12 min
Metasploit
Metasploit Framework 6.4 Released
Today, Metasploit is pleased to announce the release of Metasploit Framework
6.4. It has been just over a year since the release of version 6.3
[https://www.rapid7.com/blog/post/2023/01/30/metasploit-framework-6-3-released/]
and the team has added many new features and improvements since then.
For news reporters, please reach out to press@rapid7.com.
Kerberos Improvements
Metasploit 6.3 included initial support for Kerberos authentication within
Metasploit and was one of the larger features i
5 min
Metasploit
Metasploit Weekly Wrap-Up 02/16/2024
New Fetch Payload
It has been almost a year since Metasploit released the new fetch payloads
[https://www.rapid7.com/blog/post/2023/05/25/fetch-payloads-a-shorter-path-from-command-injection-to-metasploit-session/]
and since then, 43 of the 79 exploit modules have had support for fetch
payloads. The original payloads supported transferring the second stage over
HTTP, HTTPS and FTP. This week, Metasploit has expanded that protocol support to
include SMB, allowing payloads to be run using rundll3
8 min
Metasploit
Metasploit 2023 Annual Wrap-Up: Dec. 29, 2023
As 2023 winds down, we’re taking another look back at all the changes and
improvements to the Metasploit Framework. This year marked the 20th anniversary
since Metasploit version 1.0 was committed and the project is still actively
maintained and improved thanks to a thriving community.
Version 6.3
Early this year in January, Metasploit version 6.3
[https://www.rapid7.com/blog/post/2023/01/30/metasploit-framework-6-3-released/]
was released with a number of improvements for targeting Active Dir
1 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: Nov. 17, 2023
Possible Web Service Removal
Metasploit has support for running with a local database, or from a remote web
service which can be initialized with msfdb init --component webservice. Future
versions of Metasploit Framework may remove the msfdb remote webservice. Users
that leverage this functionality are invited to react on an issue currently on
GitHub [https://github.com/rapid7/metasploit-framework/issues/18439] to inform
the maintainers that the feature is used.
New module content (1)
ZoneMind
4 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 22, 2023
Improved Ticket Forging
Metasploit’s admin/kerberos/forge_ticket module has been updated to work with
Server 2022. In Windows Server 2022, Microsoft started requiring additional new
PAC elements to be present - the PAC requestor and PAC attributes. The newly
forged tickets will have the necessary elements added automatically based on the
user provided domain SID and user RID. For example:
msf6 auxiliary(admin/kerberos/forge_ticket) > run aes_key=4a52b73cf37ba06cf693c40f352e2f4d2002ef61f6031f649
4 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 15, 2023
Flask Cookies
This week includes two modules related to Flask cookie signatures. One is
specific to Apache Superset where session cookies can be resigned, allowing an
attacker to elevate their privileges and dump the database connection strings.
While adding this functionality, community member h00die
[https://github.com/h00die] also added a module for generically working with the
default session cookies used by Flask. This generic module
auxiliary/gather/python_flask_cookie_signer
[https://git
2 min
Metasploit
Metasploit Weekly Wrap-Up: Aug. 18, 2023
Meterpreter Testing
This week’s release adds new payload tests to our automated test suite. This is
intended to help the team and community members identify issues and behavior
discrepancies before changes are made. Payloads run on a variety of different
platforms including Windows, Linux, and OS X each of which has multiple
Meterpreter implementations available that are now tested to help ensure
consistency. This should improve payload stability and make testing easier for
community members tha
2 min
Metasploit
Metasploit Wrap-Up: 2/24/23
Basic discover script improvements
This week two improvements were made to the script/resource/basic_discovery.rc
resource script. The first update from community member samsepi0x0
[https://github.com/samsepi0x0] allowed commas in the RHOSTS value, making it
easier to target multiple hosts. Additionally, adfoster-r7
[https://github.com/adfoster-r7] improved the script by adding better handling
for error output. This continues our trend of trying to provide more useful
diagnostic information to
5 min
Haxmas
2022 Annual Metasploit Wrap-Up
It's been another gangbusters year for Metasploit, and the holidays are a time
to give thanks to all the people that help make our load a little bit lighter.
So, while this end-of-year wrap-up is a highlight reel of the headline features
and extensions that landed in Metasploit-land in 2022, we also want to express
our gratitude and appreciation for our stellar community of contributors,
maintainers, and users. The Metasploit team merged 824 pull requests across
Metasploit-related projects in 20
2 min
Metasploit
Metasploit Weekly Wrap-Up: 11/18/22
Pre-authenticated Remote Code Execution in VMware NSX Manager using XStream
(CVE-2021-39144)
There’s nothing quite like a pre-authenticated remote code execution
vulnerability in a piece of enterprise software. This week, community
contributor h00die-gr3y [https://github.com/h00die-gr3y] added a module
[https://github.com/rapid7/metasploit-framework/pull/17222] that targets VMware
NSX Manager using XStream. Due to an unauthenticated endpoint that leverages
XStream for input serialization in VMwa
3 min
Metasploit
Metasploit Weekly Wrap-Up: 10/21/22
Zimbra with Postfix LPE (CVE-2022-3569)
This week rbowes [https://github.com/rbowes-r7] added an LPE exploit for Zimbra
with Postfix. The exploit leverages a vulnerability whereby the Zimbra user can
run postfix as root which in turn is capable of executing arbitrary
shellscripts. This can be abused for reliable privilege escalation from the
context of the zimbra service account to root. As of this time, this
vulnerability remains unpatched.
Zimbra RCE (CVE-2022-41352)
rbowes [https://github.co
5 min
Vulnerability Disclosure
CVE-2022-31660 and CVE-2022-31661 (FIXED): VMware Workspace ONE Access, Identity Manager, and vRealize Automation LPE
The VMware Workspace ONE Access, Identity Manager, and vRealize Automation products contain a locally exploitable privilege escalation vulnerability.
4 min
Metasploit
Metasploit Weekly Wrap-Up: Jul. 29, 2022
Roxy-WI Unauthenticated RCE
This week, community member Nuri Çilengir [https://github.com/ncilengir] added
an unauthenticated RCE for Roxy-WI. Roxy-WI is an interface for managing
HAProxy, Nginx and Keepalived servers. The vulnerability can be triggered by a
specially crafted POST request to a Python script where the ipbackend parameter
is vulnerable to OS command injection. The result is reliable code execution
within the context of the web application user.
Fewer Meterpreter Scripts
Community
3 min
Vulnerability Disclosure
CVE-2022-32230: Windows SMB Denial-of-Service Vulnerability (FIXED)
With CVE-2022-32230, a remote and unauthenticated attacker can trigger a denial-of-service condition on Microsoft Windows Domain Controllers.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 4/15/22
Meterpreter Debugging
A consistent message Metasploit hears from users is that debugging and general
logging support could be improved. The gaps in functionality make it difficult
for users to understand what happens when things go wrong and for new and
existing developers to fix bugs and add new features. The Metasploit team has
been trying to improve this in various parts of the framework, the most recent
being Meterpreter. Meterpreter payloads now have additional debugging options
that can be