2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: May 17, 2019
Take a moment from this week's barrage of vulnerabilities in seemingly everything to see the cool stuff happening with the Metasploit team of contributors: a video interview between two greats, a new exploit module in GetSimple CMS, and a whole host of improvements.
1 min
Research
A Serial Problem: Exploitation and Exposure of Java Serialized Objects
In our new research report, we take a look at Java Serialized Objects (JSOs), which are a reliable threat vector and present a rising threat to enterprise networks.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 3/1/19
An improvement to HTTP command stagers allows exploits to write on-disk stagers to the location of your choosing.
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 11/2/18
Today marks the 30th anniversary of the Morris worm. We were hit by a wave of nostalgia, so here's a little history and a module-trip down memory lane courtesy of wvu.
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 7/27/18
CMS Exploitation Made Simple
"CMS Made Simple" is an open-source Content Management System. Mustafa Hasen
discovered and reported [http://dev.cmsmadesimple.org/bug/view/11741] that
versions 2.2.5 and 2.2.7 include a vulnerability in file uploads that permit an
authenticated attacker to gain execution of arbitrary PHP scripts. The
multi/http/cmsms_upload_rename_rce
[https://www.rapid7.com/db/modules/exploit/multi/http/cmsms_upload_rename_rce]
exploit module uses our PHP Meterpreter to gain full
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup 5/25/18
Bonjour!
Que désirez-vous?
We want to know what you'd like to see out of our latest Metasploit
improvements. Please take a moment to fill out our community survey to help
shape Metasploit's new backend data service. Tell us how you use the Metasploit
database, which Metasploit data you use with other tools, how you need to store
data from modules you've written, and so on. Please take our survey!
[https://docs.google.com/forms/d/e/1FAIpQLSckVYKP9qVg_VSQcYPoFaYperYFBfmjfZXwi6jIxDokdext6Q/viewfor
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 4/20/18
You may have noticed that our weekly wrapups
[https://www.rapid7.com/blog/tag/metasploit-weekly-wrapup/] tend to be very
light-hearted. A few might say our blog is humourous. Some might even argue that
they incorporate low-brow internet jokes and an excessive quantity of memes.
Well, I'm here to say we've turned over a new leaf. No longer will cheap comedy
cover the pages of this professional publication.
In honor of April 20th, this blog post will remain serious.
Seriously.
Google Summer of
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 3/16/18
Return of the GSoC!
The Metasploit project is proud to return to Google Summer of Code this year.
Student applications are open until March 27th, so there's still time to get in!
Coding begins on May 14th, and we're eager to hear what you'd like to see added
to Metasploit. Not only do you get to work on a cool project, but you'll get
paid too [https://developers.google.com/open-source/gsoc/help/student-stipends]!
Need some inspiration? Check out our list of project ideas
[https://github.com/rapi
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Jan. 12, 2018
'Sploits! Get yer 'sploits heeere!
Lots of fresh modules this week with six shiny new exploits to showcase—but
first, a blast from the past:
1992 Called
Solaris wants to help you get password hashes and they've invented the NIS
[https://en.wikipedia.org/wiki/Network_Information_Service] protocol. The next
time you find a Solaris box, locked in a closet, that three generations of
sysadmins have been afraid to touch, you can dump hashes straight to your
Metasploit loot [https://github.com/rapi