Metasploit Wrap-Up
A bug fix for EternalBlue on Metasploit 6, four new modules, and a bunch of enhancements.…
Metasploit Wrap-Up
Hacktoberfest 2020 and wisdom from around the Metasploit water cooler. Keep an eye out for more info on the next Metasploit community CTF (coming soon).…
Metasploit Wrap-Up
Enhancements, bug fixes, and a new SAP IGS module!…
Metasploit Wrap-Up
Windows secrets dump, an 'in' with Safari, and more!…
Metasploit Wrap-up
Nine new modules, including a module for Zerologon, a new SOCKS module, some privilege escalations, and another Java deserialization exploit.…
Metasploit Wrap-Up
Six new modules this week, and a good group of enhancements and fixes!…
Metasploit Wrap-Up
Three new modules, including a Pwn2Own addition for OS X, plus proxy support for Python Meterpreter, new search improvements, and a reminder of how to report security issues in Metasploit.…
Metasploit Wrap-Up
New reflective PE file loader, a new module, new search improvements, and updates on Google Summer of Code projects.…
Metasploit Wrap-Up
Give me your hash This week, community contributor HynekPetrak added a new module for dumping passwords and hashes stored as attributes in LDAP servers. It uses an LDAP connection to retrieve data from an LDAP server and then harvests user credentials in specific attributes. This…
Metasploit Wrap-Up
Setting module options just got easier! Rapid7's own Dean Welch added a new option to framework called RHOST_HTTP_URL, which allows users to set values for multiple URL components, such as RHOSTS, RPORT, and SSL, by specifying a single option value. For example, instead…
Metasploit Wrap-Up
vBulletin strikes again This week saw another vBulletin exploit released by returning community member Zenofex. This exploit module allows an unauthenticated attacker to run arbitrary PHP code or operating system commands on affected versions of the vBulletin web application. The vulnerability, which was also discovered…
Metasploit Wrap-Up
Metasploit 6 initial features and active development, the 2020 open-source security meetup (OSSM), four new modules, and the longest list of enhancements and fixes we've ever written in one sitting.…
Metasploit Wrap-Up
SharePoint DataSet/DataTable deserialization First up we have an exploit from Spencer McIntyre (@zeroSteiner) for CVE-2020-1147, a deserialization vulnerability in SharePoint instances that was patched by Microsoft on July 14th 2020 and which has been getting quite a bit of attention in the news lately.…
Metasploit Wrap-Up
Yes, it’s a huge enterprise vulnerability week (again) For our 100th release since the release of 5.0 18 months ago, our own zeroSteiner got us a nifty module for the SAP "RECON" vulnerability affecting NetWeaver version 7.30 to 7.50.…
Metasploit Wrap-Up
Plex unpickling The exploit/windows/http/plex_unpickle_dict_rce module by h00die exploits an authenticated Python deserialization vulnerability in Plex Media Server. The module exploits the vulnerability by creating a photo library and uploading a Dict file containing a Python payload to the library’…
