2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 4/9/21
Spilling the (Gi)tea We have two modules coming in from cdelafuente-r7 targeting CVE-2020-14144 for both the Gitea and Gogs self-hosted Git services. Both modules are similar: they take advantage of a user's ability to create Git hooks by authenticating with the web interface, creating a dummy repos
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 4/2/21
Six new modules targeting F5, SaltStack, Exchange Server, and more, plus some significant performance improvements and fixes.
5 min
Metasploit
Metasploit Wrap-Up: 3/26/21
New Exchange ProxyLogon modules, VMWare View Planner RCE, Advantech iView RCE, and more!
4 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Mar. 19, 2021
A local exploit for a Windows Server 2012 DLL hijacking vulnerability, plus a slew of fixes and improvements.
2 min
Metasploit
Metasploit Wrap-Up: 3/12/21
Three new modules for achieving code execution, a new way to play favorites, and more! Plus a Google Summer of Code announcement!
3 min
Metasploit
Metasploit Wrap-Up: 3/5/21
A new exploit for FortiOS and some module target updates.
4 min
Metasploit
Metasploit Wrap-Up: 2/26/21
Flink targeting, process herpaderping, and more in this week's Metasploit wrap-up!
4 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 2/19/21
GSoC Rocks!
In a rare double whammy, one of our 2020 Google Summer of Code (GSoC)
participants has authored a PR containing both enhancements & a new module
[https://github.com/rapid7/metasploit-framework/pull/14067]! Improvements to our
SQL injection library now allow PostgreSQL injection, and this new functionality
has been verified with both a test module AND a fully functioning module
exploiting CVE-2019-13375
[https://attackerkb.com/topics/n3vokFNBje/cve-2019-13375?referrer=blog], a
(Postgr
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 2/12/21
This installment includes a new MicroFocus RCE module, an updated Microsoft Exchange patch bypass, and items without 'Micro' in the title, too!
2 min
Metasploit
Metasploit Wrap-Up: Feb. 5, 2021
This week's edition: Baron Samedit 'sudo' exploit module, OneDrive sync enumeration, and WP credential gathering via Abandoned Cart plugin.
2 min
Vulnerability Management
Vulnerability Scanning With the Metasploit Remote Check Service (Beta Release)
InsightVM and Nexpose customers can now harness the power of the Metasploit community to assess their exposure to the latest threats.
3 min
Metasploit
Metasploit Wrap-Up: 1/29/21
Five new modules, including RCEs, arbitrary file write, and a Windows Registry check if the DementiaWheel/fanny.bmp malware exists on a target.
3 min
Metasploit
Metasploit Wrap-Up: 1/22/21
A new Microsoft Windows Spooler privesc module, along with some fixes and improvements!
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 1/15/21
Commemorating the 2020 December Metasploit community CTF
A new commemorative banner has been added to the Metasploit console to celebrate
the teams that participated in the 2020 December Metasploit community CTF
[/2020/12/07/congrats-to-the-winners-of-the-2020-december-metasploit-community-ctf/]
and achieved 100 or more points:
If you missed out on participating in this most recent event, be sure to follow
the Metasploit Twitter [https://twitter.com/metasploit] and Metasploit blog
posts [/ta
3 min
Metasploit
Metasploit Wrap-Up: 1/8/21
Eight new Metasploit modules for various targets (and outcomes!), with a good set of improvements and fixes!