2 min
Metasploit
Metasploit Wrap-Up
Welcome, Little Hippo: PetitPotam
Our very own @zeroSteiner [https://github.com/zeroSteiner] ported
[https://github.com/rapid7/metasploit-framework/pull/16136] the PetitPotam
[https://github.com/topotam/PetitPotam] exploit to Metasploit this week. This
module leverages CVE-2021-36942
[https://attackerkb.com/topics/TEBmUAfeCs/cve-2021-36942?referrer=blog], a
vulnerability in the Windows Encrypting File System (EFS) API, to capture
machine NTLM hashes. This uses the EfsRpcOpenFileRaw function of t
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
A new NOP module, improvements to RPC functionality and PHP Meterpreter, and WordPress and Cisco RV exploits.
3 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up
Five new modules, including exploits for Log4Shell and SonicWall SMA 100 series devices, plus a new Meterpreter command that allows users to kill all channels at once.
3 min
Metasploit
Metasploit Wrap-Up
GitLab RCE
New Rapid7 team member jbaines-r7 [https://github.com/jbaines-r7] wrote an
exploit targeting GitLab via the ExifTool command. Exploiting this vulnerability
results in unauthenticated remote code execution as the git user. What makes
this module extra neat is the fact that it chains two vulnerabilities together
to achieve this desired effect. The first vulnerability is in GitLab itself that
can be leveraged to pass invalid image files to the ExifTool parser which
contained the second v
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Modules for Apache Server, Sophos UTM, the OMIgod RCE, and more. Plus, support for reverse port forwarding via established SSH sessions.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Metasploit's first modules targeting Kubernetes, plus Windows support for exploiting Confluence Server CVE-2021-26084.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Four new Moodle modules, plus new features to help red teamers keep track of sessions and forwarded connections.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
New modules for vCenter Server and Linux Netfilter, plus fixes and enhancements.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
More post modules than we've ever put out in a single release before, courtesy of a university project to add credential gathering capabilities based on the PackRat toolset.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
A new evasion module, an exploit for ManageEngine OpManager, fully functional shells over WinRM, and major RDP library improvements.
5 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
A new SMB server implementation to support capturing NTLM hashes across SMBv2 and SMBv3, even with encrypted SMB traffic. Plus, exploits for eBPF, Git LFS, and Geutebruck IP cameras.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
LearnPress authenticated SQL injection
Metasploit contributor h00die [https://github.com/h00die] added a new module
that exploits CVE-2020-6010
[https://attackerkb.com/topics/x12K9JOfk2/cve-2020-6010?referrer=blog], an
authenticated SQL injection vulnerability in the WordPress LearnPress plugin.
When a user is logged in with contributor privileges or higher, the id parameter
can be used to inject arbitrary code through an SQL query. This exploit can be
used to collect usernames and password hash
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
New modules for Lucee Administrator and ProxyShell, which targets on-premises Microsoft Exchange servers. Plus, tons of enhancements and fixes!
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Three new modules that deliver RCE on Atlassian Crowd and privilege escalation to SYSTEM via print drivers. Plus, a new command shell session type for SSH clients and plenty more enhancements and fixes.
3 min
Cybersecurity
When One Door Opens, Keep It Open: A New Tool for Physical Security Testing
We’ve come up with a neat little device that pentesters can use to recreate the thought process of attackers — and help organizations outsmart them.