4 min
Metasploit
Metasploit周报04/26/24
Rancher Modules
This week, Metasploit community member h00die [http://github.com/h00die]添加
the second of two modules targeting Rancher instances. 这些模块每个泄漏
sensitive information from vulnerable instances of the application which is
用于管理Kubernetes集群. 这些都是一个伟大的补充
Metasploit’s coverage for testing Kubernetes environments
[http://docs.metasploit.com/docs/pentesting/metasploit-guide-kubernetes.html].
PAN-OS RCE
Metasploit也发布了一份电子邮件
2 min
Events
Take Command Summit: Take Breaches from Inevitable to Preventable on May 21
Registration is now open for Take Command, a day-long virtual summit in partnership with AWS. 你将获得新的攻击情报, 对人工智能颠覆的洞察, 透明的耐多药耐药性伙伴关系, and more.
2 min
Metasploit
Metasploit周报04/19/24
欢迎Ryan和新的CrushFTP模块
It's not every week we add an awesome new exploit module to the Framework while
adding the original discoverer of the vulnerability to the Rapid7 team as well.
We're very excited to welcome Ryan Emmons to the 紧急威胁响应 team,
which works alongside Metasploit here at Rapid7. 瑞安发现了一个不合适的
Controlled Modification of Dynamically-Determined Object Attributes
vulnerability in CrushFTP (CVE-2023-43177) versions prior to 10.5.1 whic
3 min
Metasploit
Metasploit周报04/12/24
使用影子凭证接管帐户
The new release of Metasploit Framework includes a Shadow Credentials module
由smashery [http://github]添加.com/rapid7/metasploit-framework/pull/19051]
used for reliably taking over an Active Directory user account or computer, and
letting future authentication to happen as that account. 这可以被链接起来
with other modules present in Metasploit Framework such as windows_secrets_dump.
Details
The module targets a ‘victim’ account that is part of a
3 min
Metasploit
Metasploit周报04/05/2024
新增ESC4 AD CS模板
Metasploit增加了功能
[http://docs.metasploit.com/docs/pentesting/active-directory/ad-certificates/attacking-ad-cs-esc-vulnerabilities.html]
for exploiting the ESC family of flaws in AD CS in Metasploit 6.3. The ESC4
technique in particular has been supported for some time now thanks to the
ad_cs_cert_templates module which enables users to read and write certificate
模板对象. This facilitates the exploitation of ESC4 which is a
错误配置在
3 min
Metasploit
Metasploit每周总结2024年3月29日
Metasploit adds three new exploit modules including an RCE for SharePoint.
12 min
Metasploit
Metasploit框架.4 Released
Today, Metasploit is pleased to announce the release of Metasploit Framework
6.4. It has been just over a year since the release of version 6.3
[http://cd0ajn7l.toymonstertruck.com/blog/post/2023/01/30/metasploit-framework-6-3-released/]
and the team has added many new features and improvements since then.
For news reporters, please reach out to press@toymonstertruck.com.
Kerberos的改进
Metasploit 6.3 included initial support for Kerberos authentication within
Metasploit and was one of the larger features i
2 min
Metasploit
Metasploit每周总结2024年3月22日
新增模块内容(1)
OpenNMS Horizon认证RCE
作者:埃里克·温特
Type: Exploit
拉取请求:#18618 [http://github ..com/rapid7/metasploit-framework/pull/18618]
erikynter [http://github]贡献.com/ErikWynter]
Path: linux/http/opennms_horizon_authenticated_rce
攻击者kb参考:CVE-2023-0872
[http://attackerkb.com/search?q=CVE-2023-0872?referrer=blog]
Description: This module exploits built-in functionality in OpenNMS Horizon in
命令执行任意命令,如t
2 min
Metasploit
Metasploit总结2024年3月15日
新增模块内容(3)
GitLab密码重置帐户接管
作者:asterion04和h00die
Type: Auxiliary
拉取请求:#18716 [http://github ..com/rapid7/metasploit-framework/pull/18716]
h00die [http://github]贡献.com/h00die]
Path: admin/http/gitlab_password_reset_account_takeover
攻击者kb参考:CVE-2023-7028
[http://attackerkb.com/search?q=CVE-2023-7028?referrer=blog]
Description: This adds an exploit module that leverages an account-take-over
要控制脆弱
3 min
Metasploit
Metasploit总结:03/08/2024
新增模块内容(2)
GitLab标签RSS订阅邮件披露
作者:erruquill和n00bhaxor
Type: Auxiliary
拉取请求:#18821 [http://github ..com/rapid7/metasploit-framework/pull/18821]
由n00bhaxor [http://github]贡献.com/n00bhaxor]
Path: gather/gitlab_tags_rss_feed_email_disclosure
攻击者kb参考:CVE-2023-5612
[http://attackerkb.com/search?q=CVE-2023-5612?referrer=blog]
Description: This adds an auxiliary module that leverages an information
披露漏洞
2 min
Metasploit
Metasploit每周总结2024年3月1日
Metasploit adds an RCE exploit for ConnectWise ScreenConnect and new documentation for exploiting ESC13.
4 min
Metasploit
Metasploit每周总结2024年2月23日
LDAP捕获模块
Metasploit now has an LDAP capture module thanks to the work of
JustAnda7 [http://github.com/JustAnda7]. 这项工作是作为…的一部分完成的
谷歌代码之夏项目.
When the module runs it will by default require privileges to listen on port
389. The module implements a default implementation for BindRequest,
SearchRequest, UnbindRequest, and will capture both plaintext credentials and
可以强制脱机的NTLM哈希值. 收到成功的Bin
5 min
Metasploit
Metasploit每周总结2024年2月16日
新的获取负载
It has been almost a year since Metasploit released the new fetch payloads
[http://cd0ajn7l.toymonstertruck.com/blog/post/2023/05/25/fetch-payloads-a-shorter-path-from-command-injection-to-metasploit-session/]
and since then, 43 of the 79 exploit modules have had support for fetch
payloads. The original payloads supported transferring the second stage over
HTTP, HTTPS和FTP. This week, Metasploit has expanded that protocol support to
include SMB, allowing payloads to be run using rundll3
2 min
Metasploit
Metasploit每周总结,2024年2月9日
Go Go gadget Fortra GoAnywhere MFT模块
This Metasploit release contains a module for one of 2024's hottest
迄今为止的漏洞:CVE-2024-0204. 中的路径遍历漏洞
Fortra GoAnywhere MFT allows for unauthenticated attackers to access the
InitialAccountSetup.xhtml endpoint which is used during the products initial
设置以创建第一个管理员用户. 安装完成后
端点应该不再可用. 攻击者可以利用这个
vulnerability
2 min
Metasploit
Metasploit周报02/02/2024
共享RubySMB服务改进
本周的更新包括对
[http://github.com/rapid7/metasploit-framework/pull/18680] Metasploit
Framework’s SMB server implementation: the SMB server can now be reused across
various SMB modules, which are now able to register their own unique shares and
files. SMB modules can also now be executed concurrently. 目前,有
15 SMB modules in Metasploit Framework that utilize this feature.
新增模块内容(2)
欢乐连接沙漠