Active Exploitation of Citrix NetScaler (CVE-2019-19781): What You Need to Know
A a directory traversal vulnerability was announced in the Citrix Application Discovery Controller and Citrix Gateway, which would allow a remote, unauthenticated user to write a file to a location on disk.…
Metasploit Wrap-Up
Silly admin, Citrix is for script kiddies A hot, new module has landed in Metasploit Framework this week. It takes advantage of CVE-2019-19781 which is a directory traversal vulnerability in Citrix Application Delivery Controller (ADC) and Gateway. This exploit takes advantage of unsanitized input within…
Announcing the 2020 Metasploit community CTF
Metasploit's community CTF is back! Starting January 30, players will have four days to find flags and win points and glory. Teams welcome.…
Metasploit Wrap-Up
A new OpenBSD local exploit Community contributor bcoles brings us a new exploit module for CVE-2019-19726, a vulnerability originally discovered by Qualys in OpenBSD. This vulnerability is pretty interesting in the sense that it leverages a bug in the _dl_getenv function that can be…
Memorable Metasploit Moments of 2019
Here’s a smattering of the year’s Metasploit Framework highlights from 2019. As ever, we’re grateful to and for the community that keeps us going strong.…
Metasploit Wrap-Up
With 2019 almost wrapped up, we’ve been left wondering where the time went! It’s been a busy year for Metasploit, and we’re going out on a reptile-themed note this wrap-up... Python gets compatible With the clock quickly ticking down on Python 2…
A Visit from the Spirits of HaXmas Past
In this blog, Brent Cook takes a walk down memory lane of blogs of HaXmas past.…
Metasploit Wrap-Up
It’s beginning to look a lot like HaXmas, everywhere you go! We have a great selection of gift-wrapped modules this holiday season, sure to have you entertained from one to eight nights, depending on your preference! On a personal note, we here at the…
Metasploit Wrap-Up
Powershell Express Delivery The web_delivery module is often used to deliver a payload during post exploitation by quickly firing up a local web server. Since it does not write anything on target’s disk, payloads are less likely to be caught by anti-virus protections.…
Metasploit Wrap-Up
Management delegation of shells Onur ER contributed the Ajenti auth username command injection exploit module for the vulnerability Jeremy Brown discovered and published a PoC for on 2019-10-13 (EDB 47497) against Ajenti version 2.1.31. Ajenti is an open-source web-based server admin panel written…
Discovering a New Path in Asset Discovery: A Q&A with Metasploit Founder HD Moore
In honor of the 10-year anniversary of Rapid7’s acquisition of Metasploit, our latest episode of Security Nation features an interview with its founder, HD Moore.…
Metasploit Wrap-Up
Payload payday As we blogged about yesterday, a new form of payload that is compiled directly from C when generated was added by space-7. We hope this is only the first step in a journey of applying the myriad tools that obfuscate C programs to…
Metasploit Shellcode Grows Up: Encrypted and Authenticated C Shells
Introducing encrypted, compiled payloads in Metasploit Framework 5…
Metasploit Wrap-Up
Pulse Secure VPN exploit modules, a notable BlueKeep exploit reliability improvement, and an overhaul of MSF's password cracking integration, including new support for hashcat.…
Metasploit Wrap-Up
Config R Us Many versions of network management tool rConfig are vulnerable to unauthenticated command injection, and contributor bcoles added a new exploit module for targeting those versions. Present in v3.9.2 and prior, this vulnerability centers around the install directory not being automatically…
