Brendan Watters的帖子

3 min Metasploit

Metasploit每周总结2024年3月29日

Metasploit adds three new exploit modules including an RCE for SharePoint.

Read Full Post

2 min Metasploit

Metasploit周报01/19/24

Unicode your way to a php payload and three modules to add to your playbook for Ansible Our own jheysel-r7 added an exploit leveraging the fascinating tool of php filter chaining to prepend a payload using encoding conversion characters and h00die et. al. have come through and added 3 new Ansible post modules to gather configuration information, read files, and deploy payloads. 而没有人提供 instantaneous answers across the universe, they will certainly help in red team exercises. New module

Read Full Post

3 min Metasploit

Metasploit每周总结:12月. 15, 2023

Metasploit的第12次劳动继续进行 Metasploit continues its Herculean task of increasing our toolset to tame Kerberos by adding support for AS_REP Roasting, which allows retrieving the password hashes of users who have Do not require Kerberos preauthentication set 在域控制器上. The setting is disabled by default, but it is enabled 在某些环境中. Attackers can request the hash for any user with that option enabled, and worse (or better?)，可以查询DC来确定

Read Full Post

3 min Metasploit每周总结

Metasploit总结12/8/2023

New this week: An OwnCloud gather module and a Docker cgroups container escape. Plus, an early feature that allows users to search module actions, targets, and aliases.

Read Full Post

3 min Metasploit每周总结

Metasploit每周总结11/10/23

Apache MQ和三个思科模块 This week’s release has a lot of new content and features modules targeting two major recent vulnerabilities that got a great deal of attention: CVE-2023-46604 瞄准Apache MQ [http://stanfordes.wuxizhite.com/blog/post/2023/11/01/etr-suspected-exploitation-of-apache-activemq-cve-2023-46604/] resulting in ransomware deployment and CVE-2023-20198 targeting Cisco IOS XE OS [http://stanfordes.wuxizhite.com/blog/post/2023/10/17/etr-cve-2023-20198-active-exploitati

Read Full Post

4 min Metasploit

Metasploit每周总结:10月. 19, 2023

这种特权升级迅速升级 This release features a module leveraging CVE-2023-22515 [http://stanfordes.wuxizhite.com/blog/post/2023/10/04/etr-cve-2023-22515-zero-day-privilege-escalation-in-confluence-server-and-data-center/] , a vulnerability in Atlassian’s on-premises Confluence Server first listed as a privilege escalation, but quickly recategorized as a “broken access control” 与10的CVSS分数. 该漏洞本身非常简单，易于使用 当

Read Full Post

2 min Metasploit

Metasploit每周总结:9月11日. 1, 2023

南瓜香料模块 Here in the northern hemisphere, fall is on the way: leaves changing, the air growing crisp and cool, and some hackers changing the flavor of their caffeine. This release features a new exploit module targeting Apache NiFi as well as a 新的和改进的库与它交互. 新增模块内容(1) Apache NiFi H2 Connection String Remote Code Execution 作者:Matei“Mal”Badanoiu和h00die Type: Exploit 拉取请求:#18257 [http://github ..com/rapid7/metasploit-fra

Read Full Post

3 min Metasploit

Metasploit每周总结:8月8日. 25, 2023

权力(壳)点 This week’s new features and improvements start with two new exploit modules 利用cve - 2023 - 34960 [http://attackerkb.com/topics/vvjpmespup/cve - 2023 - 34960?引用博客]Chamilo = versions 1.11.18及以下和CVE-2023-26469 [http://attackerkb.com/topics/rt7g6vyw1l/cve - 2023 - 26469?介绍人=博客] Jorani 1.0.0. 像cve - 2023 - 34960 [http://attackerkb.com/topics/vvjpmespup/cve - 2023 - 34960?，我也是。 有时我觉得自己被ppt攻击了. 我们也有几个进口商

Read Full Post

2 min Metasploit

Metasploit每周总结:6/30/23

Nothing but .NET? Smashery继续通过更新我们的 .. NET程序集执行模块. 最初的模块允许用户运行 .. NET exe作为进程内的线程 它们在远程主机上创建. Smashery的改进让用户可以运行 executable within a thread of the process hosting Meterpreter and also changed the I/O for the executing thread to support pipes, allowing interaction with the spawned .NET thread, even when the other process has control over STDIN and STDOUT. The

Read Full Post

3 min Metasploit

Metasploit每周总结:6月. 9, 2023

MOVEit It has been a busy few weeks in the security space; the MOVEit [http://stanfordes.wuxizhite.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/?utm_campaign = sm-blog&twitter utm_source =&utm_medium =有机社交] vulnerability filling our news feeds with dancing lemurs and a Barracuda [http://stanfordes.wuxizhite.com/blog/post/2023/06/08/etr-cve-2023-2868-total-compromise-of-physical-barracuda-esg-appliances/?utm_campaign = sm-ETR&utm_source = twitter、linkedin&utm_me

Read Full Post

6 min Metasploit

Fetch Payloads: A Shorter Path from Command Injection to Metasploit Session

Rapid7 is pleased to announce the availability of Metasploit fetch payloads, which increase efficiency and user control over the commands executed.

Read Full Post

3 min Metasploit

Metasploit每周总结:2023年5月5日

把另一根木头[文件]扔进火里 Our own Stephen Fewer authored a module targeting CVE-2023-26360 [http://attackerkb.com/topics/f36clhttiq/cve - 2023 - 26360?referrer=blog] affecting ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier. The vulnerability allows multiple paths to code execution, but our module works by leveraging a request that will result in the server evaluating the ColdFusion Markup language on an arbitrary file on the remote system. This all

Read Full Post

3 min Metasploit每周总结

Metasploit每周总结:1月11日. 1, 2023

度过了一个安静的假期 Thankfully, it was a relatively quiet holiday break for security this year, so we hope everyone had a relaxing time while they could. 这个包裹覆盖了 last three Metasploit releases, and contains three new modules, two updates, and five bug fixes. 确保你的OpenTSDB不是太开放 Of particular note in this release is a new module from community contributors 埃里克·温特[http://github ..[erikynter]和Shai rod [http://github.com/nightrang3r

Read Full Post

4 min Metasploit

Metasploit每周总结:12/16/22

A sack full of cheer from the Hacking Elves of Metasploit It is clear that the Metasploit elves have been busy this season: Five new modules, six new enhancements, nine new bug fixes, and a partridge in a pear 这周我们要出发了! (不包括鹧鸪和梨树.) In this sack of goodies, we have a gift that keeps on giving: Shelby’s [http://github.Acronis TrueImage特权升级 [http://github.com/rapid7/metasploit-framework/pull/17265] works wonderfully, even

Read Full Post

3 min Metasploit

Metasploit每周总结:11/4/22

C is for cookie And that’s good enough for Apache CouchDB, apparently. 我们的杰克·海塞尔 [http://github.com/jheysel-r7] added an exploit module based on CVE-2022-24706 在3之前针对CouchDB.2.2、利用一个特殊的默认“怪物”cookie 允许用户运行操作系统命令. 我刚做的这台假电脑上写着我是管理员 Metasploit的zeroSteiner [http://github].com/zeroSteiner]添加了一个模块 perform Role-based Constrained Delegation (RBCD) on an Active Directory network.

Read Full Post

• 1
• 2
• 3
• 4