2 min
Metasploit
Metasploit Weekly Wrap-Up 03/01/2024
Metasploit adds an RCE exploit for ConnectWise ScreenConnect and new documentation for exploiting ESC13.
4 min
Metasploit
Metasploit Weekly Wrap-Up 02/23/2024
LDAP Capture module
Metasploit now has an LDAP capture module thanks to the work of
JustAnda7 [http://github.com/JustAnda7]. This work was completed as part of the
Google Summer of Code program.
When the module runs it will by default require privileges to listen on port
389. The module implements a default implementation for BindRequest,
SearchRequest, UnbindRequest, and will capture both plaintext credentials and
NTLM hashes which can be brute-forced offline. Upon receiving a successful Bin
5 min
Metasploit
Metasploit Weekly Wrap-Up 02/16/2024
New Fetch Payload
It has been almost a year since Metasploit released the new fetch payloads
[http://qbkk.ngskmc-eis.net/blog/post/2023/05/25/fetch-payloads-a-shorter-path-from-command-injection-to-metasploit-session/]
and since then, 43 of the 79 exploit modules have had support for fetch
payloads. The original payloads supported transferring the second stage over
HTTP, HTTPS and FTP. This week, Metasploit has expanded that protocol support to
include SMB, allowing payloads to be run using rundll3
2 min
Metasploit
Metasploit Weekly Wrap-Up 02/09/2024
Go go gadget Fortra GoAnywhere MFT Module
This Metasploit release contains a module for one of 2024's hottest
vulnerabilities to date: CVE-2024-0204. The path traversal vulnerability in
Fortra GoAnywhere MFT allows for unauthenticated attackers to access the
InitialAccountSetup.xhtml endpoint which is used during the products initial
setup to create the first administrator user. After setup has completed, this
endpoint is supposed to be no longer available. Attackers can use this
vulnerability
2 min
Metasploit
Metasploit Weekly Wrap-Up 02/02/2024
Shared RubySMB Service Improvements
This week’s updates include improvements to
[http://github.com/rapid7/metasploit-framework/pull/18680] Metasploit
Framework’s SMB server implementation: the SMB server can now be reused across
various SMB modules, which are now able to register their own unique shares and
files. SMB modules can also now be executed concurrently. Currently, there are
15 SMB modules in Metasploit Framework that utilize this feature.
New module content (2)
Mirth Connect Deseria
5 min
Metasploit
Metasploit Weekly Wrap-Up 01/26/24
Direct Syscalls Support for Windows Meterpreter
Direct system calls are a well-known technique that is often used to bypass
EDR/AV detection. This technique is particularly useful when dynamic analysis is
performed, where the security software monitors every process on the system to
detect any suspicious activity. One common way to do so is to add user-land
hooks on Win32 API calls, especially those commonly used by malware. Direct
syscalls are a way to run system calls directly and enter kernel
2 min
Metasploit
Metasploit Weekly Wrap-Up 01/19/24
Unicode your way to a php payload and three modules to add to your playbook for
Ansible
Our own jheysel-r7 added an exploit leveraging the fascinating tool of php
filter chaining to prepend a payload using encoding conversion characters and
h00die et. al. have come through and added 3 new Ansible post modules to gather
configuration information, read files, and deploy payloads. While none offer
instantaneous answers across the universe, they will certainly help in red team
exercises.
New module
2 min
Metasploit
Metasploit Weekly Wrap-Up 01/12/24
New module content (1)
Windows Gather Mikrotik Winbox "Keep Password" Credentials Extractor
Author: Pasquale 'sid' Fiorillo
Type: Post
Pull request: #18604 [http://github.com/rapid7/metasploit-framework/pull/18604]
contributed by siddolo [http://github.com/siddolo]
Path: windows/gather/credentials/winbox_settings
Description: This pull request introduces a new post module to extract the
Mikrotik Winbox credentials, which are saved in the settings.cfg.viw file when
the "Keep Password" option
2 min
Metasploit
Metasploit Weekly Wrap-Up 1/05/2024
New module content (2)
Splunk __raw Server Info Disclosure
Authors: KOF2002, h00die, and n00bhaxor
Type: Auxiliary
Pull request: #18635 [http://github.com/rapid7/metasploit-framework/pull/18635]
contributed by n00bhaxor [http://github.com/n00bhaxor]
Path: gather/splunk_raw_server_info
Description: This PR adds a module for an authenticated Splunk information
disclosure vulnerability. This module gathers information about the host machine
and the Splunk install including OS version, build, CP
8 min
Metasploit
Metasploit 2023 Annual Wrap-Up: Dec. 29, 2023
As 2023 winds down, we’re taking another look back at all the changes and
improvements to the Metasploit Framework. This year marked the 20th anniversary
since Metasploit version 1.0 was committed and the project is still actively
maintained and improved thanks to a thriving community.
Version 6.3
Early this year in January, Metasploit version 6.3
[http://qbkk.ngskmc-eis.net/blog/post/2023/01/30/metasploit-framework-6-3-released/]
was released with a number of improvements for targeting Active Dir
2 min
Metasploit
Metasploit Weekly Wrap-Up: Dec. 22, 2023
Metasploit has added exploit content for the glibc LPE CVE-2023-4911 (AKA Looney Tunables) and RCE exploits for Confluence and Vinchin Backup and Recovery.
3 min
Metasploit
Metasploit Weekly Wrap-Up: Dec. 15, 2023
Continuing the 12th Labor of Metasploit
Metasploit continues its Herculean task of increasing our toolset to tame
Kerberos by adding support for AS_REP Roasting, which allows retrieving the
password hashes of users who have Do not require Kerberos preauthentication set
on the domain controller. The setting is disabled by default, but it is enabled
in some environments.
Attackers can request the hash for any user with that option enabled, and worse
(or better?) you can query the DC to determine
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 12/8/2023
New this week: An OwnCloud gather module and a Docker cgroups container escape. Plus, an early feature that allows users to search module actions, targets, and aliases.
4 min
Metasploit
Metasploit Weekly Wrap-Up: Dec. 1, 2023
Customizable DNS resolution
Contributor smashery [http://github.com/smashery] added a new dns command to
Metasploit console, which allows the user to customize the behavior of DNS
resolution. Similarly to the route command, it is now possible to specify where
DNS requests should be sent to avoid any information leak. Before these changes,
the Framework was using the default local system configuration. Now, it is
possible to specify which DNS server should be queried based on rules that match
sp
1 min
Metasploit
Metasploit Wrap-Up: Nov. 23, 2023
Metasploit 6.3.44 released with stability improvements and module fixes