3 min
Metasploit
Metasploit Weekly Wrap-Up 06/21/2024
Argument Injection for PHP on Windows
本周包括目标文件遍历和任意文件读取的模块
Apache、SolarWinds和Check Point等软件的漏洞
最重要的是一个针对最近PHP漏洞的模块
sfewer-r7 [http://github.com/sfewer-r7]. This module exploits an argument
注入漏洞,导致远程代码执行和计量器
在Administrator用户上下文中运行的shell.
Note, that this attac
3 min
Metasploit
Metasploit Weekly Wrap-Up 06/14/2024
New module content (5)
Telerik Report Server Auth Bypass
Authors: SinSinology and Spencer McIntyre
Type: Auxiliary
Pull request: #19242 [http://github.com/rapid7/metasploit-framework/pull/19242]
contributed by zeroSteiner [http://github.com/zeroSteiner]
路径:扫描仪/ http / telerik_report_server_auth_bypass
AttackerKB reference: CVE-2024-4358
[http://attackerkb.com/search?q=CVE-2024-4358?referrer=blog]
描述:这增加了一个CVE-2024-4358的漏洞,这是一个身份验证
bypass in Te
2 min
Metasploit
Metasploit Weekly Wrap-Up 06/07/2024
New OSX payloads:ARMed and Dangerous
除了利用CVE-2024-5084的RCE,通过WordPress获得RCE
哈希形式,这个版本的特点是增加了几个新的二进制OSX
支持aarch64的无阶段有效负载:执行命令、Shell绑定TCP和
Shell Reverse TCP.
新的osx/aarch64/shell_bind_tcp有效负载在目标上打开一个侦听端口
机器,它允许攻击者连接到这个开放端口来生成
命令shell使用用户提供的命令使用exe
2 min
Metasploit
Metasploit Weekly Wrap-Up 05/31/2024
Quis dīrumpet ipsos dīrumpēs
在这个版本中,我们采用了双重攻击:两个漏洞,每个针对两个
pieces of software. The first pair is from h00die [http://github.com/h00die]
targeting the Jasmine Ransomeware Web Server. The first uses CVE-2024-30851 to
检索勒索软件服务器的登录,第二个是目录
允许任意文件读取的遍历漏洞. The second pair from Dave
Rhino Security的Yesland利用CVE-2024-2389及其攻击Progress Flowmon
pai
3 min
Metasploit
Metasploit Weekly Wrap-Up 05/23/2024
Infiltrate the Broadcast!
A new module from Chocapikk [http://github.com/Chocapikk] allows the user to
在易受攻击的流媒体平台上执行远程代码执行
AVideo (12.4 - 14.2). multi/http/avideo_wwbnindex_unauth_rce模块
leverages CVE-2024-31819
[http://attackerkb.com/topics/y127ezofMQ/cve-2024-31819],一个针对
PHP过滤器链接,以获得未经身份验证和非特权访问,获得它
an attacker value of High on AttackerKB
[http://attackerkb.com/t
3 min
Metasploit
Metasploit Wrap-Up 05/17/2024
LDAP Authentication Improvements
This week, in Metasploit v6.4.9, the team has added multiple improvements for
LDAP related attacks. 与身份验证相关的两个改进是新的
support for Signing [http://github.com/rapid7/metasploit-framework/pull/19127]
and Channel Binding [http://github.com/rapid7/metasploit-framework/pull/19132].
