3 min
Metasploit
Metasploit每周总结2024年3月29日
Metasploit adds three new exploit modules including an RCE for SharePoint.
2 min
Metasploit
Metasploit周报01/19/24
Unicode your way to a php payload and three modules to add to your playbook for
Ansible
Our own jheysel-r7 added an exploit leveraging the fascinating tool of php
filter chaining to prepend a payload using encoding conversion characters and
h00die et. al. have come through and added 3 new Ansible post modules to gather
configuration information, read files, and deploy payloads. 而没有人提供
instantaneous answers across the universe, they will certainly help in red team
exercises.
New module
3 min
Metasploit
Metasploit每周总结:12月. 15, 2023
Metasploit的第12次劳动继续进行
Metasploit continues its Herculean task of increasing our toolset to tame
Kerberos by adding support for AS_REP Roasting, which allows retrieving the
password hashes of users who have Do not require Kerberos preauthentication set
在域控制器上. The setting is disabled by default, but it is enabled
在某些环境中.
Attackers can request the hash for any user with that option enabled, and worse
(or better?),可以查询DC来确定
3 min
Metasploit每周总结
Metasploit总结12/8/2023
New this week: An OwnCloud gather module and a Docker cgroups container escape. Plus, an early feature that allows users to search module actions, targets, and aliases.
3 min
Metasploit每周总结
Metasploit每周总结11/10/23
Apache MQ和三个思科模块
This week’s release has a lot of new content and features modules targeting two
major recent vulnerabilities that got a great deal of attention: CVE-2023-46604
瞄准Apache MQ
[http://stanfordes.wuxizhite.com/blog/post/2023/11/01/etr-suspected-exploitation-of-apache-activemq-cve-2023-46604/]
resulting in ransomware deployment and CVE-2023-20198 targeting Cisco IOS XE OS
[http://stanfordes.wuxizhite.com/blog/post/2023/10/17/etr-cve-2023-20198-active-exploitati
4 min
Metasploit
Metasploit每周总结:10月. 19, 2023
这种特权升级迅速升级
This release features a module leveraging CVE-2023-22515
[http://stanfordes.wuxizhite.com/blog/post/2023/10/04/etr-cve-2023-22515-zero-day-privilege-escalation-in-confluence-server-and-data-center/]
, a vulnerability in Atlassian’s on-premises Confluence Server first listed as a
privilege escalation, but quickly recategorized as a “broken access control”
与10的CVSS分数. 该漏洞本身非常简单,易于使用
当
2 min
Metasploit
Metasploit每周总结:9月11日. 1, 2023
南瓜香料模块
Here in the northern hemisphere, fall is on the way: leaves changing, the air
growing crisp and cool, and some hackers changing the flavor of their caffeine.
This release features a new exploit module targeting Apache NiFi as well as a
新的和改进的库与它交互.
新增模块内容(1)
Apache NiFi H2 Connection String Remote Code Execution
作者:Matei“Mal”Badanoiu和h00die
Type: Exploit
拉取请求:#18257 [http://github ..com/rapid7/metasploit-fra
3 min
Metasploit
Metasploit每周总结:8月8日. 25, 2023
权力(壳)点
This week’s new features and improvements start with two new exploit modules
利用cve - 2023 - 34960
[http://attackerkb.com/topics/vvjpmespup/cve - 2023 - 34960?引用博客]Chamilo =
versions 1.11.18及以下和CVE-2023-26469
[http://attackerkb.com/topics/rt7g6vyw1l/cve - 2023 - 26469?介绍人=博客]
Jorani 1.0.0. 像cve - 2023 - 34960
[http://attackerkb.com/topics/vvjpmespup/cve - 2023 - 34960?,我也是。
有时我觉得自己被ppt攻击了.
我们也有几个进口商
2 min
Metasploit
Metasploit每周总结:6/30/23
Nothing but .NET?
Smashery继续通过更新我们的 .. NET程序集执行模块.
最初的模块允许用户运行 .. NET exe作为进程内的线程
它们在远程主机上创建. Smashery的改进让用户可以运行
executable within a thread of the process hosting Meterpreter and also changed
the I/O for the executing thread to support pipes, allowing interaction with the
spawned .NET thread, even when the other process has control over STDIN and
STDOUT. The
3 min
Metasploit
Metasploit每周总结:6月. 9, 2023
MOVEit
It has been a busy few weeks in the security space; the MOVEit
[http://stanfordes.wuxizhite.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/?utm_campaign = sm-blog&twitter utm_source =&utm_medium =有机社交]
vulnerability filling our news feeds with dancing lemurs and a Barracuda
[http://stanfordes.wuxizhite.com/blog/post/2023/06/08/etr-cve-2023-2868-total-compromise-of-physical-barracuda-esg-appliances/?utm_campaign = sm-ETR&utm_source = twitter、linkedin&utm_me
6 min
Metasploit
Fetch Payloads: A Shorter Path from Command Injection to Metasploit Session
Rapid7 is pleased to announce the availability of Metasploit fetch payloads, which increase efficiency and user control over the commands executed.
3 min
Metasploit
Metasploit每周总结:2023年5月5日
把另一根木头[文件]扔进火里
Our own Stephen Fewer authored a module targeting CVE-2023-26360
[http://attackerkb.com/topics/f36clhttiq/cve - 2023 - 26360?referrer=blog]
affecting ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update
15 and earlier. The vulnerability allows multiple paths to code execution, but
our module works by leveraging a request that will result in the server
evaluating the ColdFusion Markup language on an arbitrary file on the remote
system. This all
3 min
Metasploit每周总结
Metasploit每周总结:1月11日. 1, 2023
度过了一个安静的假期
Thankfully, it was a relatively quiet holiday break for security this year, so
we hope everyone had a relaxing time while they could. 这个包裹覆盖了
last three Metasploit releases, and contains three new modules, two updates, and
five bug fixes.
确保你的OpenTSDB不是太开放
Of particular note in this release is a new module from community contributors
埃里克·温特[http://github ..[erikynter]和Shai rod
[http://github.com/nightrang3r
4 min
Metasploit
Metasploit每周总结:12/16/22
A sack full of cheer from the Hacking Elves of Metasploit
It is clear that the Metasploit elves have been busy this season: Five new
modules, six new enhancements, nine new bug fixes, and a partridge in a pear
这周我们要出发了! (不包括鹧鸪和梨树.) In this sack
of goodies, we have a gift that keeps on giving: Shelby’s
[http://github.Acronis TrueImage特权升级
[http://github.com/rapid7/metasploit-framework/pull/17265] works wonderfully,
even
3 min
Metasploit
Metasploit每周总结:11/4/22
C is for cookie
And that’s good enough for Apache CouchDB, apparently. 我们的杰克·海塞尔
[http://github.com/jheysel-r7] added an exploit module based on CVE-2022-24706
在3之前针对CouchDB.2.2、利用一个特殊的默认“怪物”cookie
允许用户运行操作系统命令.
我刚做的这台假电脑上写着我是管理员
Metasploit的zeroSteiner [http://github].com/zeroSteiner]添加了一个模块
perform Role-based Constrained Delegation (RBCD) on an Active Directory network.