1 min
Metasploit
Metasploit Weekly Wrap-Up 08/23/2024
New module content (3)
Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)
Authors: Michael Heinzl and Tenable
Type: Auxiliary
Pull request: #19373 [http://github.com/rapid7/metasploit-framework/pull/19373]
contributed by h4x-x0r [http://github.com/h4x-x0r]
Path: admin/http/fortra_filecatalyst_workflow_sqli
AttackerKB reference: CVE-2024-5276
[http://attackerkb.com/search?q=CVE-2024-5276&referrer=blog]
Description: This adds an auxiliary module to exploit the CVE-2024-5276, a SQL
inj
2 min
Metasploit
Metasploit Weekly Wrap-Up 08/16/2024
New module content (3)
Apache HugeGraph Gremlin RCE
Authors: 6right and jheysel-r7
Type: Exploit
Pull request: #19348 [http://github.com/rapid7/metasploit-framework/pull/19348]
contributed by jheysel-r7 [http://github.com/jheysel-r7]
Path: linux/http/apache_hugegraph_gremlin_rce
AttackerKB reference: CVE-2024-27348
[http://attackerkb.com/search?q=CVE-2024-27348&referrer=blog]
Description: Adds an Apache HugeGraph Server exploit for GHSA-29rc-vq7f-x335
[http://github.com/advisories/GHSA-29r
1 min
Metasploit
Metasploit Weekly Wrap-Up 08/09/2024
Black Hat & DEF CON
Hopefully folks were able to catch our Rapid7 researchers @zeroSteiner
[http://x.com/zeroSteiner] & Jack Heysel show off the Metasploit 6.4's
features, focusing on combinations that allow for new, streamlined attack
workflows at Black Hat. If not they will also be demoing at DEF CON tomorrow in
room W304!
New module content (1)
Calibre Python Code Injection (CVE-2024-6782)
Authors: Amos Ng and Michael Heinzl
Type: Exploit
Pull request: #19357 [http://github.com/rapid7/meta
2 min
Metasploit
Metasploit Weekly Wrap-Up 08/02/2024
Metasploit goes to Hacker Summer Camp
Next week, Metasploit will have demos at both Black Hat
[http://www.blackhat.com/us-24/arsenal/schedule/index.html#the-metasploit-framework-39570]
and DEF CON [http://defcon.org/html/defcon-32/dc-32-demolabs.html#54186] where
the latest functionality from this year will be presented. The Black Hat demo
will be on Thursday the 8th from 10:10 to 11:25 and the DEF CON demo will be on
Saturday the 10th from 12:00 to 13:45.
The highlights will include demonst
2 min
Metasploit
Metasploit Weekly Wrap-Up 07/26/2024
New module content (3)
Magento XXE Unserialize Arbitrary File Read
Authors: Heyder and Sergey Temnikov
Type: Auxiliary
Pull request: #19304 [http://github.com/rapid7/metasploit-framework/pull/19304]
contributed by heyder [http://github.com/heyder]
Path: gather/magento_xxe_cve_2024_34102
AttackerKB reference: CVE-2024-34102
[http://attackerkb.com/search?q=CVE-2024-34102&referrer=blog]
Description: This adds an auxiliary module for an XXE which results in an
arbitrary file in Magento which is
2 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up 7/19/2024
A new unauthenticated RCE exploit for GeoServer, plus library and Meterpreter updates and enhancements.
