4 min
Metasploit
Metasploit Weekly Wrap-Up
That Privilege Escalation Escalated Quickly
This release features a module leveraging CVE-2023-22515
[http://d3tuye.sacramentoexercise.net/blog/post/2023/10/04/etr-cve-2023-22515-zero-day-privilege-escalation-in-confluence-server-and-data-center/]
, a vulnerability in Atlassian’s on-premises Confluence Server first listed as a
privilege escalation, but quickly recategorized as a “broken access control”
with a CVSS score of 10. The exploit itself is very simple and easy to use so
there was little surprise when
2 min
Metasploit
Metasploit Weekly Wrap-Up
Pumpkin Spice Modules
Here in the northern hemisphere, fall is on the way: leaves changing, the air
growing crisp and cool, and some hackers changing the flavor of their caffeine.
This release features a new exploit module targeting Apache NiFi as well as a
new and improved library to interact with it.
New module content (1)
Apache NiFi H2 Connection String Remote Code Execution
Authors: Matei "Mal" Badanoiu and h00die
Type: Exploit
Pull request: #18257 [http://github.com/rapid7/metasploit-fra
3 min
Metasploit
Metasploit Weekly Wrap-Up
Power[shell]Point
This week’s new features and improvements start with two new exploit modules
leveraging CVE-2023-34960
[http://attackerkb.com/topics/VVJpMeSpUP/cve-2023-34960?referrer=blog] Chamilo
versions 1.11.18 and below and CVE-2023-26469
[http://attackerkb.com/topics/RT7G6Vyw1L/cve-2023-26469?referrer=blog] in
Jorani 1.0.0. Like CVE-2023-34960
[http://attackerkb.com/topics/VVJpMeSpUP/cve-2023-34960?referrer=blog], I too,
feel attacked by PowerPoint sometimes.
We also have several impr
2 min
Metasploit
Metasploit Weekly Wrap-Up
Nothing but .NET?
Smashery continues to… smash it by updating our .NET assembly execution module.
The original module allowed users to run a .NET exe as a thread within a process
they created on a remote host. Smashery’s improvements let users run the
executable within a thread of the process hosting Meterpreter and also changed
the I/O for the executing thread to support pipes, allowing interaction with the
spawned .NET thread, even when the other process has control over STDIN and
STDOUT. The
3 min
Metasploit
Metasploit Weekly Wrap-Up
MOVEit
It has been a busy few weeks in the security space; the MOVEit
[http://d3tuye.sacramentoexercise.net/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/?utm_campaign=sm-blog&utm_source=twitter&utm_medium=organic-social]
vulnerability filling our news feeds with dancing lemurs and a Barracuda
[http://d3tuye.sacramentoexercise.net/blog/post/2023/06/08/etr-cve-2023-2868-total-compromise-of-physical-barracuda-esg-appliances/?utm_campaign=sm-ETR&utm_source=twitter,linkedin&utm_me
6 min
Metasploit
Fetch Payloads: A Shorter Path from Command Injection to Metasploit Session
Rapid7 is pleased to announce the availability of Metasploit fetch payloads, which increase efficiency and user control over the commands executed.
3 min
Metasploit
Metasploit Weekly Wrap-Up
Throw another log [file] on the fire
Our own Stephen Fewer authored a module targeting CVE-2023-26360
[http://attackerkb.com/topics/F36ClHTTIQ/cve-2023-26360?referrer=blog]
affecting ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update
15 and earlier. The vulnerability allows multiple paths to code execution, but
our module works by leveraging a request that will result in the server
evaluating the ColdFusion Markup language on an arbitrary file on the remote
system. This all
3 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up
Back from a quiet holiday season
Thankfully, it was a relatively quiet holiday break for security this year, so
we hope everyone had a relaxing time while they could. This wrapup covers the
last three Metasploit releases, and contains three new modules, two updates, and
five bug fixes.
Make sure that your OpenTSDB isn’t too open
Of particular note in this release is a new module from community contributors
Erik Wynter [http://github.com/ErikWynter] and Shai rod
[http://github.com/nightrang3r
4 min
Metasploit
Metasploit Weekly Wrap-Up
A sack full of cheer from the Hacking Elves of Metasploit
It is clear that the Metasploit elves have been busy this season: Five new
modules, six new enhancements, nine new bug fixes, and a partridge in a pear
tree are headed out this week! (Partridge nor pear tree included.) In this sack
of goodies, we have a gift that keeps on giving: Shelby’s
[http://github.com/space-r7] Acronis TrueImage Privilege Escalation
[http://github.com/rapid7/metasploit-framework/pull/17265] works wonderfully,
even
3 min
Metasploit
Metasploit Weekly Wrap-Up
C is for cookie
And that’s good enough for Apache CouchDB, apparently. Our very own Jack Heysel
[http://github.com/jheysel-r7] added an exploit module based on CVE-2022-24706
targeting CouchDB prior to 3.2.2, leveraging a special default ‘monster’ cookie
that allows users to run OS commands.
This fake computer I just made says I’m an Admin
Metasploit’s zeroSteiner [http://github.com/zeroSteiner] added a module to
perform Role-based Constrained Delegation (RBCD) on an Active Directory network.
2 min
Metasploit
Metasploit Weekly Wrap-Up
A Confluence of High-Profile Modules
This release features modules covering the Confluence remote code execution bug
CVE-2022-26134 and the hotly-debated CVE-2022-30190, a file format vulnerability
in the Windows Operating System accessible through malicious documents. Both
have been all over the news, and we’re very happy to bring them to you so that
you can verify mitigations and patches in your infrastructure. If you’d like to
read more about these vulnerabilities, Rapid7 has AttackerKB analy
2 min
Metasploit
Metasploit Weekly Wrap-Up
Image Credit: http://upload.wikimedia.org/wikipedia/commons/c/c7/Logs.jpg
without changewhile (j==shell); Log4j;
The Log4j loop continues as we release a module targeting vulnerable vCenter
releases. This is a good time to suggest that you check your vCenter releases
and maybe even increase the protection surrounding them, as it’s been a rough
year-plus for vCenter
[http://attackerkb.com/search?q=vcenter&tags=exploitedInTheWild].
Let your shell do the walking
bcoles [http://github.com/bcoles
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Four new Moodle modules, plus new features to help red teamers keep track of sessions and forwarded connections.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
New modules for Jira user enumeration, Git Remote Code execution via git-lfs, Geutebruck Camera post exploitation module, and unauthenticated RCE in elFinder PHP application
2 min
Metasploit
Metasploit Wrap-Up
Containers that fail to Contain
Our own Christophe De La Fuente added a module for CVE-2019-5736 based on the
work of Adam Iwaniuk that breaks out of a Docker container by overwriting the
runc binary of an image which is run in the user context whenever someone
outside the container runs docker exec to make a request of the container.
Execute an Image Please, Wordpress
Community contributor Alexandre Zanni sent us a PR that uses native PHP
functions to upload a file as an image attachment to Wo