Microsoft has been making changes
[http://support.microsoft.com/en gb/topic/2020 - 2023和- 2024 - ldap通道绑定-和- ldap -签署要求
2 min
Metasploit
Metasploit Wrap-Up 05/10/2024
Password Spraying support
多个暴力破解/登录扫描模块已经更新,以支持
PASSWORD_SPRAY module option. This work was completed in pull request #19079
[http://github.从nrathaus
[http://github.com . nrathaus]以及我们的
developers [http://github.com/rapid7/metasploit-framework/pull/19158] . When
设置密码喷洒选项,尝试用户和密码的顺序
attempts are changed
2 min
Metasploit
Metasploit Weekly Wrap-Up 05/03/24
Dump secrets inline
本周,我们自己的cdelafuente-r7 [http://github].com/cdelafuente-r7] added
这是对著名的Windows Secrets Dump模块的重大改进
[http://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/windows_secrets_dump.rb]
在转储SAM哈希、LSA秘密和缓存时减少内存占用
credentials. 该模块现在直接读取Windows注册表远程
无需将完整的注册表项转储到磁盘并解析
4 min
Metasploit
Metasploit Weekly Wrap-Up 04/26/24
Rancher Modules
本周,Metasploit社区成员h00die [http://github].com/h00die] added
针对Rancher实例的两个模块中的第二个. These modules each leak
来自应用程序易受攻击实例的敏感信息
intended to manage Kubernetes clusters. These are a great addition to
Metasploit对测试Kubernetes环境的覆盖
[http://docs.metasploit.com/docs/pentesting/metasploit-guide-kubernetes.html].
PAN-OS RCE
Metasploit also released an e
2 min
Metasploit
Metasploit Weekly Wrap-Up 04/19/24
Welcome Ryan and the new CrushFTP module
并不是每周我们都会在框架中添加一个很棒的新漏洞利用模块
将漏洞的原始发现者也添加到Rapid7团队中.
我们非常高兴地欢迎Ryan Emmons加入紧急威胁响应小组,
which works alongside Metasploit here at Rapid7. Ryan discovered an Improperly
动态确定对象属性的受控修改
10之前版本中的CrushFTP漏洞(CVE-2023-43177).5.1 whic
3 min
Metasploit
Metasploit Weekly Wrap-Up 04/12/24
Account Takeover using Shadow Credentials
Metasploit框架的新版本包括一个Shadow Credentials模块
added by smashery [http://github.com/rapid7/metasploit-framework/pull/19051]
用于可靠地接管Active Directory用户帐户或计算机,以及
让未来的身份验证以该帐户进行. This can be chained
与Metasploit框架中的其他模块(如windows_secrets_dump)一起使用.
Details
该模块针对的是一个“受害者”账户
3 min
Metasploit
Metasploit Weekly Wrap-Up 04/05/2024
New ESC4 Templates for AD CS
Metasploit added capabilities
[http://docs.metasploit.com/docs/pentesting/active-directory/ad-certificates/attacking-ad-cs-esc-vulnerabilities.html]
利用了Metasploit 6中AD CS的ESC系列缺陷.3. The ESC4
技术的支持已经有一段时间了,这要感谢
Ad_cs_cert_templates模块,允许用户读写证书
template objects. 这有利于ESC4的开发
misconfiguration in
3 min
Metasploit
Metasploit Weekly Wrap-Up 03/29/2024
Metasploit增加了三个新的漏洞利用模块,包括SharePoint的RCE.
2 min
Metasploit
Metasploit Weekly Wrap-Up 03/22/2024
New module content (1)
OpenNMS Horizon Authenticated RCE
Author: Erik Wynter
Type: Exploit
Pull request: #18618 [http://github.com/rapid7/metasploit-framework/pull/18618]
contributed by ErikWynter [http://github.com/ErikWynter]
路径:linux / http / opennms_horizon_authenticated_rce
AttackerKB reference: CVE-2023-0872
[http://attackerkb.com/search?q=CVE-2023-0872?referrer=blog]
描述:该模块利用了OpenNMS Horizon中的内置功能
order to execute arbitrary commands as t
2 min
Metasploit
Metasploit Wrap-Up 03/15/2024
New module content (3)
GitLab Password Reset Account Takeover
Authors: asterion04 and h00die
Type: Auxiliary
Pull request: #18716 [http://github.com/rapid7/metasploit-framework/pull/18716]
contributed by h00die [http://github.com/h00die]
路径:admin / http / gitlab_password_reset_account_takeover
AttackerKB reference: CVE-2023-7028
[http://attackerkb.com/search?q=CVE-2023-7028?referrer=blog]
描述:这增加了一个利用帐户接管的漏洞利用模块
vulnerability to take contr