Posts tagged Metasploit

3 min Metasploit

Metasploit Wrap-Up 05/17/2024

LDAP Authentication Improvements This week, in Metasploit v6.4.9, the team has added multiple improvements for LDAP related attacks. Two improvements relating to authentication is the new support for Signing [http://github.com/rapid7/metasploit-framework/pull/19127] and Channel Binding [http://github.com/rapid7/metasploit-framework/pull/19132]. Microsoft has been making changes [http://support.microsoft.com/en-gb/topic/2020-2023-and-2024-ldap-channel-binding-and-ldap-signing-requirements-for

2 min Metasploit

Metasploit Wrap-Up 05/10/2024

Password Spraying support Multiple bruteforce/login scanner modules have been updated to support a PASSWORD_SPRAY module option. This work was completed in pull request #19079 [http://github.com/rapid7/metasploit-framework/pull/19079] from nrathaus [http://github.com/nrathaus] as well as an additional update from our developers [http://github.com/rapid7/metasploit-framework/pull/19158] . When the password spraying option is set, the order of attempted users and password attempts are changed

2 min Metasploit

Metasploit Weekly Wrap-Up 05/03/24

Dump secrets inline This week, our very own cdelafuente-r7 [http://github.com/cdelafuente-r7] added a significant improvement to the well-known Windows Secrets Dump module [http://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/windows_secrets_dump.rb] to reduce the footprint when dumping SAM hashes, LSA secrets and cached credentials. The module is now directly reading the Windows Registry remotely without having to dump the full registry keys to disk and parse th

4 min Metasploit

Metasploit Weekly Wrap-Up 04/26/24

Rancher Modules This week, Metasploit community member h00die [http://github.com/h00die] added the second of two modules targeting Rancher instances. These modules each leak sensitive information from vulnerable instances of the application which is intended to manage Kubernetes clusters. These are a great addition to Metasploit’s coverage for testing Kubernetes environments [http://docs.metasploit.com/docs/pentesting/metasploit-guide-kubernetes.html]. PAN-OS RCE Metasploit also released an e

2 min Events

Take Command Summit: Take Breaches from Inevitable to Preventable on May 21

Registration is now open for Take Command, a day-long virtual summit in partnership with AWS. You’ll get new attack intelligence, insight into AI disruption, transparent MDR partnerships, and more.

2 min Metasploit

Metasploit Weekly Wrap-Up 04/19/24

Welcome Ryan and the new CrushFTP module It's not every week we add an awesome new exploit module to the Framework while adding the original discoverer of the vulnerability to the Rapid7 team as well. We're very excited to welcome Ryan Emmons to the Emergent Threat Response team, which works alongside Metasploit here at Rapid7. Ryan discovered an Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in CrushFTP (CVE-2023-43177) versions prior to 10.5.1 whic

3 min Metasploit

Metasploit Weekly Wrap-Up 04/12/24

Account Takeover using Shadow Credentials The new release of Metasploit Framework includes a Shadow Credentials module added by smashery [http://github.com/rapid7/metasploit-framework/pull/19051] used for reliably taking over an Active Directory user account or computer, and letting future authentication to happen as that account. This can be chained with other modules present in Metasploit Framework such as windows_secrets_dump. Details The module targets a ‘victim’ account that is part of a

3 min Metasploit

Metasploit Weekly Wrap-Up 04/05/2024

New ESC4 Templates for AD CS Metasploit added capabilities [http://docs.metasploit.com/docs/pentesting/active-directory/ad-certificates/attacking-ad-cs-esc-vulnerabilities.html] for exploiting the ESC family of flaws in AD CS in Metasploit 6.3. The ESC4 technique in particular has been supported for some time now thanks to the ad_cs_cert_templates module which enables users to read and write certificate template objects. This facilitates the exploitation of ESC4 which is a misconfiguration in

3 min Metasploit

Metasploit Weekly Wrap-Up 03/29/2024

Metasploit adds three new exploit modules including an RCE for SharePoint.

12 min Metasploit

Metasploit Framework 6.4 Released

Today, Metasploit is pleased to announce the release of Metasploit Framework 6.4. It has been just over a year since the release of version 6.3 [http://glr.eduftp.net/blog/post/2023/01/30/metasploit-framework-6-3-released/] and the team has added many new features and improvements since then. For news reporters, please reach out to press@eduftp.net. Kerberos Improvements Metasploit 6.3 included initial support for Kerberos authentication within Metasploit and was one of the larger features i

2 min Metasploit

Metasploit Weekly Wrap-Up 03/22/2024

New module content (1) OpenNMS Horizon Authenticated RCE Author: Erik Wynter Type: Exploit Pull request: #18618 [http://github.com/rapid7/metasploit-framework/pull/18618] contributed by ErikWynter [http://github.com/ErikWynter] Path: linux/http/opennms_horizon_authenticated_rce AttackerKB reference: CVE-2023-0872 [http://attackerkb.com/search?q=CVE-2023-0872?referrer=blog] Description: This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as t

2 min Metasploit

Metasploit Wrap-Up 03/15/2024

New module content (3) GitLab Password Reset Account Takeover Authors: asterion04 and h00die Type: Auxiliary Pull request: #18716 [http://github.com/rapid7/metasploit-framework/pull/18716] contributed by h00die [http://github.com/h00die] Path: admin/http/gitlab_password_reset_account_takeover AttackerKB reference: CVE-2023-7028 [http://attackerkb.com/search?q=CVE-2023-7028?referrer=blog] Description: This adds an exploit module that leverages an account-take-over vulnerability to take contr

3 min Metasploit

Metasploit Wrap-Up 03/08/2024

New module content (2) GitLab Tags RSS feed email disclosure Authors: erruquill and n00bhaxor Type: Auxiliary Pull request: #18821 [http://github.com/rapid7/metasploit-framework/pull/18821] contributed by n00bhaxor [http://github.com/n00bhaxor] Path: gather/gitlab_tags_rss_feed_email_disclosure AttackerKB reference: CVE-2023-5612 [http://attackerkb.com/search?q=CVE-2023-5612?referrer=blog] Description: This adds an auxiliary module that leverages an information disclosure vulnerability (CVE

2 min Metasploit

Metasploit Weekly Wrap-Up 03/01/2024

Metasploit adds an RCE exploit for ConnectWise ScreenConnect and new documentation for exploiting ESC13.

4 min Metasploit

Metasploit Weekly Wrap-Up 02/23/2024

LDAP Capture module Metasploit now has an LDAP capture module thanks to the work of JustAnda7 [http://github.com/JustAnda7]. This work was completed as part of the Google Summer of Code program. When the module runs it will by default require privileges to listen on port 389. The module implements a default implementation for BindRequest, SearchRequest, UnbindRequest, and will capture both plaintext credentials and NTLM hashes which can be brute-forced offline. Upon receiving a successful Bin