2 min
Metasploit
Metasploit Weekly Wrap up
This week's weekly wrapup includes two new Metasploit modules - Piwigo Gather Credentials via SQL Injection ( CVE-2023-26876 ) and Openfire authentication bypass with RCE plugin (CVE-2023-32315)
2 min
Metasploit
Metasploit Weekly Wrap-Up
Authentication bypass in Wordpress Plugin WooCommerce Payments
This week's Metasploit release includes a module for CVE-2023-28121 by h00die
[https://github.com/h00die]. This module can be used against any wordpress
instance that uses WooCommerce payments < 5.6.1. This module exploits an auth
by-pass vulnerability in the WooCommerce WordPress plugin. You can simply add a
header to execute the bypass and use the API to create a new admin user in
Wordpress.
New module content (3)
Wordpress Plugin
2 min
Metasploit
Metasploit Weekly Wrap-Up
Apache RocketMQ
We saw some great teamwork this week from jheysel-r7
[https://github.com/jheysel-r7] and h00die [https://github.com/h00die] to bring
you an exploit module for CVE-2023-33246
[https://attackerkb.com/topics/YBI7e7fY0a/cve-2023-33246?referrer=blog].
In Apache RocketMQ version 5.1.0 and under, there is an access control issue
which the module leverages to update the broker's configuration file without
authentication. From here we can gain remote code execution as whichever user is
ru
2 min
Metasploit
Metasploit Weekly Wrap-Up
Nothing but .NET?
Smashery continues to… smash it by updating our .NET assembly execution module.
The original module allowed users to run a .NET exe as a thread within a process
they created on a remote host. Smashery’s improvements let users run the
executable within a thread of the process hosting Meterpreter and also changed
the I/O for the executing thread to support pipes, allowing interaction with the
spawned .NET thread, even when the other process has control over STDIN and
STDOUT. The
2 min
Metasploit
Metasploit Weekly Wrap-Up
I like to MOVEit, MOVEit, We like to MOVEit!
Party hard just like it's Mardi Gras! bwatters-r7
[https://github.com/bwatters-r7] delivered the dance moves this week with a
masterful performance. The windows/http/moveit_cve_2023_34362 module is
available for all your party needs, taking advantage of CVE-2023-34362
[https://attackerkb.com/topics/mXmV0YpC3W/cve-2023-34362?referrer=blog], this
module gets into the MOVEit database and nets shells to help you "Keep on
jumpin' off the floor"!
New modul
5 min
Metasploit
Metasploit Weekly Wrap-Up
Metasploit T-Shirt Design Contest
In honor of Metasploit's 20th anniversary, Rapid7 is launching special edition
t-shirts - and we're inviting members of our community to have a hand in its
creation. The contest winner will have their design featured on the shirts,
which will then be available to pick up at Black Hat 2023.
We will be accepting submissions from now through June 30! Contest details,
design guidelines, and submission instructions here
[https://docs.google.com/forms/d/e/1FAIpQLSeWU
3 min
Metasploit
Metasploit Weekly Wrap-Up
MOVEit
It has been a busy few weeks in the security space; the MOVEit
[https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/?utm_campaign=sm-blog&utm_source=twitter&utm_medium=organic-social]
vulnerability filling our news feeds with dancing lemurs and a Barracuda
[https://www.rapid7.com/blog/post/2023/06/08/etr-cve-2023-2868-total-compromise-of-physical-barracuda-esg-appliances/?utm_campaign=sm-ETR&utm_source=twitter,linkedin&utm_me
4 min
Metasploit
Metasploit Weekly Wrap-Up
Metasploit adds new support for Amazon Web Services EC2 instance enumeration with integrated session support, Apache NiFi scanners, and more
2 min
Metasploit
Metasploit Weekly Wrap-Up
Support added for Active Directory Certificate Services ESC4 Exploitation, and a new sudoedit extra arguments privilege escalation module
6 min
Metasploit
Fetch Payloads: A Shorter Path from Command Injection to Metasploit Session
Rapid7 is pleased to announce the availability of Metasploit fetch payloads, which increase efficiency and user control over the commands executed.
2 min
Metasploit
Metasploit Weekly Wrap-Up
Fetch Based Payloads: Making the Path from Command Injection to Metasploit
Session Shorter
This week we’re releasing Metasploit fetch payloads. Fetch payloads are
command-based payloads that leverage network-enabled applications on remote
hosts and different protocol servers to serve, download, and execute binary
payloads. Over the last year, two thirds of the exploit modules landed to
Metasploit Framework were command injection exploits. These exploits will be
much easier to write with our new
4 min
Metasploit
Metasploit Wrap-up
New modules for Zyxel Router RCE, Pentaho Business Server Auth Bypass, ManageEngine ADAudit authenticated file write RCE, and HTTPTrace functionality added to scanner modules
3 min
Metasploit
Metasploit Weekly Wrap-Up
Throw another log [file] on the fire
Our own Stephen Fewer authored a module targeting CVE-2023-26360
[https://attackerkb.com/topics/F36ClHTTIQ/cve-2023-26360?referrer=blog]
affecting ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update
15 and earlier. The vulnerability allows multiple paths to code execution, but
our module works by leveraging a request that will result in the server
evaluating the ColdFusion Markup language on an arbitrary file on the remote
system. This all
2 min
Metasploit
Metasploit Weekly Wrap-Up
Scanner That Pulls Sensitive Information From Joomla Installations
This week's Metasploit release includes a module for CVE-2023-23752 by h00die
[https://github.com/h00die]. Did you know about the improper API access
vulnerability in Joomla installations, specifically Joomla versions between
4.0.0 and 4.2.7, inclusive? This vulnerability allows unauthenticated users
access to web service endpoints which contain sensitive information such as user
and config information. This module can be used to
3 min
Metasploit
Metasploit Weekly Wrap-Up
VMware Workspace ONE Access exploit chain
A new module contributed by jheysel-r7 [https://github.com/jheysel-r7] exploits
two vulnerabilities in VMware Workspace ONE Access to attain Remote Code
Execution as the horizon user.
First being CVE-2022-22956 [https://github.com/advisories/GHSA-54hw-pp59-j3rc],
which is an authentication bypass and the second being a JDBC injection in the
form of CVE-2022-22957 [https://github.com/advisories/GHSA-cqx6-4jgp-26m2]
ultimately granting us RCE.
The module