Posts by Christophe De La Fuente

3 min Metasploit

Metasploit Weekly Wrap-Up

The past, present and future of Metasploit Don't miss Spencer McIntyre's talk on the Help Net Security's blog [https://www.helpnetsecurity.com/2022/07/20/past-present-future-metasploit-video/] . Spencer is the Lead Security Researcher at Rapid7 and speaks about how Metasploit has evolved since its creation back in 2003. He also explains how the Framework is addressing today's offensive security challenges and how important is the partnership with the community. LDAP swiss army knife This week,

3 min Metasploit

Metasploit Weekly Wrap-Up

Zyxel firewall unauthenticated command injection This week, our very own Jake Baines [https://github.com/jbaines-r7] added an exploit module that leverages CVE-2022-30525 [https://attackerkb.com/topics/LbcysnvxO2/cve-2022-30525?referrer=blog], an unauthenticated remote command injection vulnerability in Zyxel firewalls with zero touch provisioning (ZTP) support. Jake is also the author of the original research and advisory [https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-f

2 min Metasploit

Metasploit Wrap-Up

Welcome, Little Hippo: PetitPotam Our very own @zeroSteiner [https://github.com/zeroSteiner] ported [https://github.com/rapid7/metasploit-framework/pull/16136] the PetitPotam [https://github.com/topotam/PetitPotam] exploit to Metasploit this week. This module leverages CVE-2021-36942 [https://attackerkb.com/topics/TEBmUAfeCs/cve-2021-36942?referrer=blog], a vulnerability in the Windows Encrypting File System (EFS) API, to capture machine NTLM hashes. This uses the EfsRpcOpenFileRaw function of t

3 min Metasploit

Metasploit Wrap-Up

Self-Service Remote Code Execution This week, our own @wvu-r7 [https://github.com/wvu-r7] added an exploit module [https://github.com/rapid7/metasploit-framework/pull/15874] that achieves unauthenticated remote code execution in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution for Active Directory. This new module leverages a REST API authentication bypass vulnerability identified as CVE-2021-40539 [https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-

5 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

A new SMB server implementation to support capturing NTLM hashes across SMBv2 and SMBv3, even with encrypted SMB traffic. Plus, exploits for eBPF, Git LFS, and Geutebruck IP cameras.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Five new modules, including an exploit for "HiveNightmare" CVE-2021-36934, and new fixes and enhancements.

2 min Metasploit

Metasploit Wrap-Up

This week's edition: Baron Samedit 'sudo' exploit module, OneDrive sync enumeration, and WP credential gathering via Abandoned Cart plugin.

3 min Metasploit

Metasploit Wrap-Up

Five new modules, and a reminder for the upcoming CTF

2 min Metasploit

Metasploit Wrap-Up

Give me your hash This week, community contributor HynekPetrak [https://github.com/HynekPetrak] added a new module [https://github.com/rapid7/metasploit-framework/pull/13906] for dumping passwords and hashes stored as attributes in LDAP servers. It uses an LDAP connection to retrieve data from an LDAP server and then harvests user credentials in specific attributes. This module can be used against any kind of LDAP server with either anonymous or authenticated bind. Particularly, it can be used

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

This week's release includes a local privilege escalation exploit for VMware Fusion through 11.5.3 on OS X, as well as RCE on Apache Solr and DNN cookie deserialization.

3 min Metasploit

Metasploit Wrap-Up

Powershell Express Delivery The web_delivery module [https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/script/web_delivery.rb] is often used to deliver a payload during post exploitation by quickly firing up a local web server. Since it does not write anything on target’s disk, payloads are less likely to be caught by anti-virus protections. However, since Microsoft added Antimalware Scan Interface (AMSI) [https://docs.microsoft.com/en-us/windows/win32/amsi/antim