Posts tagged Metasploit

2 min Metasploit

Metasploit Weekly Wrap-Up 12/20/2024

New module content (4) GameOver(lay) Privilege Escalation and Container Escape Authors: bwatters-r7, g1vi, gardnerapp, and h00die Type: Exploit Pull request: #19460 [http://github.com/rapid7/metasploit-framework/pull/19460] contributed by gardnerapp [http://github.com/gardnerapp] Path: linux/local/gameoverlay_privesc AttackerKB reference: CVE-2023-2640 [http://attackerkb.com/search?q=CVE-2023-2640&referrer=blog] Description: Adds a module for CVE-2023-2640 and CVE-2023-32629, a local privil

4 min Metasploit

Metasploit Weekly Wrap-Up 12/13/2024

It’s raining RCEs! It's the second week of December and the weather forecast announced another storm of RCEs in Metasploit-Framework land. This weekly release includes RCEs for Moodle e-Learning platform, Primefaces, WordPress Really Simple SSL and CyberPanel along with two modules to change password through LDAP and SMB protocol. New module content (7) Change Password Author: smashery Type: Auxiliary Pull request: #19671 [http://github.com/rapid7/metasploit-framework/pull/19671] contributed

4 min Metasploit

Metasploit Weekly Wrap-Up 12/06/2024

Post-Thanksgiving Big Release This week's release is an impressive one. It adds 9 new modules, which will get you remote code execution on products such as Ivanti Connect Secure, VMware vCenter Server, Asterisk, Fortinet FortiManager and Acronis Cyber Protect. It also includes an account takeover on Wordpress, a local privilege escalation on Windows and a X11 keylogger module. Finally, this release improves the fingerprinting logic for the TeamCity login module and adds instructions about the in

2 min Metasploit

Metasploit Weekly Wrap-Up 11/29/2024

Four new Metasploit modules released, including CUPS IPP Attributes LAN Remote Code Execution CVE-2024-47176

3 min Metasploit

Metasploit Weekly Wrap-Up 11/22/2024

JetBrains TeamCity Login Scanner Metasploit added a login scanner for the TeamCity application to enable users to check for weak credentials. TeamCity has been the subject of multiple ETR vulnerabilities [http://9zme.mblayst.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/] and is a valuable target for attackers. Targeted DCSync added to Windows Secrets Dump This week, Metasploit community member smashery [ht

2 min Metasploit

Metasploit Weekly Wrap-Up: 11/15/2024

Palo Alto Expedition RCE module This week's release includes an exploit module for the Palo Alto Expedition exploit chain that's been making headlines recently. The first vulnerability, CVE-2024-5910, allows attackers to reset the password of the admin user. The second vulnerability, CVE-2024-9464 is an authenticated OS command injection. The module makes use of both vulnerabilities in order to obtain unauthenticated RCE in the context of the user www-data. New module content (1) Palo Alto Expe

3 min Metasploit

Metasploit Wrap-Up: 11/08/2024

RISC-V Support This release of Metasploit Framework has added exciting new features such as new payloads that target the RISC-V architecture. These payloads allow for the execution of commands on compromised hardware, allowing Metasploit Framework and Metasploit Payloads to be used in more environments. SMB To HTTP(S) Relay This new exploit worked on by Rapid7 contributors targets the ESC8 vulnerability. This work is a part of the recent Kerberos and Active Directory efforts targeting multiple

6 min Metasploit

Metasploit Weekly Wrap-Up 11/01/2024

Pool Party Windows Process Injection This Metasploit-Framework release includes a new injection technique deployed on core Meterpreter functionalities such as process migration and DLL Injection. The research of a new injection technique known as PoolParty [http://www.safebreach.com/blog/process-injection-using-windows-thread-pools/] highlighted new ways to gain code execution on a remote process by abusing Thread-Pool management features included on Windows kernel starting from Windows Vista.

2 min Metasploit

Metasploit Weekly Wrap-Up 10/25/2024

Hackers and Vampires Agree: Every Byte Counts Headlining the release today is a new exploit module by jheysel-r7 [http://github.com/jheysel-r7] that chains two vulnerabilities to target Magento/Adobe Commerce systems: the first, CVE-2024-34102 [http://attackerkb.com/search?q=CVE-2024-34102&referrer=blog] is an arbitrary file read used to determine the version and layout of the glibc library, and the second, CVE-2024-2961 [http://attackerkb.com/search?q=CVE-2024-2961&referrer=blog] is a single

3 min Metasploit

Metasploit Weekly Wrap-Up 10/18/2024

ESC15: EKUwu AD CS continues to be a popular target for penetration testers and security practitioners. The latest escalation technique (hence the the ESC in ESC15) was discovered [http://trustedsec.com/blog/ekuwu-not-just-another-ad-cs-esc] by Justin Bollinger [http://x.com/bandrel] with details being released just last week. This latest configuration flaw has common issuance requirements to other ESC flaws such as requiring no authorized signatures or manager approval. Additionally, templa

2 min Metasploit

Metasploit Weekly Wrap-Up 10/04/2024

New module content (3) cups-browsed Information Disclosure Authors: bcoles and evilsocket Type: Auxiliary Pull request: #19510 [http://github.com/rapid7/metasploit-framework/pull/19510] contributed by bcoles [http://github.com/bcoles] Path: scanner/misc/cups_browsed_info_disclosure Description: Adds scanner module to retrieve CUPS version and kernel version information from cups-browsed services. Acronis Cyber Infrastructure default password remote code execution Authors: Acronis Internatio

3 min Metasploit

Metasploit Weekly Wrap-Up 09/27/2024

Epic Release! This week's release includes 5 new modules, 6 enhancements, 4 fixes and 1 documentation update. Among the new additions, we have an account take over, SQL injection, RCE, and LPE! Thank you to all the contributors who made it possible! New Module Content (5) Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419) Authors: Michael Heinzl and Mohammed Adel Type: Auxiliary Pull request: #19375 [http://github.com/rapid7/metasploit-framework/pull/19375] contribut

2 min Metasploit

Metasploit Weekly Wrap-Up 09/20/2024

New module content (3) update-motd.d Persistence Author: Julien Voisin Type: Exploit Pull request: #19454 [http://github.com/rapid7/metasploit-framework/pull/19454] contributed by jvoisin [http://github.com/jvoisin] Path: linux/local/motd_persistence Description: This adds a post module to keep persistence on a Linux target by writing a motd [http://manpages.ubuntu.com/manpages/trusty/man5/update-motd.5.html] bash script triggered with root privileges every time a user logs into the system

2 min Metasploit

Metasploit Weekly Wrap-Up 09/13/2024

SPIP Modules This week brings more modules targeting the SPIP publishing platform. SPIP has gained some attention from Metasploit community contributors recently and has inspired some PHP payload and encoder improvements. New module content (2) SPIP BigUp Plugin Unauthenticated RCE Authors: Julien Voisin, Laluka, Valentin Lobstein, and Vozec Type: Exploit Pull request: #19444 [http://github.com/rapid7/metasploit-framework/pull/19444] contributed by Chocapikk [http://github.com/Chocapikk] Pat

2 min Metasploit

Metasploit Weekly Wrap-Up 09/06/2024

Honey, I shrunk the PHP payloads This release contains more PHP payload improvements from Julien Voisin. Last week we landed a PR from Julien that added a datastore option to the php/base64 encoder that when enabled, will use zlib to compress the payload which significantly reduced the size, bringing a payload of 4040 bytes down to a mere 1617 bytes. This week's release includes a php/minify encoder which removes all unnecessary characters from the payload including comments, empty lines, leadin