2 min
Metasploit
Metasploit Weekly Wrap-Up 07/12/2024
The Usual Suspects
这个版本有两个针对老朋友的新漏洞:Confluence和
Ivanti. CVE-2024-21683
[http://attackerkb.com/search?q=CVE-2024-21683&referrer=blog] is a very easy
但是正如在《ladbrokes立博官网》中指出的那样
[http://attackerkb.com/assessments/5ad314a1-9fd7-47d7-835f-f29680b3961d?referrer=blog]
,则需要以“合流管理员”身份进行身份验证.’ On the other hand,
CVE-2024-29824是Ivanti端未经认证的SQL注入漏洞
2 min
Metasploit
Metasploit Weekly Wrap-Up 06/07/2024
New OSX payloads:ARMed and Dangerous
除了利用CVE-2024-5084的RCE,通过WordPress获得RCE
哈希形式,这个版本的特点是增加了几个新的二进制OSX
支持aarch64的无阶段有效负载:执行命令、Shell绑定TCP和
Shell Reverse TCP.
新的osx/aarch64/shell_bind_tcp有效负载在目标上打开一个侦听端口
机器,它允许攻击者连接到这个开放端口来生成
命令shell使用用户提供的命令使用exe
2 min
Metasploit
Metasploit Weekly Wrap-Up 05/31/2024
Quis dīrumpet ipsos dīrumpēs
在这个版本中,我们采用了双重攻击:两个漏洞,每个针对两个
pieces of software. The first pair is from h00die [http://github.com/h00die]
targeting the Jasmine Ransomeware Web Server. The first uses CVE-2024-30851 to
检索勒索软件服务器的登录,第二个是目录
traversal vulnerability allowing arbitrary file read. The second pair from Dave
Rhino Security的Yesland利用CVE-2024-2389及其攻击Progress Flowmon
pai
3 min
Metasploit
Metasploit Weekly Wrap-Up 03/29/2024
Metasploit增加了三个新的漏洞利用模块,包括SharePoint的RCE.
2 min
Metasploit
Metasploit Weekly Wrap-Up 01/19/24
Unicode的方式到php有效负载和三个模块添加到您的剧本
Ansible
我们自己的jheyself -r7添加了一个利用php这个迷人工具的漏洞
过滤器链接使用编码转换字符和添加有效负载
h00die et. al. 已经通过并添加了3个新的Ansible帖子模块来收集
配置信息、读取文件和部署有效负载. While none offer
瞬间的答案跨越宇宙,他们一定会帮助红队
exercises.
New module
3 min
Metasploit
Metasploit Weekly Wrap-Up: Dec. 15, 2023
Continuing the 12th Labor of Metasploit
Metasploit继续其艰巨的任务,增加我们的工具集驯服
Kerberos通过添加对AS_REP焙烧的支持,它允许检索
设置了“不需要Kerberos预认证”的用户的密码散列
on the domain controller. The setting is disabled by default, but it is enabled
in some environments.
攻击者可以为启用该选项的任何用户请求散列,甚至更糟
(or better?) you can query the DC to determine
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 12/8/2023
本周新增:一个OwnCloud收集模块和一个Docker cgroups容器escape. 另外,早期的特性允许用户搜索模块操作、目标和别名.
3 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up 11/10/23
Apache MQ and Three Cisco Modules in a Trenchcoat
本周的发布有很多新的内容和功能模块针对两个
最近受到大量关注的主要漏洞:CVE-2023-46604
targeting Apache MQ
[http://64t.ivantseng.com/blog/post/2023/11/01/etr疑似-开发- - apache activemq - cve - 2023 46604/]
导致针对思科IOS XE操作系统的勒索软件部署和CVE-2023-20198
[http://64t.ivantseng.com/blog/post/2023/10/17/etr - cve - 2023 - 20198 -活动- exploitati
4 min
Metasploit
Metasploit Weekly Wrap-Up: Oct. 19, 2023
That Privilege Escalation Escalated Quickly
此版本提供了一个利用CVE-2023-22515的模块
[http://64t.ivantseng.com/blog/post/2023/10/04/etr - cve - 2023 - 22515 - 0 -天-特权升级- -融合-服务器-和-数据- center/]
, Atlassian内部部署的Confluence服务器中的一个漏洞首先被列为安全漏洞
权限升级,但很快被重新归类为“访问控制失效”
with a CVSS score of 10. The exploit itself is very simple and easy to use so
there was little surprise when
2 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 1, 2023
Pumpkin Spice Modules
在北半球,秋天即将来临:树叶变化,空气
变得又脆又酷,一些黑客改变了咖啡因的味道.
该版本提供了一个针对Apache NiFi的新漏洞利用模块
new and improved library to interact with it.
New module content (1)
Apache NiFi H2连接字符串远程代码执行
Authors: Matei "Mal" Badanoiu and h00die
Type: Exploit
Pull request: #18257 [http://github.com/rapid7/metasploit-fra
3 min
Metasploit
Metasploit Weekly Wrap-Up: Aug. 25, 2023
Power[shell]Point
本周的新特性和改进从两个新的漏洞利用模块开始
leveraging CVE-2023-34960
[http://attackerkb.com/topics/VVJpMeSpUP/cve-2023-34960?referrer=blog] Chamilo
versions 1.11.18 and below and CVE-2023-26469
[http://attackerkb.com/topics/RT7G6Vyw1L/cve-2023-26469?referrer=blog] in
Jorani 1.0.0. Like CVE-2023-34960
[http://attackerkb.com/topics/VVJpMeSpUP/cve-2023-34960?referrer=blog], I too,
feel attacked by PowerPoint sometimes.
We also have several impr
2 min
Metasploit
Metasploit Weekly Wrap-Up: 6/30/23
Nothing but .NET?
Smashery continues to… smash it by updating our .NET assembly execution module.
The original module allowed users to run a .NET exe as a thread within a process
they created on a remote host. Smashery’s improvements let users run the
可执行文件在托管Meterpreter的进程的线程内,并且也更改了
执行线程的I/O支持管道,允许与
spawned .. NET线程,即使其他进程控制了STDIN和
STDOUT. The
3 min
Metasploit
Metasploit Weekly Wrap-Up: Jun. 9, 2023
MOVEit
It has been a busy few weeks in the security space; the MOVEit
[http://64t.ivantseng.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/?utm_campaign=sm-blog&utm_source=twitter&utm_medium=organic-social]
用跳舞的狐猴和梭鱼填充我们的新闻推送
[http://64t.ivantseng.com/blog/post/2023/06/08/etr - cve - 2023 - 2868 -总-妥协-物理-梭鱼appliances/——环境、社会和治理?utm_campaign=sm-ETR&utm_source=twitter,linkedin&utm_me
6 min
Metasploit
获取有效负载:从命令注入到Metasploit会话的更短路径
Rapid7很高兴地宣布Metasploit获取有效负载的可用性, 提高效率和用户对所执行命令的控制.
3 min
Metasploit
Metasploit Weekly Wrap-Up: May 5, 2023
Throw another log [file] on the fire
我们的Stephen less编写了一个针对CVE-2023-26360的模块
[http://attackerkb.com/topics/F36ClHTTIQ/cve-2023-26360?referrer=blog]
影响ColdFusion 2021更新5及更早版本以及ColdFusion 2018更新
15 and earlier. 该漏洞允许多条路径执行代码,但是
我们的模块通过利用将导致服务器的请求来工作
在远程的任意文件上评估ColdFusion标记语言
system. This all