2 min
Metasploit
Metasploit Weekly Wrap-Up 07/12/2024
The Usual Suspects
This release features two new exploits targeting old friends: Confluence and
Ivanti. CVE-2024-21683
[http://attackerkb.com/search?q=CVE-2024-21683&referrer=blog] is a very easy
vulnerability to exploit, but as pointed out in the AttackerKB Review
[http://attackerkb.com/assessments/5ad314a1-9fd7-47d7-835f-f29680b3961d?referrer=blog]
, it requires authentication as a ‘Confluence Administrator.’ On the other hand,
CVE-2024-29824 is an unauthenticated SQL Injection in Ivanti End
2 min
Metasploit
Metasploit Weekly Wrap-Up 07/05/2024
3 new modules - MOVEit Transfer authentication bypass CVE-2024-5806, Zyxel command injection, and Azure CLI credentials gatherer
2 min
Metasploit
Metasploit Weekly Wrap-Up 06/28/2024
Unauthenticated Command Injection in Netis Router
This week's Metasploit release includes an exploit module for an unauthenticated
command injection vulnerability in the Netis MW5360 router which is being
tracked as CVE-2024-22729. The vulnerability stems from improper handling of the
password parameter within the router's web interface which allows for command
injection. Fortunately for attackers, the router's login page authorization can
be bypassed by simply deleting the authorization header,
3 min
Metasploit
Metasploit Weekly Wrap-Up 06/21/2024
Argument Injection for PHP on Windows
This week includes modules that target file traversal and arbitrary file read
vulnerabilities for software such as Apache, SolarWinds and Check Point, with
the highlight being a module for the recent PHP vulnerability submitted by
sfewer-r7 [http://github.com/sfewer-r7]. This module exploits an argument
injection vulnerability, resulting in remote code execution and a Meterpreter
shell running in the context of the Administrator user.
Note, that this attac
3 min
Metasploit
Metasploit Weekly Wrap-Up 06/14/2024
New module content (5)
Telerik Report Server Auth Bypass
Authors: SinSinology and Spencer McIntyre
Type: Auxiliary
Pull request: #19242 [http://github.com/rapid7/metasploit-framework/pull/19242]
contributed by zeroSteiner [http://github.com/zeroSteiner]
Path: scanner/http/telerik_report_server_auth_bypass
AttackerKB reference: CVE-2024-4358
[http://attackerkb.com/search?q=CVE-2024-4358?referrer=blog]
Description: This adds an exploit for CVE-2024-4358 which is an authentication
bypass in Te
2 min
Metasploit
Metasploit Weekly Wrap-Up 06/07/2024
New OSX payloads:ARMed and Dangerous
In addition to an RCE leveraging CVE-2024-5084 to gain RCE through a WordPress
Hash form, this release features the addition of several new binary OSX
stageless payloads with aarch64 support: Execute Command, Shell Bind TCP, and
Shell Reverse TCP.
The new osx/aarch64/shell_bind_tcp payload opens a listening port on the target
machine, which allows the attacker to connect to this open port to spawn a
command shell using the user provided command using the exe
2 min
Metasploit
Metasploit Weekly Wrap-Up 05/31/2024
Quis dīrumpet ipsos dīrumpēs
In this release, we feature a double-double: two exploits each targeting two
pieces of software. The first pair is from h00die [http://github.com/h00die]
targeting the Jasmine Ransomeware Web Server. The first uses CVE-2024-30851 to
retrieve the login for the ransomware server, and the second is a directory
traversal vulnerability allowing arbitrary file read. The second pair from Dave
Yesland of Rhino Security targets Progress Flowmon with CVE-2024-2389 and it
pai
3 min
Metasploit
Metasploit Weekly Wrap-Up 05/23/2024
Infiltrate the Broadcast!
A new module from Chocapikk [http://github.com/Chocapikk] allows the user to
perform remote code execution on vulnerable versions of streaming platform
AVideo (12.4 - 14.2). The multi/http/avideo_wwbnindex_unauth_rce module
leverages CVE-2024-31819
[http://attackerkb.com/topics/y127ezofMQ/cve-2024-31819], a vulnerability to
PHP Filter Chaining, to gain unauthenticated and unprivileged access, earning it
an attacker value of High on AttackerKB
[http://attackerkb.com/t
3 min
Metasploit
Metasploit Wrap-Up 05/17/2024
LDAP Authentication Improvements
This week, in Metasploit v6.4.9, the team has added multiple improvements for
LDAP related attacks. Two improvements relating to authentication is the new
support for Signing [http://github.com/rapid7/metasploit-framework/pull/19127]
and Channel Binding [http://github.com/rapid7/metasploit-framework/pull/19132].
Microsoft has been making changes
[http://support.microsoft.com/en-gb/topic/2020-2023-and-2024-ldap-channel-binding-and-ldap-signing-requirements-for