Posts by Grant Willcox

3 min Metasploit

Metasploit Weekly Wrap-Up

JBOSS EAP/AS - More Deserializations? Indeed! Community contributor Heyder Andrade [https://github.com/heyder] added in a new module for a Java deserialization vulnerability in JBOSS EAP/AS Remoting Unified Invoker interface for versions 6.1.0 and prior. As far as we can tell this was first disclosed by Joao Matos [https://github.com/joaomatosf] in his paper at AlligatorCon [https://s3.amazonaws.com/files.joaomatosf.com/slides/alligator_slides.pdf]. Later a PoC from Marcio Almeida [https://twit

2 min Metasploit

Metasploit Weekly Wrap-Up

SAMR Auxiliary Module A new SAMR auxiliary module has been added that allows users to add, lookup, and delete computer accounts from an AD domain. This should be useful for pentesters on engagements who need to create an AD account to gain an initial foothold into the domain for lateral movement attacks, or who need to use this functionality as an attack primitive. Note when using this module that there is a standard number of computers a user can add, so be wary that you may get STATUS_DS_MACH

2 min Metasploit

Metasploit Weekly Wrap-Up

vCenter Secret Extracter Expanding on the work of the vcenter_forge_saml_token auxiliary module, community contributor npm-cesium137-io [https://github.com/npm-cesium137-io] has added a new module for extracting the vmdir/vmafd certificates, the IdP keypair, the VMCA root cert, and anything from vmafd that has a private key associated, from an offline copy of the services database. This information can then be used with the vcenter_forge_saml_token module to gain a session cookie that grants acc

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

A new NOP module, improvements to RPC functionality and PHP Meterpreter, and WordPress and Cisco RV exploits.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Modules for Apache Server, Sophos UTM, the OMIgod RCE, and more. Plus, support for reverse port forwarding via established SSH sessions.

4 min Metasploit

Metasploit Wrap-Up

Now I Control Your Resource Planning Servers Sage X3 is a resource planning product designed by Sage Group which is designed to help established businesses plan out their business operations. But what if you wanted to do more than just manage resources? What if you wanted to hijack the resource server itself? Well wait no more, as thanks to the work of Aaron Herndon [https://www.linkedin.com/in/aaron-herndon-54079b5a/], Jonathan Peterson [https://www.linkedin.com/in/jonathan-p-004b76a1/], Will

5 min Metasploit

Metasploit Wrap-Up

New modules for Nagios, Chrome, and Haserl targets, and also many improvements and fixes!

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Exploits for Oracle Solaris CVE-2020-14871 and Windows 7 CVE-2020-1054, plus enhancements and bug fixes for Railgun and msfdb init. Happy HaXmas!

3 min Metasploit

Metasploit Wrap-Up

SharePoint DataSet/DataTable deserialization First up we have an exploit from Spencer McIntyre (@zeroSteiner) for CVE-2020-1147 [https://attackerkb.com/topics/HgtakVczYd/cve-2020-1147?referrer=blog], a deserialization vulnerability in SharePoint instances that was patched by Microsoft on July 14th 2020 and which has been getting quite a bit of attention in the news lately. This module [https://github.com/rapid7/metasploit-framework/pull/13920] utilizes Steven Seeley (@stevenseeley)'s writeup al

5 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Nine new modules, including three IBM Data Risk Manager exploits, a couple Windows privilege elevation modules, and a .NET deserialization exploit for Veeam ONE Agent. Plus, a new .NET deserialization tool that allows users to generate serialized payloads in the vein of YSoSerial.NET.