2 min
Metasploit
Metasploit Weekly Wrap-Up: Oct. 6, 2023
New module content (3)
LDAP Login Scanner
Author: Dean Welch
Type: Auxiliary
Pull request: #18197 [http://github.com/rapid7/metasploit-framework/pull/18197]
contributed by dwelch-r7 [http://github.com/dwelch-r7]
Path: scanner/ldap/ldap_login
描述:此PR为LDAP添加了一个新的登录扫描模块. Login scanners
类是否提供了用于测试身份验证的功能
various different protocols and mechanisms. This LDAP login scanner supports
multiple types of aut
3 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 29, 2023
TeamCity认证绕过和远程代码执行
本周发布的Metasploit包含了一个新模块
JetBrains TeamCity CI/CD服务器中的认证绕过. All versions of
TeamCity prior to version 2023.05.4 are vulnerable to this issue. The
漏洞最初是由SonarSource和Metasploit发现的
模块是由Rapid7的首席安全研究员Stephen less开发的
另外发布了针对CVE-2023-4279攻击者知识库的技术分析
4 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 22, 2023
Improved Ticket Forging
Metasploit的admin/kerberos/forge_ticket模块已经更新,可以使用
Server 2022. 在Windows Server 2022中,微软开始要求额外的更新
要呈现的PAC元素—PAC请求者和PAC属性. The newly
伪造门票将有必要的元素自动添加基于
user provided domain SID and user RID. For example:
msf6 auxiliary(admin/kerberos/forge_ticket) > run aes_key=4a52b73cf37ba06cf693c40f352e2f4d2002ef61f6031f649
4 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 15, 2023
Flask Cookies
本周包括两个与Flask cookie签名相关的模块. One is
特定于Apache Superset,其中会话cookie可以被辞职,允许一个
攻击者提升其权限并转储数据库连接字符串.
在添加此功能时,社区成员h00die
[http://github.com . h00die]还添加了一个模块,用于通用地使用
default session cookies used by Flask. This generic module
auxiliary/gather/python_flask_cookie_signer
[http://git
2 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 8, 2023
New module content (4)
Roundcube TimeZone认证文件披露
Authors: joel, stonepresto, and thomascube
Type: Auxiliary
Pull request: #18286 [http://github.com/rapid7/metasploit-framework/pull/18286]
contributed by cudalac [http://github.com/cudalac]
路径:辅助/收集/ roundcube_auth_file_read
AttackerKB reference: CVE-2017-16651
[http://attackerkb.com/topics/He57FR8fB4/cve-2017-16651?referrer=blog]
描述:这个PR添加了一个模块来检索主机上的任意文件
run
2 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 1, 2023
Pumpkin Spice Modules
在北半球,秋天即将来临:树叶变化,空气
变得又脆又酷,一些黑客改变了咖啡因的味道.
该版本提供了一个针对Apache NiFi的新漏洞利用模块
new and improved library to interact with it.
New module content (1)
Apache NiFi H2连接字符串远程代码执行
Authors: Matei "Mal" Badanoiu and h00die
Type: Exploit
Pull request: #18257 [http://github.com/rapid7/metasploit-fra
3 min
Metasploit
Metasploit Weekly Wrap-Up: Aug. 25, 2023
Power[shell]Point
本周的新特性和改进从两个新的漏洞利用模块开始
leveraging CVE-2023-34960
[http://attackerkb.com/topics/VVJpMeSpUP/cve-2023-34960?referrer=blog] Chamilo
versions 1.11.18 and below and CVE-2023-26469
[http://attackerkb.com/topics/RT7G6Vyw1L/cve-2023-26469?referrer=blog] in
Jorani 1.0.0. Like CVE-2023-34960
[http://attackerkb.com/topics/VVJpMeSpUP/cve-2023-34960?referrer=blog], I too,
feel attacked by PowerPoint sometimes.
