2 min
Metasploit
Metasploit Weekly Wrap-Up 02/14/2025
New module content (2)
Unauthenticated RCE in NetAlertX
Authors: Chebuya (Rhino Security Labs) and Takahiro Yokoyama
Type: Exploit
Pull request: #19868 [https://github.com/rapid7/metasploit-framework/pull/19868]
contributed by Takahiro-Yoko [https://github.com/Takahiro-Yoko]
Path: linux/http/netalertx_rce_cve_2024_46506
AttackerKB reference: CVE-2024-46506
[https://attackerkb.com/search?q=CVE-2024-46506&referrer=blog]
Description: A new module for an unauthenticated remote code execution bug i
3 min
Metasploit
Metasploit Weekly Wrap-Up 02/07/2025
Gathering data and improving workflows
This week's release includes 2 new auxiliary modules targeting Argus
Surveillance DVR and Ivanti Connect Secure. The former, contributed by Maxwell
Francis, and based on the work of John Page, can be used to retrieve arbitrary
files on the target's filesystem by exploiting an unauthenticated directory
traversal vulnerability. The latter, brought by our very own Martin Šutovský
[https://github.com/msutovsky-r7], is a HTTP login scanner for Ivanti Connect
Sec
3 min
Metasploit
Metasploit Weekly Wrap-Up 01/31/25
ESC4 Detection
This week, Metasploit’s jheysel-r7 [https://github.com/jheysel-r7] updated the
existing ldap_esc_vulnerable_cert_finder module to include detecting template
objects that can be written to by the authenticated user. This means the module
can now identify instances of ESC4 from the perspective of the account that the
Metasploit operator provided the credentials for. Metasploit has been capable of
exploiting ESC4 for some time, but required users to know which certificate
templates t
2 min
Metasploit
Metasploit Weekly Wrap-Up 01/24/2025
LibreNMS Authenticated RCE module and ESC15 improvements
This week the Metasploit Framework was blessed with an authenticated RCE module
in LibreNMS, an autodiscovering PHP/MySQL-based network monitoring system. An
authenticated attacker can create dangerous directory names on the system and
alter sensitive configuration parameters through the web portal. These two
defects combined to allow arbitrary OS commands inside shell_exec() calls, thus
achieving arbitrary code execution.
Additionally, i
2 min
Metasploit
Metasploit Wrap-Up 01/17/2025
Three new Metasploit exploit modules released, including a module targeting Cleo File Transfer Software (CVE-2024-55956)
3 min
Metasploit
Metasploit Wrap-Up 01/10/2025
New module content (5)
OneDev Unauthenticated Arbitrary File Read
Authors: Siebene and vultza
Type: Auxiliary
Pull request: #19614 [https://github.com/rapid7/metasploit-framework/pull/19614]
contributed by vultza [https://github.com/vultza]
Path: gather/onedev_arbitrary_file_read
AttackerKB reference: CVE-2024-45309
[https://attackerkb.com/search?q=CVE-2024-45309&referrer=blog]
Description: This adds an exploit module for an unauthenticated arbitrary file
read vulnerability, tracked as CVE-202
11 min
Metasploit
Metasploit 2024 Annual Wrap-Up
Another year has come and gone, and the Metasploit team has taken some time to
review the year’s notable additions. This year saw some great new features
added, Metasploit 6.4 released
[https://www.rapid7.com/blog/post/2024/03/25/metasploit-framework-6-4-released/]
and a slew of new modules. We’re grateful to the community members new and old
that have submitted modules and issues this year. The real privilege escalation
was the privilege of working with the contributors and friends we made alo
2 min
Metasploit
Metasploit Weekly Wrap-Up 12/20/2024
New module content (4)
GameOver(lay) Privilege Escalation and Container Escape
Authors: bwatters-r7, g1vi, gardnerapp, and h00die
Type: Exploit
Pull request: #19460 [https://github.com/rapid7/metasploit-framework/pull/19460]
contributed by gardnerapp [https://github.com/gardnerapp]
Path: linux/local/gameoverlay_privesc
AttackerKB reference: CVE-2023-2640
[https://attackerkb.com/search?q=CVE-2023-2640&referrer=blog]
Description: Adds a module for CVE-2023-2640 and CVE-2023-32629, a local
privil
4 min
Metasploit
Metasploit Weekly Wrap-Up 12/13/2024
It’s raining RCEs!
It's the second week of December and the weather forecast announced another
storm of RCEs in Metasploit-Framework land. This weekly release includes RCEs
for Moodle e-Learning platform, Primefaces, WordPress Really Simple SSL and
CyberPanel along with two modules to change password through LDAP and SMB
protocol.
New module content (7)
Change Password
Author: smashery
Type: Auxiliary
Pull request: #19671 [https://github.com/rapid7/metasploit-framework/pull/19671]
contributed
4 min
Metasploit
Metasploit Weekly Wrap-Up 12/06/2024
Post-Thanksgiving Big Release
This week's release is an impressive one. It adds 9 new modules, which will get
you remote code execution on products such as Ivanti Connect Secure, VMware
vCenter Server, Asterisk, Fortinet FortiManager and Acronis Cyber Protect. It
also includes an account takeover on Wordpress, a local privilege escalation on
Windows and a X11 keylogger module. Finally, this release improves the
fingerprinting logic for the TeamCity login module and adds instructions about
the in
2 min
Metasploit
Metasploit Weekly Wrap-Up 11/29/2024
Four new Metasploit modules released, including CUPS IPP Attributes LAN Remote Code Execution CVE-2024-47176
3 min
Metasploit
Metasploit Weekly Wrap-Up 11/22/2024
JetBrains TeamCity Login Scanner
Metasploit added a login scanner for the TeamCity application to enable users to
check for weak credentials. TeamCity has been the subject of multiple ETR
vulnerabilities
[https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/]
and is a valuable target for attackers.
Targeted DCSync added to Windows Secrets Dump
This week, Metasploit community member smashery [ht
2 min
Metasploit
Metasploit Weekly Wrap-Up: 11/15/2024
Palo Alto Expedition RCE module
This week's release includes an exploit module for the Palo Alto Expedition
exploit chain that's been making headlines recently. The first vulnerability,
CVE-2024-5910, allows attackers to reset the password of the admin user. The
second vulnerability, CVE-2024-9464 is an authenticated OS command injection.
The module makes use of both vulnerabilities in order to obtain unauthenticated
RCE in the context of the user www-data.
New module content (1)
Palo Alto Expe
3 min
Metasploit
Metasploit Wrap-Up: 11/08/2024
RISC-V Support
This release of Metasploit Framework has added exciting new features such as new
payloads that target the RISC-V architecture. These payloads allow for the
execution of commands on compromised hardware, allowing Metasploit Framework and
Metasploit Payloads to be used in more environments.
SMB To HTTP(S) Relay
This new exploit worked on by Rapid7 contributors targets the ESC8
vulnerability. This work is a part of the recent Kerberos and Active Directory
efforts targeting multiple
6 min
Metasploit
Metasploit Weekly Wrap-Up 11/01/2024
Pool Party Windows Process Injection
This Metasploit-Framework release includes a new injection technique deployed on
core Meterpreter functionalities such as process migration and DLL Injection.
The research of a new injection technique known as PoolParty
[https://www.safebreach.com/blog/process-injection-using-windows-thread-pools/]
highlighted new ways to gain code execution on a remote process by abusing
Thread-Pool management features included on Windows kernel starting from Windows
Vista.