2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
LearnPress authenticated SQL injection
Metasploit contributor h00die [https://github.com/h00die] added a new module
that exploits CVE-2020-6010
[https://attackerkb.com/topics/x12K9JOfk2/cve-2020-6010?referrer=blog], an
authenticated SQL injection vulnerability in the WordPress LearnPress plugin.
When a user is logged in with contributor privileges or higher, the id parameter
can be used to inject arbitrary code through an SQL query. This exploit can be
used to collect usernames and password hash
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
New modules for Lucee Administrator and ProxyShell, which targets on-premises Microsoft Exchange servers. Plus, tons of enhancements and fixes!
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Three new modules that deliver RCE on Atlassian Crowd and privilege escalation to SYSTEM via print drivers. Plus, a new command shell session type for SSH clients and plenty more enhancements and fixes.
3 min
Cybersecurity
When One Door Opens, Keep It Open: A New Tool for Physical Security Testing
We’ve come up with a neat little device that pentesters can use to recreate the thought process of attackers — and help organizations outsmart them.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Five new modules, including an exploit for "HiveNightmare" CVE-2021-36934, and new fixes and enhancements.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Three fresh modules for Cisco targets and rConfig, plus new enhancements and fixes.
3 min
Metasploit
Metasploit Wrap-Up
New Emby version scanner, IPFire authenticated RCE, HashiCorp Nomad RCE, Microsoft SharePoint unsafe control and ViewState RCE.
6 min
Detection and Response
Attack Surface Analysis Part 2: Penetration Testing
In this three-part series, we’ll explore key considerations and strategies for choosing an attack surface analysis strategy, and the ways it can be used to increase awareness of both technical and process-related risks.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Two new modules and a few enhancements and fixes, including improvements to the analyze command.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Updates to how modules interact with cookies, plus exploits for macOS Gatekeeper and DjVu ANT and a whole lot of fixes and enhancements.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
New session validation enhancements across command shell types verify sessions have been established and are responsive before they can be used. Plus, JSON RPC service improvements, three new modules, and more fixes and enhancements.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Spilling the (Gi)tea We have two modules coming in from cdelafuente-r7 targeting CVE-2020-14144 for both the Gitea and Gogs self-hosted Git services. Both modules are similar: they take advantage of a user's ability to create Git hooks by authenticating with the web interface, creating a dummy repos
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Six new modules targeting F5, SaltStack, Exchange Server, and more, plus some significant performance improvements and fixes.
4 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
A local exploit for a Windows Server 2012 DLL hijacking vulnerability, plus a slew of fixes and improvements.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Commemorating the 2020 December Metasploit community CTF
A new commemorative banner has been added to the Metasploit console to celebrate
the teams that participated in the 2020 December Metasploit community CTF
[/2020/12/07/congrats-to-the-winners-of-the-2020-december-metasploit-community-ctf/]
and achieved 100 or more points:
If you missed out on participating in this most recent event, be sure to follow
the Metasploit Twitter [https://twitter.com/metasploit] and Metasploit blog
posts [/ta