2 min
Metasploit
Metasploit Wrap-Up 05/10/2024
Password Spraying support
多个暴力破解/登录扫描模块已经更新,以支持
PASSWORD_SPRAY module option. This work was completed in pull request #19079
[http://github.从nrathaus
[http://github.com . nrathaus]以及我们的
developers [http://github.com/rapid7/metasploit-framework/pull/19158] . When
设置密码喷洒选项,尝试用户和密码的顺序
attempts are changed
2 min
Metasploit
Metasploit Weekly Wrap-Up 05/03/24
Dump secrets inline
本周,我们自己的cdelafuente-r7 [http://github].com/cdelafuente-r7] added
这是对著名的Windows Secrets Dump模块的重大改进
[http://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/windows_secrets_dump.rb]
在转储SAM哈希、LSA秘密和缓存时减少内存占用
credentials. 该模块现在直接读取Windows注册表远程
无需将完整的注册表项转储到磁盘并解析
4 min
Metasploit
Metasploit Weekly Wrap-Up 04/26/24
Rancher Modules
本周,Metasploit社区成员h00die [http://github].com/h00die] added
针对Rancher实例的两个模块中的第二个. These modules each leak
来自应用程序易受攻击实例的敏感信息
intended to manage Kubernetes clusters. These are a great addition to
Metasploit对测试Kubernetes环境的覆盖
[http://docs.metasploit.com/docs/pentesting/metasploit-guide-kubernetes.html].
PAN-OS RCE
Metasploit also released an e
2 min
Events
5月21日召开指挥峰会:将违规行为从不可避免变为可预防
与AWS合作举办的为期一天的虚拟峰会Take Command现已开放注册. You’ll get new attack intelligence, insight into AI disruption, transparent MDR partnerships, and more.
2 min
Metasploit
Metasploit Weekly Wrap-Up 04/19/24
Welcome Ryan and the new CrushFTP module
并不是每周我们都会在框架中添加一个很棒的新漏洞利用模块
将漏洞的原始发现者也添加到Rapid7团队中.
我们非常高兴地欢迎Ryan Emmons加入紧急威胁响应小组,
which works alongside Metasploit here at Rapid7. Ryan discovered an Improperly
动态确定对象属性的受控修改
10之前版本中的CrushFTP漏洞(CVE-2023-43177).5.1 whic
3 min
Metasploit
Metasploit Weekly Wrap-Up 04/12/24
Account Takeover using Shadow Credentials
Metasploit框架的新版本包括一个Shadow Credentials模块
added by smashery [http://github.com/rapid7/metasploit-framework/pull/19051]
用于可靠地接管Active Directory用户帐户或计算机,以及
让未来的身份验证以该帐户进行. This can be chained
与Metasploit框架中的其他模块(如windows_secrets_dump)一起使用.
Details
该模块针对的是一个“受害者”账户
3 min
Metasploit
Metasploit Weekly Wrap-Up 04/05/2024
New ESC4 Templates for AD CS
Metasploit added capabilities
[http://docs.metasploit.com/docs/pentesting/active-directory/ad-certificates/attacking-ad-cs-esc-vulnerabilities.html]
利用了Metasploit 6中AD CS的ESC系列缺陷.3. The ESC4
技术的支持已经有一段时间了,这要感谢
Ad_cs_cert_templates模块,允许用户读写证书
template objects. 这有利于ESC4的开发
misconfiguration in
3 min
Metasploit
Metasploit Weekly Wrap-Up 03/29/2024
Metasploit增加了三个新的漏洞利用模块,包括SharePoint的RCE.
12 min
Metasploit
Metasploit Framework 6.4 Released
今天,Metasploit很高兴地宣布发布Metasploit框架
6.4. 从第6版发布到现在已经一年多了.3
[http://x6t.7453h.com/blog/post/2023/01/30/metasploit-framework-6-3-released/]
从那时起,该团队增加了许多新功能和改进.
新闻记者请联系press@7453h.com.
Kerberos Improvements
Metasploit 6.3中包含了对Kerberos身份验证的初始支持
Metasploit和是其中一个较大的功能
2 min
Metasploit
Metasploit Weekly Wrap-Up 03/22/2024
New module content (1)
OpenNMS Horizon Authenticated RCE
Author: Erik Wynter
Type: Exploit
Pull request: #18618 [http://github.com/rapid7/metasploit-framework/pull/18618]
contributed by ErikWynter [http://github.com/ErikWynter]
路径:linux / http / opennms_horizon_authenticated_rce
AttackerKB reference: CVE-2023-0872
[http://attackerkb.com/search?q=CVE-2023-0872?referrer=blog]
描述:该模块利用了OpenNMS Horizon中的内置功能
order to execute arbitrary commands as t
2 min
Metasploit
Metasploit Wrap-Up 03/15/2024
New module content (3)
GitLab Password Reset Account Takeover
Authors: asterion04 and h00die
Type: Auxiliary
Pull request: #18716 [http://github.com/rapid7/metasploit-framework/pull/18716]
contributed by h00die [http://github.com/h00die]
路径:admin / http / gitlab_password_reset_account_takeover
AttackerKB reference: CVE-2023-7028
[http://attackerkb.com/search?q=CVE-2023-7028?referrer=blog]
描述:这增加了一个利用帐户接管的漏洞利用模块
vulnerability to take contr
3 min
Metasploit
Metasploit Wrap-Up 03/08/2024
New module content (2)
GitLab Tags RSS feed email disclosure
Authors: erruquill and n00bhaxor
Type: Auxiliary
Pull request: #18821 [http://github.com/rapid7/metasploit-framework/pull/18821]
contributed by n00bhaxor [http://github.com/n00bhaxor]
路径:收集/ gitlab_tags_rss_feed_email_disclosure
AttackerKB reference: CVE-2023-5612
[http://attackerkb.com/search?q=CVE-2023-5612?referrer=blog]
说明:增加一个辅助模块,利用信息
disclosure vulnerability (CVE
2 min
Metasploit
Metasploit Weekly Wrap-Up 03/01/2024
Metasploit为ConnectWise ScreenConnect添加了一个RCE漏洞,并为利用ESC13添加了新的文档.
4 min
Metasploit
Metasploit Weekly Wrap-Up 02/23/2024
LDAP Capture module
Metasploit现在有了一个LDAP捕获模块
JustAnda7 [http://github.com/JustAnda7]. This work was completed as part of the
Google Summer of Code program.
当模块运行时,默认情况下它将需要特权来监听端口
389. 该模块实现了BindRequest的默认实现,
SearchRequest、UnbindRequest,并将捕获明文凭证和
NTLM hashes which can be brute-forced offline. Upon receiving a successful Bin
5 min
Metasploit
Metasploit Weekly Wrap-Up 02/16/2024
New Fetch Payload
Metasploit发布新的获取有效负载已经快一年了
[http://x6t.7453h.com/blog/post/2023/05/25/fetch-payloads-a-shorter-path-from-command-injection-to-metasploit-session/]
从那时起,79个漏洞利用模块中有43个支持fetch
payloads. 原来的有效载荷支持第二级的转移
HTTP, HTTPS and FTP. 本周,Metasploit已将该协议支持扩展到
包括SMB,允许使用rundll3运行有效负载