dance moves this week with a masterful performance. The windows/http/moveit_cve_2023_34362 module is available for all your party needs, taking advantage of CVE-2023-34362 [https://attackerkb.com/topics/mXmV0YpC3W/cve-2023-34362?referrer=blog], this module gets into the MOVEit database and nets shells to help you "Keep on jumpin' off the floor"! New modul

5 min Metasploit

Metasploit Weekly Wrap-Up: Jun. 16, 2023

Metasploit T-Shirt Design Contest In honor of Metasploit's 20th anniversary, Rapid7 is launching special edition t-shirts - and we're inviting members of our community to have a hand in its creation. The contest winner will have their design featured on the shirts, which will then be available to pick up at Black Hat 2023. We will be accepting submissions from now through June 30! Contest details, design guidelines, and submission instructions here [https://docs.google.com/forms/d/e/1FAIpQLSeWU

3 min Metasploit

Metasploit Weekly Wrap-Up: Jun. 9, 2023

MOVEit It has been a busy few weeks in the security space; the MOVEit [https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/?utm_campaign=sm-blog&utm_source=twitter&utm_medium=organic-social] vulnerability filling our news feeds with dancing lemurs and a Barracuda [https://www.rapid7.com/blog/post/2023/06/08/etr-cve-2023-2868-total-compromise-of-physical-barracuda-esg-appliances/?utm_campaign=sm-ETR&utm_source=twitter,linkedin&utm_me

4 min Metasploit

Metasploit Weekly Wrap-Up: Jun. 7, 2023

Metasploit adds new support for Amazon Web Services EC2 instance enumeration with integrated session support, Apache NiFi scanners, and more

2 min Metasploit

Metasploit Weekly Wrap-Up: 6/2/23

Support added for Active Directory Certificate Services ESC4 Exploitation, and a new sudoedit extra arguments privilege escalation module

2 min Metasploit

Metasploit Weekly Wrap-Up: 5/19/23

Fetch Based Payloads: Making the Path from Command Injection to Metasploit Session Shorter This week we’re releasing Metasploit fetch payloads. Fetch payloads are command-based payloads that leverage network-enabled applications on remote hosts and different protocol servers to serve, download, and execute binary payloads. Over the last year, two thirds of the exploit modules landed to Metasploit Framework were command injection exploits. These exploits will be much easier to write with our new

4 min Metasploit

Metasploit Wrap-Up: May 12, 2023

New modules for Zyxel Router RCE, Pentaho Business Server Auth Bypass, ManageEngine ADAudit authenticated file write RCE, and HTTPTrace functionality added to scanner modules