Posts by Spencer McIntyre

3 min Vulnerability Disclosure

CVE-2022-32230: Windows SMB Denial-of-Service Vulnerability (FIXED)

With CVE-2022-32230, a remote and unauthenticated attacker can trigger a denial-of-service condition on Microsoft Windows Domain Controllers.

2 min Metasploit

Metasploit Weekly Wrap-Up

Meterpreter Debugging A consistent message Metasploit hears from users is that debugging and general logging support could be improved. The gaps in functionality make it difficult for users to understand what happens when things go wrong and for new and existing developers to fix bugs and add new features. The Metasploit team has been trying to improve this in various parts of the framework, the most recent being Meterpreter. Meterpreter payloads now have additional debugging options that can be

5 min Metasploit Weekly Wrapup

Metasploit Weekly Wrap-Up

Capture Plugin Capturing credentials is a critical and early phase in the playbook of many offensive security testers. Metasploit has facilitated this for years with protocol-specific modules all under the auxiliary/server/capture. Users can start and configure each of these modules individually, but now the capture plugin can streamline the process. The capture plugin can easily start 13 different services (17 including SSL enabled versions) on the same listening IP address including remote int

2 min Metasploit

Metasploit Weekly Wrap-Up

Exchange RCE Exchange remote code execution vulnerabilities are always valuable exploits to have. This week Metasploit added an exploit for an authenticated RCE in Microsoft Exchange servers 2016 and server 2019 identified as CVE-2021-42321 [https://attackerkb.com/topics/4JMe2Y1WSY/cve-2021-42321?referrer=blog]. The flaw leveraged by the exploit exists in a misconfigured denylist that failed to prevent a serialized blob from being loaded resulting in code execution. While this is an authenticate

6 min Hacky Holidays 2021

Metasploit 2021 Annual Wrap-Up

Like years past, 2021 brought some surprises and had its shared of celebrity vulnerabilities. Here's are the Metasploit highlights from last year.

2 min Metasploit

Congrats to the Winners of the 2021 Metasploit Community CTF

Thanks to everyone who participated in this year's Metasploit community CTF! In this post, we're announcing the winners.

2 min Metasploit

Metasploit Wrap-Up

Metasploit CTF 2021 starts today It’s that time of year again! Time for the 2021 Metasploit Community CTF [https://www.rapid7.com/blog/post/2021/11/16/announcing-the-2021-metasploit-community-ctf/] . Earlier today over 1,100 users in more than 530 teams were registered and opened for participation to solve this year’s 18 challenges. Next week a recap and the winners will be announced, so stay tuned for more information. Overlayfs LPE This week Metasploit shipped an exploit for the recent Overla

3 min Metasploit

Metasploit Wrap-Up

GitLab RCE New Rapid7 team member jbaines-r7 [https://github.com/jbaines-r7] wrote an exploit targeting GitLab via the ExifTool command. Exploiting this vulnerability results in unauthenticated remote code execution as the git user. What makes this module extra neat is the fact that it chains two vulnerabilities together to achieve this desired effect. The first vulnerability is in GitLab itself that can be leveraged to pass invalid image files to the ExifTool parser which contained the second v

3 min Metasploit

Metasploit Wrap-Up

NSClient++ Community contributor Yann Castel has contributed an exploit module for NSClient++ which targets an authenticated command execution vulnerability. Users that are able to authenticate to the service as admin can leverage the external scripts feature to execute commands with SYSTEM level privileges. This allows the underlying server to be compromised. Castel is also working on another exploit module for NSClient++ which happens to be a local privilege escalation so stay tuned for more N

3 min Metasploit

Metasploit Wrap-Up

A new exploit for FortiOS and some module target updates.

3 min Metasploit

Metasploit 2020 Wrap-Up

2020 was certainly an interesting year - let’s take a look at what it meant for Metasploit.

3 min Metasploit

Metasploit Wrap-Up

This week's wrap-up covers five new modules (including scanner, execution, and disclosure modules), some good fixes and enhancements, and more!

2 min Metasploit

Metasploit Wrap-Up

Enhancements, bug fixes, and a new SAP IGS module!

9 min Metasploit

Exploitability Analysis: Smash the Ref Bug Class

Two Metasploit researchers evaluate the "Smash the Ref" win32k bug class for exploitability and practical exploitation use cases for pen testers and red teams looking to obtain an initial foothold in the context of a standard user account.

2 min Metasploit

Metasploit Wrap-Up

vBulletin strikes again This week saw another vBulletin exploit released by returning community member Zenofex. This exploit module allows an unauthenticated attacker to run arbitrary PHP code or operating system commands on affected versions of the vBulletin web application. The vulnerability, which was also discovered by Zenofex, is identified as CVE-2020-7373 [https://attackerkb.com/topics/aIL9b0uOYc/cve-2020-7373?referrer=blog] and is effectively a bypass for a previously patched vulnerabili