2 min
Metasploit
Metasploit周报06/28/2024
nettis路由器的未经认证命令注入
This week's Metasploit release includes an exploit module for an unauthenticated
command injection vulnerability in the Netis MW5360 router which is being
被追踪为CVE-2024-22729. The vulnerability stems from improper handling of the
password parameter within the router's web interface which allows for command
injection. Fortunately for attackers, the router's login page authorization can
be bypassed by simply deleting the authorization header,
3 min
Metasploit
Metasploit周报2016/21/06
Windows上PHP的参数注入
This week includes modules that target file traversal and arbitrary file read
vulnerabilities for software such as Apache, SolarWinds and Check Point, with
the highlight being a module for the recent PHP vulnerability submitted by
sfewer-r7 [http://github.com/sfewer-r7]. 这个模块利用一个参数
injection vulnerability, resulting in remote code execution and a Meterpreter
shell running in the context of the Administrator user.
注意,这个攻击
3 min
Metasploit
Metasploit每周总结2024年6月14日
新增模块内容(5)
teleerik报表服务器验证旁路
作者:SinSinology和Spencer McIntyre
Type: Auxiliary
拉取请求:#19242 [http://github ..com/rapid7/metasploit-framework/pull/19242]
由zeroSteiner [http://github]贡献.com/zeroSteiner]
Path: scanner/http/telerik_report_server_auth_bypass
攻击者kb参考:CVE-2024-4358
[http://attackerkb.com/search?q=CVE-2024-4358?referrer=blog]
Description: This adds an exploit for CVE-2024-4358 which is an authentication
bypass in Te
2 min
Metasploit
Metasploit周报2016/07/06
新的OSX有效载荷:武装和危险
In addition to an RCE leveraging CVE-2024-5084 to gain RCE through a WordPress
Hash form, this release features the addition of several new binary OSX
stageless payloads with aarch64 support: Execute Command, Shell Bind TCP, and
Shell Reverse TCP.
The new osx/aarch64/shell_bind_tcp payload opens a listening port on the target
machine, which allows the attacker to connect to this open port to spawn a
command shell using the user provided command using the exe
2 min
Metasploit
Metasploit周报05/31/2024
Quis dmd rumpet ipsos dīrumpēs
In this release, we feature a double-double: two exploits each targeting two
pieces of software. 第一对来自h00die [http://github].com/h00die]
目标是茉莉花勒索软件网络服务器. 第一个使用CVE-2024-30851来
retrieve the login for the ransomware server, and the second is a directory
traversal vulnerability allowing arbitrary file read. 戴夫送的第二副
Yesland of Rhino Security targets Progress Flowmon with CVE-2024-2389 and it
pai
3 min
Metasploit
Metasploit每周总结2024年5月23日
渗透广播!
一个来自Chocapikk的新模块[http://github].com/Chocapikk]允许用户
perform remote code execution on vulnerable versions of streaming platform
AVideo (12.4 - 14.2). multi/http/avideo_wwbnindex_unauth_rce模块
利用cve - 2024 - 31819
[http://attackerkb.com/topics/y127ezofMQ/cve-2024-31819], a vulnerability to
PHP Filter Chaining, to gain unauthenticated and unprivileged access, earning it
“AttackerKB”中攻击者的值为高
[http://attackerkb.com/t
3 min
Metasploit
Metasploit总结2024年5月17日
LDAP认证改进
本周,在Metasploit v6中.4.9、团队增加了多个改进
LDAP related attacks. Two improvements relating to authentication is the new
支持签名[http://github.com/rapid7/metasploit-framework/pull/19127]
和通道绑定[http://github].com/rapid7/metasploit-framework/pull/19132].
微软一直在做出改变
[http://support.microsoft.com/en-gb/topic/2020-2023-and-2024-ldap-channel-binding-and-ldap-signing-requirements-for
2 min
Metasploit
Metasploit总结05/10/2024
密码喷洒支持
Multiple bruteforce/login scanner modules have been updated to support a
PASSWORD_SPRAY模块选项. 这项工作在pull request #19079中完成
[http://github.com/rapid7/metasploit-framework/pull/19079] from nrathaus
[http://github.com/nrathaus] as well as an additional update from our
开发人员[http://github.com/rapid7/metasploit-framework/pull/19158] . When
the password spraying option is set, the order of attempted users and password
尝试改变了
2 min
Metasploit
Metasploit周报05/03/24
Dump secrets inline
This week, our very own cdelafuente-r7 [http://github.com/cdelafuente-r7]添加
a significant improvement to the well-known Windows Secrets Dump module
[http://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/windows_secrets_dump.rb]
to reduce the footprint when dumping SAM hashes, LSA secrets and cached
credentials. The module is now directly reading the Windows Registry remotely
without having to dump the full registry keys to disk and parse th
4 min
Metasploit
Metasploit周报04/26/24
Rancher Modules
This week, Metasploit community member h00die [http://github.com/h00die] added
the second of two modules targeting Rancher instances. 这些模块每个泄漏
sensitive information from vulnerable instances of the application which is
用于管理Kubernetes集群. 这些都是一个伟大的补充
Metasploit’s coverage for testing Kubernetes environments
[http://docs.metasploit.com/docs/pentesting/metasploit-guide-kubernetes.html].
PAN-OS RCE
Metasploit也发布了一份电子邮件
2 min
Metasploit
Metasploit周报04/19/24
欢迎Ryan和新的CrushFTP模块
It's not every week we add an awesome new exploit module to the Framework while
adding the original discoverer of the vulnerability to the Rapid7 team as well.
We're very excited to welcome Ryan Emmons to the 紧急威胁响应 team,
在Rapid7与Metasploit合作. 瑞安发现了一个不合适的
Controlled Modification of Dynamically-Determined Object Attributes
vulnerability in CrushFTP (CVE-2023-43177) versions prior to 10.5.1 whic
3 min
Metasploit
Metasploit周报04/12/24
使用影子凭证接管帐户
The new release of Metasploit Framework includes a Shadow Credentials module
由smashery [http://github]添加.com/rapid7/metasploit-framework/pull/19051]
used for reliably taking over an Active Directory user account or computer, and
letting future authentication to happen as that account. This can be chained
with other modules present in Metasploit Framework such as windows_secrets_dump.
Details
The module targets a ‘victim’ account that is part of a
3 min
Metasploit
Metasploit周报04/05/2024
新增ESC4 AD CS模板
Metasploit增加了功能
[http://docs.metasploit.com/docs/pentesting/active-directory/ad-certificates/attacking-ad-cs-esc-vulnerabilities.html]
for exploiting the ESC family of flaws in AD CS in Metasploit 6.3. The ESC4
technique in particular has been supported for some time now thanks to the
ad_cs_cert_templates module which enables users to read and write certificate
template objects. 这有利于ESC4的开发
misconfiguration in
3 min
Metasploit
Metasploit每周总结2024年3月29日
Metasploit adds three new exploit modules including an RCE for SharePoint.
2 min
Metasploit
Metasploit每周总结2024年3月22日
新增模块内容(1)
OpenNMS Horizon认证RCE
Author: Erik Wynter
Type: Exploit
拉取请求:#18618 [http://github ..com/rapid7/metasploit-framework/pull/18618]
erikynter [http://github]贡献.com/ErikWynter]
路径:linux / http / opennms_horizon_authenticated_rce
攻击者kb参考:CVE-2023-0872
[http://attackerkb.com/search?q=CVE-2023-0872?referrer=blog]
Description: This module exploits built-in functionality in OpenNMS Horizon in
命令执行任意命令,如t