Posts tagged Metasploit Weekly Wrapup

5 min Metasploit

Metasploit Weekly Wrap-Up 01/26/24

Direct Syscalls Support for Windows Meterpreter Direct system calls are a well-known technique that is often used to bypass EDR/AV detection. This technique is particularly useful when dynamic analysis is performed, where the security software monitors every process on the system to detect any suspicious activity. One common way to do so is to add user-land hooks on Win32 API calls, especially those commonly used by malware. Direct syscalls are a way to run system calls directly and enter kernel

2 min Metasploit

Metasploit Weekly Wrap-Up 01/19/24

Unicode your way to a php payload and three modules to add to your playbook for Ansible Our own jheysel-r7 added an exploit leveraging the fascinating tool of php filter chaining to prepend a payload using encoding conversion characters and h00die et. al. have come through and added 3 new Ansible post modules to gather configuration information, read files, and deploy payloads. While none offer instantaneous answers across the universe, they will certainly help in red team exercises. New module

2 min Metasploit

Metasploit Wrap-Up

This week’s Metasploit release contains 2 new modules released as part of the Rapid7 F5 BIG-IP and iControl REST Vulnerabilities research article.

2 min Metasploit

Metasploit Weekly Wrap-Up 01/12/24

New module content (1) Windows Gather Mikrotik Winbox "Keep Password" Credentials Extractor Author: Pasquale 'sid' Fiorillo Type: Post Pull request: #18604 [http://github.com/rapid7/metasploit-framework/pull/18604] contributed by siddolo [http://github.com/siddolo] Path: windows/gather/credentials/winbox_settings Description: This pull request introduces a new post module to extract the Mikrotik Winbox credentials, which are saved in the settings.cfg.viw file when the "Keep Password" option

2 min Metasploit

Metasploit Weekly Wrap-Up 1/05/2024

New module content (2) Splunk __raw Server Info Disclosure Authors: KOF2002, h00die, and n00bhaxor Type: Auxiliary Pull request: #18635 [http://github.com/rapid7/metasploit-framework/pull/18635] contributed by n00bhaxor [http://github.com/n00bhaxor] Path: gather/splunk_raw_server_info Description: This PR adds a module for an authenticated Splunk information disclosure vulnerability. This module gathers information about the host machine and the Splunk install including OS version, build, CP

8 min Metasploit

Metasploit 2023 Annual Wrap-Up: Dec. 29, 2023

As 2023 winds down, we’re taking another look back at all the changes and improvements to the Metasploit Framework. This year marked the 20th anniversary since Metasploit version 1.0 was committed and the project is still actively maintained and improved thanks to a thriving community. Version 6.3 Early this year in January, Metasploit version 6.3 [http://ikay.132072.com/blog/post/2023/01/30/metasploit-framework-6-3-released/] was released with a number of improvements for targeting Active Dir

2 min Metasploit

Metasploit Weekly Wrap-Up: Dec. 22, 2023

Metasploit has added exploit content for the glibc LPE CVE-2023-4911 (AKA Looney Tunables) and RCE exploits for Confluence and Vinchin Backup and Recovery.

3 min Metasploit

Metasploit Weekly Wrap-Up: Dec. 15, 2023

Continuing the 12th Labor of Metasploit Metasploit continues its Herculean task of increasing our toolset to tame Kerberos by adding support for AS_REP Roasting, which allows retrieving the password hashes of users who have Do not require Kerberos preauthentication set on the domain controller. The setting is disabled by default, but it is enabled in some environments. Attackers can request the hash for any user with that option enabled, and worse (or better?) you can query the DC to determine

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 12/8/2023

New this week: An OwnCloud gather module and a Docker cgroups container escape. Plus, an early feature that allows users to search module actions, targets, and aliases.

4 min Metasploit

Metasploit Weekly Wrap-Up: Dec. 1, 2023

Customizable DNS resolution Contributor smashery [http://github.com/smashery] added a new dns command to Metasploit console, which allows the user to customize the behavior of DNS resolution. Similarly to the route command, it is now possible to specify where DNS requests should be sent to avoid any information leak. Before these changes, the Framework was using the default local system configuration. Now, it is possible to specify which DNS server should be queried based on rules that match sp

1 min Metasploit

Metasploit Wrap-Up: Nov. 23, 2023

Metasploit 6.3.44 released with stability improvements and module fixes

1 min Metasploit Weekly Wrapup

Metasploit Weekly Wrap-Up: Nov. 17, 2023

Possible Web Service Removal Metasploit has support for running with a local database, or from a remote web service which can be initialized with msfdb init --component webservice. Future versions of Metasploit Framework may remove the msfdb remote webservice. Users that leverage this functionality are invited to react on an issue currently on GitHub [http://github.com/rapid7/metasploit-framework/issues/18439] to inform the maintainers that the feature is used. New module content (1) ZoneMind

3 min Metasploit Weekly Wrapup

Metasploit Weekly Wrap-Up 11/10/23

Apache MQ and Three Cisco Modules in a Trenchcoat This week’s release has a lot of new content and features modules targeting two major recent vulnerabilities that got a great deal of attention: CVE-2023-46604 targeting Apache MQ [http://ikay.132072.com/blog/post/2023/11/01/etr-suspected-exploitation-of-apache-activemq-cve-2023-46604/] resulting in ransomware deployment and CVE-2023-20198 targeting Cisco IOS XE OS [http://ikay.132072.com/blog/post/2023/10/17/etr-cve-2023-20198-active-exploitati

2 min Metasploit

Metasploit Weekly Wrap-Up: Nov. 3, 2023

PTT for DCSync This week, community member smashery [http://github.com/smashery] made an improvement to the windows_secrets_dump module to enable it to dump domain hashes using the DCSync method after having authenticated with a Kerberos ticket. Now, if a user has a valid Kerberos ticket for a privileged account, they can run the windows_secrets_dump module with the DOMAIN action and obtain the desired information. No password required. This is particularly useful in workflows involving the exp

2 min Metasploit

Metasploit Weekly Wrap-Up: Oct. 27, 2023

New module content (4) Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control Authors: Emir Polat and Unknown Type: Auxiliary Pull request: #18447 [http://github.com/rapid7/metasploit-framework/pull/18447] contributed by emirpolatt [http://github.com/emirpolatt] Path: admin/http/atlassian_confluence_auth_bypass AttackerKB reference: CVE-2023-22515 [http://attackerkb.com/topics/Q5f0ItSzw5/cve-2023-22515?referrer=blog] Description: This adds an exploit for