We also have several impr
2 min
Metasploit
Metasploit Weekly Wrap-Up: Aug. 18, 2023
Meterpreter Testing
本周的发布为我们的自动化测试套件添加了新的有效负载测试. This is
旨在帮助团队和社区成员识别问题和行为
discrepancies before changes are made. Payloads run on a variety of different
包括Windows、Linux和OS X在内的平台,每个平台都有多个
可用的Meterpreter实现现在已经过测试,以帮助确保
consistency. 这将提高有效负载的稳定性,并使测试更容易
community members tha
2 min
Metasploit
Metasploit Weekly Wrap-Up: Aug. 11, 2023
A new Metabase RCE module, 针对CVE-2023-3519的citrix_formssso_target_rce模块更新,以包含两个新目标, Citrix ADC (NetScaler) 12.1-65.25, and 12.1-64.17, and more
4 min
Metasploit
Metasploit Weekly Wrap-Up: Aug. 4, 2023
用这个新的云漏洞在天空中飞行!
本周,我们添加了一个利用这两种身份验证的新模块
在某些版本的西部数据的MyCloud的绕过和命令注入
hardware. Submitted by community member Erik Wynter
[http://github.com/ErikWynter],该模块获得对目标的访问权限,
尝试绕过身份验证,验证是否成功,然后
executes the payload with root privileges. This works on versions before
2.30.196, and offer
3 min
Metasploit
Metasploit Weekly Wrap-Up: July 28, 2023
Unauthenticated RCE in VMware Product
本周,社区贡献者h00die [http://github].com/h00die] added an
利用VMWare Aria中的命令注入漏洞的exploit模块
网络运营,以前称为vRealize网络洞察. Versions
6.2 to 6.10 are vulnerable (CVE-2023-20887
[http://attackerkb.com/topics/gxz1cUyFh2/cve-2023-20887?referrer=blog]). A
远程攻击者可以通过发送特殊发送来滥用Apache Thrift RPC接口
crafted data and get unauthe
2 min
Metasploit
Metasploit Weekly Wrap Up: July 21, 2023
本周的每周总结包括两个新的Metasploit模块——Piwigo通过SQL注入收集凭证(CVE-2023-26876)和Openfire认证绕过RCE插件(CVE-2023-32315)
2 min
Metasploit
Metasploit Weekly Wrap-Up: July 14, 2023
认证绕过Wordpress插件WooCommerce支付
本周发布的Metasploit包含一个针对CVE-2023-28121的模块
[http://github.com/h00die]. This module can be used against any wordpress
instance that uses WooCommerce payments < 5.6.1. This module exploits an auth
WooCommerce WordPress插件中的旁路漏洞. You can simply add a
头执行旁路并使用API在中创建一个新的管理用户
Wordpress.
New module content (3)
Wordpress Plugin
2 min
Metasploit
Metasploit Weekly Wrap-Up: 7/7/23
Apache RocketMQ
这周我们看到了来自jheysel-r7的优秀团队合作
[http://github.com/jheysel-r7] and h00die [http://github.com/h00die] to bring
you an exploit module for CVE-2023-33246
[http://attackerkb.com/topics/YBI7e7fY0a/cve-2023-33246?referrer=blog].
In Apache RocketMQ version 5.1.0 and under, there is an access control issue
模块利用哪个来更新代理的配置文件
authentication. 从这里我们可以获得远程代码执行,无论用户是谁
ru
2 min
Metasploit
Metasploit Weekly Wrap-Up: 6/30/23
Nothing but .NET?
Smashery继续通过更新我们的 .NET assembly execution module.
The original module allowed users to run a .NET exe as a thread within a process
they created on a remote host. Smashery’s improvements let users run the
可执行文件在托管Meterpreter的进程的线程内,并且也更改了
执行线程的I/O支持管道,允许与
spawned .. NET线程,即使其他进程控制了STDIN和
STDOUT. The