Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Metasploit  

Metasploit Wrap-Up

Hello, World! This week’s wrapup features six new modules, including a double-dose of Synology and everyone’s favorite, Pi-Hole. Little NAS, featuring RCE Synology stations are small(ish) NAS devices, but as Steve Kaun, Nigusu Kassahun, and h00die have shown, they are not invulnerable.…

Metasploit Wrap-Up

Bad WebLogic Our own Shelby Pace authored an exploit taking advantage of a Java object deserialization vulnerability in multiple different versions of WebLogic. The new module has been tested with versions v12.1.3.0.0, v12.2.1.3.0, and v12.2.1.…

Metasploit Wrap-Up

Five new modules, including SaltStack Salt Master root key disclosure and unauthenticated RCE on Salt master and minion. A new Meterpreter fix also ensures correct handling of out-of-order packets in pivoted sessions.…

Metasploit Wrap-Up

Nine new modules, including three IBM Data Risk Manager exploits, a couple Windows privilege elevation modules, and a .NET deserialization exploit for Veeam ONE Agent. Plus, a new .NET deserialization tool that allows users to generate serialized payloads in the vein of YSoSerial.NET.…

Metasploit Wrap-up

Windows Meterpreter payload improvements Community contributor OJ has made improvements to Windows Meterpreter payloads. Specifically reducing complexity around extension building and loading. This change comes with the benefit of removing some fingerprint artifacts, as well reducing the payload size as a side-effect. Note that Windows…

Metasploit Wrap-up

Security fix for the libnotify plugin (CVE-2020-7350) If you use the libnotify plugin to keep track of when file imports complete, the interaction between it and db_import allows a maliciously crafted XML file to execute arbitrary commands on your system. In proper Metasploit fashion,…

Metasploit Wrap-up

Nexus Repository Manager RCE This week our very own Will Vu wrote a module for CVE-2020-10199 which targets a remote code execution vulnerability within the Nexus Repository Manager. The vulnerability allows Java Expression Language (JavaEL) code to be executed. While the flaw requires authentication information…

Meet AttackerKB

Meet AttackerKB: a new community-driven resource that highlights diverse perspectives on which vulnerabilities make the most appealing targets for attackers.…

Metasploit Wrap-Up

Meterpreter bug fixes and five new modules, including an LPE exploit for SMBghost (CVE-2020-0796) and a BloodHound post module that gathers information (sessions, local admin, domain trusts, etc.) and stores it as a BloodHound-consumable ZIP file in Framework loot.…

Metasploit Wrap-Up

This week's release includes a local privilege escalation exploit for VMware Fusion through 11.5.3 on OS X, as well as RCE on Apache Solr and DNN cookie deserialization.…

Metasploit Wrap-Up

Three new modules, including a post module to automate the installation of an embeddable Python interpreter on a target, and a new exploit for Microsoft SharePoint Workflows.…

How to Participate in Our Metasploit Pro Customer Survey

As a Metasploit Pro customer, we want to know what your priorities are, what challenges you’re facing, and how Metasploit Pro addresses those needs.…

Metasploit Wrap-Up

Five new modules plus fixes and enhancements. Exploits for ManageEngine, rConfig, and SQL Server Reporting Services, among others.…

Metasploit Wrap-Up

Four new modules and lots of productivity enhancements. You can now run `rubocop -a` to automatically fix most formatting issues when developing modules. Plus, try the new `tip` command in MSF for Framework usage tips!…

Metasploit Wrap-Up

Gift exchange If you're looking for remote code execution against Microsoft Exchange, Spencer McIntyre crafted up a cool new module targeting a .NET serialization vulnerability in the Exchange Control Panel (ECP) web page. Vulnerable versions of Exchange don't randomize keys on a per-installation basis, resulting…

Never miss a blog

Get the latest stories, expertise, and news about security today.