2 min
Metasploit
Metasploit每周总结2024年3月22日
新增模块内容(1)
OpenNMS Horizon认证RCE
作者:埃里克·温特
Type: Exploit
拉取请求:#18618 [http://github ..com/rapid7/metasploit-framework/pull/18618]
erikynter [http://github]贡献.com/ErikWynter]
Path: linux/http/opennms_horizon_authenticated_rce
攻击者kb参考:CVE-2023-0872
[http://attackerkb.com/search?q=CVE-2023-0872?referrer=blog]
Description: This module exploits built-in functionality in OpenNMS Horizon in
命令执行任意命令,如t
2 min
Metasploit
Metasploit总结2024年3月15日
新增模块内容(3)
GitLab密码重置帐户接管
作者:asterion04和h00die
Type: Auxiliary
拉取请求:#18716 [http://github ..com/rapid7/metasploit-framework/pull/18716]
h00die [http://github]贡献.com/h00die]
Path: admin/http/gitlab_password_reset_account_takeover
攻击者kb参考:CVE-2023-7028
[http://attackerkb.com/search?q=CVE-2023-7028?referrer=blog]
Description: This adds an exploit module that leverages an account-take-over
要控制脆弱
3 min
Metasploit
Metasploit总结:03/08/2024
新增模块内容(2)
GitLab标签RSS订阅邮件披露
作者:erruquill和n00bhaxor
Type: Auxiliary
拉取请求:#18821 [http://github ..com/rapid7/metasploit-framework/pull/18821]
由n00bhaxor [http://github]贡献.com/n00bhaxor]
Path: gather/gitlab_tags_rss_feed_email_disclosure
攻击者kb参考:CVE-2023-5612
[http://attackerkb.com/search?q=CVE-2023-5612?referrer=blog]
Description: This adds an auxiliary module that leverages an information
披露漏洞
2 min
Metasploit
Metasploit每周总结2024年3月1日
Metasploit adds an RCE exploit for ConnectWise ScreenConnect and new documentation for exploiting ESC13.
4 min
Metasploit
Metasploit每周总结2024年2月23日
LDAP捕获模块
Metasploit now has an LDAP capture module thanks to the work of
JustAnda7 [http://github.com/JustAnda7]. 这项工作是作为…的一部分完成的
谷歌代码之夏项目.
When the module runs it will by default require privileges to listen on port
389. The module implements a default implementation for BindRequest,
SearchRequest, UnbindRequest, and will capture both plaintext credentials and
可以强制脱机的NTLM哈希值. 收到成功的Bin
5 min
Metasploit
Metasploit每周总结2024年2月16日
New Fetch Payload
It has been almost a year since Metasploit released the new fetch payloads
[http://alg1nkwa.janalanmckenzie.com/blog/post/2023/05/25/fetch-payloads-a-shorter-path-from-command-injection-to-metasploit-session/]
and since then, 43 of the 79 exploit modules have had support for fetch
payloads. The original payloads supported transferring the second stage over
HTTP, HTTPS和FTP. This week, Metasploit has expanded that protocol support to
include SMB, allowing payloads to be run using rundll3
2 min
Metasploit
Metasploit每周总结,2024年2月9日
Go Go gadget Fortra GoAnywhere MFT模块
This Metasploit release contains a module for one of 2024's hottest
迄今为止的漏洞:CVE-2024-0204. 中的路径遍历漏洞
Fortra GoAnywhere MFT allows for unauthenticated attackers to access the
InitialAccountSetup.xhtml endpoint which is used during the products initial
设置以创建第一个管理员用户. 安装完成后
端点应该不再可用. 攻击者可以利用这个
vulnerability
2 min
Metasploit
Metasploit周报02/02/2024
共享RubySMB服务改进
本周的更新包括对
[http://github.com/rapid7/metasploit-framework/pull/18680] Metasploit
Framework’s SMB server implementation: the SMB server can now be reused across
various SMB modules, which are now able to register their own unique shares and
files. SMB modules can also now be executed concurrently. 目前,有
15 SMB modules in Metasploit Framework that utilize this feature.
新增模块内容(2)
欢乐连接沙漠
5 min
Metasploit
Metasploit周报01/26/24
直接系统调用支持Windows计量器
Direct system calls are a well-known technique that is often used to bypass
EDR/AV detection. This technique is particularly useful when dynamic analysis is
performed, where the security software monitors every process on the system to
侦测任何可疑活动. 一种常见的方法是添加用户域
hooks on Win32 API calls, especially those commonly used by malware. Direct
syscalls are a way to run system calls directly and enter kernel
2 min
Metasploit
Metasploit周报01/19/24
Unicode your way to a php payload and three modules to add to your playbook for
Ansible
Our own jheysel-r7 added an exploit leveraging the fascinating tool of php
filter chaining to prepend a payload using encoding conversion characters and
h00die et. al. have come through and added 3 new Ansible post modules to gather
configuration information, read files, and deploy payloads. While none offer
instantaneous answers across the universe, they will certainly help in red team
exercises.
New module
2 min
Metasploit
Metasploit周报01/12/24
新增模块内容(1)
Windows Gather Mikrotik Winbox "Keep Password" Credentials Extractor
作者:Pasquale 'sid' Fiorillo
Type: Post
拉取请求:#18604 [http://github ..com/rapid7/metasploit-framework/pull/18604]
siddolo [http://github]贡献.com/siddolo]
Path: windows/gather/credentials/winbox_settings
Description: This pull request introduces a new post module to extract the
Mikrotik Winbox credentials, which are saved in the settings.cfg.viw file when
“保留密码”选项
2 min
Metasploit
Metasploit每周总结,2024年5月1日
新增模块内容(2)
Splunk __raw服务器信息披露
作者:KOF2002, h00die, n00bhaxor
Type: Auxiliary
拉取请求:#18635 [http://github ..com/rapid7/metasploit-framework/pull/18635]
由n00bhaxor [http://github]贡献.com/n00bhaxor]
路径:收集/ splunk_raw_server_info
Description: This PR adds a module for an authenticated Splunk information
披露漏洞. This module gathers information about the host machine
and the Splunk install including OS version, build, CP
8 min
Metasploit
Metasploit 2023年度总结:12月. 29, 2023
As 2023 winds down, we’re taking another look back at all the changes and
Metasploit框架的改进. 今年是20周年
Metasploit版本1.0 was committed and the project is still actively
maintained and improved thanks to a thriving community.
Version 6.3
Early this year in January, Metasploit version 6.3
[http://alg1nkwa.janalanmckenzie.com/blog/post/2023/01/30/metasploit-framework-6-3-released/]
was released with a number of improvements for targeting Active Dir
2 min
Metasploit
Metasploit每周总结:12月. 22, 2023
Metasploit has added exploit content for the glibc LPE CVE-2023-4911 (AKA Looney Tunables) and RCE exploits for Confluence and Vinchin Backup and Recovery.
3 min
Metasploit
Metasploit每周总结:12月. 15, 2023
Metasploit的第12次劳动继续进行
Metasploit continues its Herculean task of increasing our toolset to tame
Kerberos by adding support for AS_REP Roasting, which allows retrieving the
password hashes of users who have Do not require Kerberos preauthentication set
在域控制器上. The setting is disabled by default, but it is enabled
在某些环境中.
Attackers can request the hash for any user with that option enabled, and worse
(or better?),可以查询DC来确定