Posts tagged Metasploit

3 min Metasploit

Metasploit Weekly Wrap-Up: 4/21/23

VMware Workspace ONE Access exploit chain A new module contributed by jheysel-r7 [] exploits two vulnerabilities in VMware Workspace ONE Access to attain Remote Code Execution as the horizon user. First being CVE-2022-22956 [], which is an authentication bypass and the second being a JDBC injection in the form of CVE-2022-22957 [] ultimately granting us RCE. The module

4 min Metasploit Weekly Wrapup

Metasploit Weekly Wrap-Up: 4/14/23

Rocket Software UniRPC Exploits Ron Bowes [] submitted two exploit modules [] for vulnerabilities he discovered [] in the UniRPC server for Rocket Software’s UniData product. The first exploit module, exploit/linux/misc/unidata_udadmin_auth_bypass exploits an authentication bypass to ultimately gain remot

2 min Metasploit

Metasploit Weekly Wrap-Up: 4/7/23

The tide rolls in and out. The flood of new modules last week crested leaving ample time for documentation updates this week. The team and the community seem to have focused on getting those sweet sprinkles of information that help everyone understand Metasploit out to the world. Enhancements and features (1) * #17458 [] from steve-embling [] - Updates the exploit/multi/misc/weblogic_deserialize_ba

7 min Metasploit

Metasploit Weekly Wrap-Up: Mar. 31, 2023

5 new modules including Windows 11 WinSock Priv Esc, SolarWinds Information Service (SWIS) RCE and AMQP Support

3 min Metasploit

Metasploit Weekly Wrap-Up: 3/24/23

Zxyel Routers Beware This week we've released a module written by first time community contributor shr70 [] that can exploit roughly 45 different Zyxel router and VPN models. The module exploits a buffer overflow vulnerability that results in unauthenticated remote code execution on affected devices. It's rare we see a module affect this many devices once and are excited to see this ship in the framework. We hope pentesters and red-teamers alike can make good use of this

3 min Metasploit

Metasploit Weekly Wrap-Up: 3/17/23

FortiNAC EITW Content Added Whilst we did have a few cool new modules added this week, one particularly interesting one was a Fortinet FortiNAC vulnerability, CVE-2022-39952 [], that was added in by team member Jack Heysel. This module exploits an unauthenticated RCE in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4,

4 min Metasploit

Metasploit Weekly Wrap-Up: Mar. 10, 2023

Wowza, a new credential gatherer and login scanner! This week Metasploit Framework gained a credential gatherer for Wowza Streaming Engine Manager. Credentials for this application are stored in a file named admin.password in a known location and the file is readable by default by BUILTIN\Users on Windows and is world readable on Linux.. The module was written by community contributor bcoles [] who also wrote a login scanner for Wowza this week. The login scanner can b

3 min Metasploit

Metasploit Weekly Wrap-Up: 3/3/23

2022 Vulnerability Intelligence Report Released Rapid7’s broader vulnerability research team released our 2022 Vulnerability Intelligence Report [] this week. The report includes Metasploit and research team data on exploitation, exploitability, and vulnerability profiles that are intended to help security teams understand and prioritize risk more effectively. Put simply, secur

2 min Metasploit

Metasploit Wrap-Up: 2/24/23

Basic discover script improvements This week two improvements were made to the script/resource/basic_discovery.rc resource script. The first update from community member samsepi0x0 [] allowed commas in the RHOSTS value, making it easier to target multiple hosts. Additionally, adfoster-r7 [] improved the script by adding better handling for error output. This continues our trend of trying to provide more useful diagnostic information to

2 min Metasploit

Metasploit Wrap-Up: 2/17/23

Cisco RV Series Auth Bypass and Command Injection Thanks to community contributor neterum [], Metasploit framework just gained an awesome new module which targets Cisco Small Business RV Series Routers. The module actually exploits two vulnerabilities, an authentication bypass CVE-2022-20705 [] and a command injection vulnerability CVE-2022-20707 [

4 min Metasploit

Metasploit Weekly Wrap-Up: 2/10/23

Taking a stroll down memory lane (Tomcat Init Script Privilege Escalation) Do you remember the issue with Tomcat init script that was originally discovered by Dawid Golunski [] back in 2016 that led to privilege escalation? This week's Metasploit release includes an exploit module for CVE-2016-1240 by h00die []. This vulnerability allows any local users who already have tomcat accounts to perform privilege escalation and gain acc

4 min Metasploit

Metasploit Weekly Wrap-Up: 2/2/23

Metasploit 6.3 is out! Earlier this week we announced the release of Metasploit 6.3 which came with a tonne of new modules and improvements. The whole team worked super hard on this and we're very excited that everyone can now get their hands on it and all of the new features it has to offer! I won't go over everything we did here because we have a whole separate blog post [] dedicated to the 6.3 release that you shou

13 min Metasploit

Metasploit Framework 6.3 Released

Metasploit Framework 6.3 is now available. New features include native Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats.

2 min Metasploit

Metasploit Weekly Wrap-Up: 1/27/23

Cacti Unauthenticated Command Injection Thanks to community contributor Erik Wynter [], Metasploit Framework now has an exploit module [] for an unauthenticated command injection vulnerability in the Cacti network-monitoring software. The vulnerability is due to a proc_open() call that accepts unsanitized user input in remote_agent.php. Provided that the target server has data that's tied to the POLLER_ACTION_S

2 min Metasploit

Metasploit Weekly Wrap-Up: 1/20/23

See something say something Have an idea on how to expand on Metasploit Documentation on Did you see a typo or some other error on the docs site? Thanks to adfoster-r7 [], submitting an update to the documentation is as easy as clicking the 'Edit this page on GitHub' link on the page you want to change. The new link will take you directly to the source in Metasploit's GitHub so you can quickly locate the Markdown [https://www.markdowng