Metasploit Wrap-Up
Metasploit 6 initial features and active development, the 2020 open-source security meetup (OSSM), four new modules, and the longest list of enhancements and fixes we've ever written in one sitting.…
Metasploit Wrap-Up
SharePoint DataSet/DataTable deserialization First up we have an exploit from Spencer McIntyre (@zeroSteiner) for CVE-2020-1147, a deserialization vulnerability in SharePoint instances that was patched by Microsoft on July 14th 2020 and which has been getting quite a bit of attention in the news lately.…
Metasploit Wrap-Up
Yes, it’s a huge enterprise vulnerability week (again) For our 100th release since the release of 5.0 18 months ago, our own zeroSteiner got us a nifty module for the SAP "RECON" vulnerability affecting NetWeaver version 7.30 to 7.50.…
Metasploit Wrap-Up
Plex unpickling The exploit/windows/http/plex_unpickle_dict_rce module by h00die exploits an authenticated Python deserialization vulnerability in Plex Media Server. The module exploits the vulnerability by creating a photo library and uploading a Dict file containing a Python payload to the library’…
Metasploit Wrap-Up
Intensity not on the Fujita scale SOC folks may have been feeling increased pressure as word spread of CVE-2020-5902 being exploited in the wild. Vulnerabilities in networking equipment always pose a unique set of constraints for IT operations when it comes to mitigations and patches…
Metasploit Wrap-Up
Shifting (NET)GEARs Community contributor rdomanski added a module for Netgear R6700v3 routers that allows unauthenticated attackers on the same network to reset the password for the admin user back to the factory default of password. Attackers can then manually change the admin user's password…
Metasploit Wrap-Up
Who watches the watchers? If you are checking up on an organization using Trend Micro Web Security, it might be you. A new module this week takes advantage of a chain of vulnerabilities to give everyone (read unauthenticated users) a chance to decide what threats…
Metasploit Wrap-Up
Arista Shell Escape Exploit Community contributor SecurityBytesMe added an exploit module for various Arista switches. With credentials, an attacker can SSH into a vulnerable device and leverage a TACACS+ shell configuration to bypass restrictions. The configuration allows the pipe character to be used only if…
Metasploit Wrap-Up
Windows BITS CVE-2020-0787 LPE in the Metasploit tree! This week, Grant Willcox presents his first Metasploit module contribution as part of our team. Research from itm4n yielded CVE-2020-0787, describing a vulnerability in the Windows Background Intelligent Transfer Service (BITS). This vuln can be exploited to…
Metasploit Wrap-Up
vBulletin, WordPress, and WebLogic exploits, along with some enhancements and fixes.…
Metasploit Wrap-Up
Hello, World! This week’s wrapup features six new modules, including a double-dose of Synology and everyone’s favorite, Pi-Hole. Little NAS, featuring RCE Synology stations are small(ish) NAS devices, but as Steve Kaun, Nigusu Kassahun, and h00die have shown, they are not invulnerable.…
Metasploit Wrap-Up
Bad WebLogic Our own Shelby Pace authored an exploit taking advantage of a Java object deserialization vulnerability in multiple different versions of WebLogic. The new module has been tested with versions v12.1.3.0.0, v12.2.1.3.0, and v12.2.1.…
Metasploit Wrap-Up
Five new modules, including SaltStack Salt Master root key disclosure and unauthenticated RCE on Salt master and minion. A new Meterpreter fix also ensures correct handling of out-of-order packets in pivoted sessions.…
Metasploit Wrap-Up
Nine new modules, including three IBM Data Risk Manager exploits, a couple Windows privilege elevation modules, and a .NET deserialization exploit for Veeam ONE Agent. Plus, a new .NET deserialization tool that allows users to generate serialized payloads in the vein of YSoSerial.NET.…
Metasploit Wrap-up
Windows Meterpreter payload improvements Community contributor OJ has made improvements to Windows Meterpreter payloads. Specifically reducing complexity around extension building and loading. This change comes with the benefit of removing some fingerprint artifacts, as well reducing the payload size as a side-effect. Note that Windows…
