3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Five new modules, including an exploit for "HiveNightmare" CVE-2021-36934, and new fixes and enhancements.
Read Full Post
4 min
Metasploit
Metasploit Wrap-Up
Now I Control Your Resource Planning Servers
Sage X3 is a resource planning product designed by Sage Group which is designed
to help established businesses plan out their business operations. But what if
you wanted to do more than just manage resources? What if you wanted to hijack
the resource server itself? Well wait no more, as thanks to the work of Aaron
Herndon [https://www.linkedin.com/in/aaron-herndon-54079b5a/], Jonathan Peterson
[https://www.linkedin.com/in/jonathan-p-004b76a1/], Will
Read Full Post
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Four new modules, with improvements to Eternal Blue support, and AmSi 0BfuSc@t!on for Powershell payloads
Read Full Post
2 min
Metasploit
Metasploit Wrap-up
A new module for CVE-2021-34527, dubbed PrintNightmare, and a local privilege escalation module for NSClient++
Read Full Post
2 min
Metasploit
Metasploit Wrap-Up
Containers that fail to Contain
Our own Christophe De La Fuente added a module for CVE-2019-5736 based on the
work of Adam Iwaniuk that breaks out of a Docker container by overwriting the
runc binary of an image which is run in the user context whenever someone
outside the container runs docker exec to make a request of the container.
Execute an Image Please, Wordpress
Community contributor Alexandre Zanni sent us a PR that uses native PHP
functions to upload a file as an image attachment to Wo
Read Full Post
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Three fresh modules for Cisco targets and rConfig, plus new enhancements and fixes.
Read Full Post
3 min
Metasploit
Metasploit Wrap-Up
New Emby version scanner, IPFire authenticated RCE, HashiCorp Nomad RCE, Microsoft SharePoint unsafe control and ViewState RCE.
Read Full Post
3 min
Metasploit
Metasploit Wrap-Up
NSClient++
Community contributor Yann Castel has contributed an exploit module for
NSClient++ which targets an authenticated command execution vulnerability. Users
that are able to authenticate to the service as admin can leverage the external
scripts feature to execute commands with SYSTEM level privileges. This allows
the underlying server to be compromised. Castel is also working on another
exploit module for NSClient++ which happens to be a local privilege escalation
so stay tuned for more N
Read Full Post
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Two new modules and a few enhancements and fixes, including improvements to the analyze command.
Read Full Post
3 min
Metasploit
Metasploit Wrap-Up
In the spirit of cool module content, there's a new SMBGhost RCE module, plus a hefty set of enhancements and fixes!
Read Full Post
3 min
Metasploit
Metasploit Wrap-Up
New modules for gathering (info+config!), escalation (of privilege!), and execution (of code!).
Read Full Post
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Updates to how modules interact with cookies, plus exploits for macOS Gatekeeper and DjVu ANT and a whole lot of fixes and enhancements.
Read Full Post
3 min
Metasploit
Metasploit Wrap-Up
New modules that include Active Directory, Chrome, and Micro Focus targets. And we also reached-and-passed our 15,000th PR!!
Read Full Post
3 min
Metasploit
Metasploit Wrap-Up
New modules for vRealize, Druid, Redis, and more! Also some nice improvements and fixes.
Read Full Post
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
New session validation enhancements across command shell types verify sessions have been established and are responsive before they can be used. Plus, JSON RPC service improvements, three new modules, and more fixes and enhancements.
Read Full Post