Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

William Vu  

AUTHOR STATS:

7

The Ghost of Exploits Past: A Deep Dive into the Morris Worm

In this post, we will dive into the exploit development process for the three modules we created in honor of the 30th anniversary of the Morris worm.…

Metasploit Wrapup

Committing to some shells in GitList Shelby has been killing it with new exploit and aux modules by the day. In this iteration, she's produced an exploit for GitList 0.6.0 and likely older versions. The software is built on PHP and allows users…

Weekly Metasploit Wrapup

Scanning for the Fortinet backdoor with Metasploit Written by wvu Metasploit now implements a scanner for the Fortinet backdoor. Curious to see how to use it? Check this out! wvu@kharak:~/metasploit-framework:master$ ./msfconsole -qL msf > use auxiliary/scanner/ssh/fortinet_backdoor msf auxiliary(…

12 Days of HaXmas: RCE in Your FTP

This post is the sixth in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014. It's been quite a year for shell bugs. Of course, we…

New "show missing" Command in msfconsole

Hello, Metasploiters! Just wanted to update y'all on a new feature in msfconsole that *hopefully* should make vgrepping through module options a little easier.Show empty required optionsThe new command is show missing, and all it does is show empty required options. Instead of looking…

Making Your Printer Say "Feed Me a Kitten" and Also Exfiltrate Sensitive Data

As of this last release, PJL (HP's Printer Job Language) is now a grown-up Rex::Proto protocol! Since extending a protocol in Metasploit is beyond the scope of this post, we'll just be covering how to use the PoC modules included with the new protocol.…

12 Days of HaXmas: Finding shell_bind_tcp_random_port with Nmap and Ndiff

This post is the ninth in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements in the Metasploit Framework over the course of 2013. A few months ago, contributor geyslan submitted a cool pull request for a…