Metasploit Wrap-Up
Config R Us Many versions of network management tool rConfig are vulnerable to unauthenticated command injection, and contributor bcoles added a new exploit module for targeting those versions. Present in v3.9.2 and prior, this vulnerability centers around the install directory not being automatically…
Metasploit Wrap-Up
This week's Metasploit wrap-up ships a new exploit module against Nostromo, a directory traversal vulnerability that allows system commands to be executed remotely. Also, improvements have been made for the grub_creds module for better post exploitation experience against Unix-like machines. Plus a few bugs…
Metasploit Wrap-Up
Is URGENT/11 urgent to your world? Metasploit now has a scanner module to help find the systems that need URGENT attention. Be sure to check the options on this one; RPORTS is a list to test multiple services on each target. Thanks Ben Seri…
Metasploit Wrap-up
Nagios XI post module Nagios XI may store the credentials of the hosts it monitors, and with the new post module by Cale Smith, we're now able to extract the Nagios database content along with its SSH keys and dump them into the MSF database.…
Metasploit Wrap-up
Exploiting Windows tools There are two new Windows modules this week, both brought to you by the Metasploit team. The Windows Silent Process Exit Persistence module, from our own bwatters-r7, exploits a Windows tool that allows for debugging a specified process on exit. With escalated…
Metasploit Wrap-Up
Command and Control with DOUBLEPULSAR We now have a DOUBLEPULSAR exploit module thanks to some amazing work by our own wvu, Jacob Robles, and some significant contributions from the wider community. The module allows you to check for the DOUBLEPULSAR implant, disable it, or even…
Open-Source Command and Control of the DOUBLEPULSAR Implant
Metasploit researcher William Vu shares technical analysis behind a recent addition to Framework: a module that executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB and allows users to remotely disable the implant.…
Metasploit Wrap-Up
BlueKeep is Here The BlueKeep exploit module is now officially a part of Metasploit Framework. This module reached merged status thanks to lots of collaboration between Rapid7 and the MSF community members. The module requires some manual configuration per target, and targets include both virtualized…
Metasploit Wrap-Up
On the correct list AppLocker and Software Restriction Policies control the applications and files that users are able to run on Windows Operating Systems. These two protections have been available to the blue team for years. AppLocker is supported on Windows 7 and above, and…
Metasploit Wrap-Up
Fall is in the air, October is on the way, and it is Friday the 13th. We have a lot of updates and features that landed this week, though none are particularly spooky, and unfortunately, none are json-related…1 We recently updated our digital signing…
How Rapid7 Industry Research Strengthens InsightVM
Rapid7’s vulnerability scanner, InsightVM is backed by multiple large-scale research projects that keep it on the leading edge of vulnerability risk management.…
Metasploit Wrap-Up
At our (final!) DerbyCon Town Hall today, the Metasploit team announced the release of an initial exploit module PR for CVE-2019-0708, aka BlueKeep.…
Initial Metasploit Exploit Module for BlueKeep (CVE-2019-0708)
Today, Metasploit is releasing an initial public exploit module for CVE-2019-0708, also known as BlueKeep, as a pull request on Metasploit Framework.…
Metasploit Wrap-Up
Back to school blues Summer is winding down and while our for contributions haven't dropped off (thanks y'all!), we've been tied up with events and a heap of research. Don't despair, though: our own Brent Cook, Pearce Barry, Jeffrey Martin, and Matthew Kienow will be…
Metasploit Wrap-Up
A LibreOffice file format exploit, plus improvements to TLS and CredSSP-based fingerprinting.…
