Metasploit Wrap-Up
Bad WebLogic Our own Shelby Pace authored an exploit taking advantage of a Java object deserialization vulnerability in multiple different versions of WebLogic. The new module has been tested with versions v12.1.3.0.0, v12.2.1.3.0, and v12.2.1.…
Metasploit Wrap-Up
Five new modules, including SaltStack Salt Master root key disclosure and unauthenticated RCE on Salt master and minion. A new Meterpreter fix also ensures correct handling of out-of-order packets in pivoted sessions.…
Metasploit Wrap-Up
Nine new modules, including three IBM Data Risk Manager exploits, a couple Windows privilege elevation modules, and a .NET deserialization exploit for Veeam ONE Agent. Plus, a new .NET deserialization tool that allows users to generate serialized payloads in the vein of YSoSerial.NET.…
Metasploit Wrap-up
Windows Meterpreter payload improvements Community contributor OJ has made improvements to Windows Meterpreter payloads. Specifically reducing complexity around extension building and loading. This change comes with the benefit of removing some fingerprint artifacts, as well reducing the payload size as a side-effect. Note that Windows…
Metasploit Wrap-up
Security fix for the libnotify plugin (CVE-2020-7350) If you use the libnotify plugin to keep track of when file imports complete, the interaction between it and db_import allows a maliciously crafted XML file to execute arbitrary commands on your system. In proper Metasploit fashion,…
Metasploit Wrap-up
Nexus Repository Manager RCE This week our very own Will Vu wrote a module for CVE-2020-10199 which targets a remote code execution vulnerability within the Nexus Repository Manager. The vulnerability allows Java Expression Language (JavaEL) code to be executed. While the flaw requires authentication information…
Metasploit Wrap-Up
Meterpreter bug fixes and five new modules, including an LPE exploit for SMBghost (CVE-2020-0796) and a BloodHound post module that gathers information (sessions, local admin, domain trusts, etc.) and stores it as a BloodHound-consumable ZIP file in Framework loot.…
Metasploit Wrap-Up
This week's release includes a local privilege escalation exploit for VMware Fusion through 11.5.3 on OS X, as well as RCE on Apache Solr and DNN cookie deserialization.…
Metasploit Wrap-Up
Three new modules, including a post module to automate the installation of an embeddable Python interpreter on a target, and a new exploit for Microsoft SharePoint Workflows.…
Metasploit Wrap-Up
Five new modules plus fixes and enhancements. Exploits for ManageEngine, rConfig, and SQL Server Reporting Services, among others.…
Metasploit Wrap-Up
Four new modules and lots of productivity enhancements. You can now run `rubocop -a` to automatically fix most formatting issues when developing modules. Plus, try the new `tip` command in MSF for Framework usage tips!…
Metasploit Wrap-Up
Gift exchange If you're looking for remote code execution against Microsoft Exchange, Spencer McIntyre crafted up a cool new module targeting a .NET serialization vulnerability in the Exchange Control Panel (ECP) web page. Vulnerable versions of Exchange don't randomize keys on a per-installation basis, resulting…
Metasploit Wrap-Up
Android Binder UAF, OpenNetAdmin RCE, and a slew of improvements, including colorized HttpTrace output and a better debugging experience for developers.…
Metasploit Wrap-Up
Long live copy and paste Adam Galway enhanced the set PAYLOAD command to strip the /payload/, payload/, and / prefixes from a payload name in an effort to improve the user experience while configuring an exploit's payload. You can see the new behavior below! msf5 exploit(…
Metasploit Wrap-Up
Ricoh Privilege Escalation No ink? No problem. Here’s some SYSTEM access. A new module by our own space-r7 has been added to Metasploit Framework this week that adds a privilege escalation exploit for various Ricoh printer drivers on Windows systems. This module takes advantage…
