2 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up 7/19/2024
A new unauthenticated RCE exploit for GeoServer, plus library and Meterpreter updates and enhancements.
4 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 4, 2022
This week’s Metasploit Framework release brings us seven new modules.
IP Camera Exploitation
Rapid7’s Jacob Baines [http://github.com/jbaines-r7] was busy this week with
two exploit modules that target IP cameras. The first
[http://github.com/rapid7/metasploit-framework/pull/16190] module exploits an
authenticated file upload on Axis IP cameras. Due to lack of proper
sanitization, an attacker can upload and install an eap application which, when
executed, will grant the attacker root privileg
14 min
Log4Shell
The Everyperson’s Guide to Log4Shell (CVE-2021-44228)
This blog is for everyone who wants to understand what’s going on with the Log4Shell vulnerability in Log4j and why the internet seems to be on fire again.
2 min
Metasploit
Metasploit Wrap-Up 12/10/21
Word and Javascript are a rare duo.
Thanks to thesunRider [http://github.com/thesunRider]. you too can experience
the wonder of this mystical duo. The sole new metasploit module this release
adds a file format attack to generate a very special document. By utilizing
Javascript embedded in a Word document to trigger a chain of events that slip
through various Windows facilities, a session as the user who opened the
document can be yours.
Do you like spiders?
It has been 3 years since SMB2 suppo
2 min
Metasploit
Metasploit Wrap-Up: 12/3/21
Metasploit CTF 2021 starts today
It’s that time of year again! Time for the 2021 Metasploit Community CTF
[http://4hko.drordi.com/blog/post/2021/11/16/announcing-the-2021-metasploit-community-ctf/]
. Earlier today over 1,100 users in more than 530 teams were registered and
opened for participation to solve this year’s 18 challenges. Next week a recap
and the winners will be announced, so stay tuned for more information.
Overlayfs LPE
This week Metasploit shipped an exploit for the recent Overla
3 min
Metasploit
Metasploit Wrap-Up: Nov. 26 2021
Self-Service Remote Code Execution
This week, our own @wvu-r7 added an exploit module
[http://github.com/rapid7/metasploit-framework/pull/15874] that achieves
unauthenticated remote code execution in ManageEngine ADSelfService Plus, a
self-service password management and single sign-on solution for Active
Directory. This new module leverages a REST API authentication bypass
vulnerability identified as CVE-2021-40539
[http://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539?referrer=blog], where
3 min
Metasploit
Metasploit Wrap-Up: 11/19/21
Azure Active Directory login scanner module
Community contributor k0pak4 [http://github.com/k0pak4] added a new login
scanner module for Azure Active Directory
[http://github.com/rapid7/metasploit-framework/pull/15755]. This module
exploits a vulnerable
[http://attackerkb.com/topics/rZ1JlQhXhc/cve-2020-16152?referrer=blog]
authentication endpoint in order to enumerate usernames without generating log
events. The error code returned by the endpoint can be used to discover the
validity of user
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 9/10/21
Confluence Server OGNL Injection
Our own wvu along with Jang [http://twitter.com/testanull] added a module that
exploits an OGNL injection (CVE-2021-26804
[http://attackerkb.com/topics/Eu74wdMbEL/cve-2021-26084-confluence-server-ognl-injection]
)in Atlassian Confluence's WebWork component to execute commands as the Tomcat
user. CVE-2021-26804 is a critical remote code execution vulnerability in
Confluence Server and Confluence Data Center and is actively being exploited in
the wild. Initial di
2 min
Metasploit
Metasploit Wrap-Up 8/6/21
Desert heat (not the 1999 film)
This week was more quiet than normal with Black Hat USA and DEF CON, but that
didn’t stop the team from delivering some small enhancements and bug fixes! We
are also excited to see two new modules #15519
[http://github.com/rapid7/metasploit-framework/pull/15519] and #15520
[http://github.com/rapid7/metasploit-framework/pull/15520] from researcher
Jacob Baines’ [http://twitter.com/Junior_Baines] DEF CON talk Bring Your Own
Print Driver Vulnerability [http://
4 min
Metasploit
Metasploit Wrap-Up: 7/23/2021
Now I Control Your Resource Planning Servers
Sage X3 is a resource planning product designed by Sage Group which is designed
to help established businesses plan out their business operations. But what if
you wanted to do more than just manage resources? What if you wanted to hijack
the resource server itself? Well wait no more, as thanks to the work of Aaron
Herndon [http://www.linkedin.com/in/aaron-herndon-54079b5a/], Jonathan Peterson
[http://www.linkedin.com/in/jonathan-p-004b76a1/], Will
3 min
Metasploit
Metasploit Wrap-Up: 6/11/21
NSClient++
Community contributor Yann Castel has contributed an exploit module for
NSClient++ which targets an authenticated command execution vulnerability. Users
that are able to authenticate to the service as admin can leverage the external
scripts feature to execute commands with SYSTEM level privileges. This allows
the underlying server to be compromised. Castel is also working on another
exploit module for NSClient++ which happens to be a local privilege escalation
so stay tuned for more N
3 min
Vulnerability Management
BlueKeep Exploits May Be Coming: Our Observations and Recommendations
Rapid7 Labs has observed a significant uptick in malicious RDP activity since the release of CVE-2019-0708 (aka “BlueKeep”).
12 min
Exploits
Stack-Based Buffer Overflow Attacks: Explained and Examples
Stack-based buffer overflow exploits are likely the shiniest and most common form of exploit for remotely taking over the code execution of a process.
5 min
Exploits
macOS Keychain Security : What You Need To Know
If you follow the infosec twitterverse or have been keeping an eye on macOS news
sites, you’ve likely seen a tweet
[http://twitter.com/patrickwardle/status/912254053849079808] (with accompanying
video) from Patrick Wardle (@patrickwardle [http://twitter.com/patrickwardle])
that purports to demonstrate dumping and exfiltration of something called the
“keychain” without an associated privilege escalation prompt. Patrick also has a
more in-depth Q&A blog post [http://www.patreon.com/posts/14556
2 min
Vulnerability Disclosure
R7-2017-06 | CVE-2017-5241: Biscom SFT XSS (FIXED)
Summary
The Workspaces component of Biscom Secure File Transfer (SFT) version 5.1.1015
is vulnerable to stored cross-site scripting in two fields. An attacker would
need to have the ability to create a Workspace and entice a victim to visit the
malicious page in order to run malicious Javascript in the context of the
victim's browser. Since the victim is necessarily authenticated, this can allow
the attacker to perform actions on the Biscom Secure File Transfer instance on
the victim's behalf.