Posts tagged Penetration Testing

9 min Metasploit

Announcing Metasploit 6.2

Metasploit 6.2.0 has been released, marking another milestone that includes new modules, features, improvements, and bug fixes.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Five new modules targeting Windows, Linux, macOS, and more. Plus, updates to the Log4Shell scanner and a new Windows Meterpreter option to enable additional logging visible in DbgView

4 min Research

Cloud Pentesting, Pt. 3: The Impact of Ecosystem Maturity

Now that we’ve covered the basics of cloud pentesting and the style in which a cloud environment could be attacked, let’s turn our attention to the entirety of this ecosystem.

7 min Research

Cloud Pentesting, Pt. 2: Testing Across Different Deployments

Pentesting in the cloud is just like on-premise, right? It depends on how a customer has set up their cloud deployment.

4 min Research

Cloud Pentesting, Pt. 1: Breaking Down the Basics

More and more customers are looking to get a pentest done in their cloud deployment. What does that mean?

2 min Metasploit

Metasploit Wrap-Up

Welcome, Little Hippo: PetitPotam Our very own @zeroSteiner [https://github.com/zeroSteiner] ported [https://github.com/rapid7/metasploit-framework/pull/16136] the PetitPotam [https://github.com/topotam/PetitPotam] exploit to Metasploit this week. This module leverages CVE-2021-36942 [https://attackerkb.com/topics/TEBmUAfeCs/cve-2021-36942?referrer=blog], a vulnerability in the Windows Encrypting File System (EFS) API, to capture machine NTLM hashes. This uses the EfsRpcOpenFileRaw function of t

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

A new NOP module, improvements to RPC functionality and PHP Meterpreter, and WordPress and Cisco RV exploits.

3 min Metasploit Weekly Wrapup

Metasploit Weekly Wrap-Up

Five new modules, including exploits for Log4Shell and SonicWall SMA 100 series devices, plus a new Meterpreter command that allows users to kill all channels at once.

3 min Metasploit

Metasploit Wrap-Up

GitLab RCE New Rapid7 team member jbaines-r7 [https://github.com/jbaines-r7] wrote an exploit targeting GitLab via the ExifTool command. Exploiting this vulnerability results in unauthenticated remote code execution as the git user. What makes this module extra neat is the fact that it chains two vulnerabilities together to achieve this desired effect. The first vulnerability is in GitLab itself that can be leveraged to pass invalid image files to the ExifTool parser which contained the second v

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Modules for Apache Server, Sophos UTM, the OMIgod RCE, and more. Plus, support for reverse port forwarding via established SSH sessions.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Metasploit's first modules targeting Kubernetes, plus Windows support for exploiting Confluence Server CVE-2021-26084.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Four new Moodle modules, plus new features to help red teamers keep track of sessions and forwarded connections.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

New modules for vCenter Server and Linux Netfilter, plus fixes and enhancements.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

More post modules than we've ever put out in a single release before, courtesy of a university project to add credential gathering capabilities based on the PackRat toolset.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

A new evasion module, an exploit for ManageEngine OpManager, fully functional shells over WinRM, and major RDP library improvements.