2 min
Metasploit
Metasploit每周总结- 2024年9月20日
New module content (3)
update-motd.d Persistence
Author: Julien Voisin
Type: Exploit
拉取请求:#19454 [http://github ..com/rapid7/metasploit-framework/pull/19454]
由jvoisin [http://github]贡献.com/jvoisin]
Path: linux/local/motd_persistence
描述:它添加了一个post模块来在Linux目标上保持持久性
writing a motd
[http://manpages.ubuntu.com/manpages/trusty/man5/update-motd.5.html] bash
每次用户登录到系统时使用root权限触发的脚本
2 min
Metasploit
Metasploit周报08/16/2024
New module content (3)
Apache HugeGraph Gremlin RCE
Authors: 6right and jheysel-r7
Type: Exploit
拉取请求:#19348 [http://github ..com/rapid7/metasploit-framework/pull/19348]
由jheysel-r7 [http://github]贡献.com/jheysel-r7]
路径:linux / http / apache_hugegraph_gremlin_rce
攻击者kb参考:CVE-2024-27348
[http://attackerkb.com/search?q=CVE-2024-27348&referrer=blog]
描述:增加了一个针对GHSA-29rc-vq7f-x335的Apache HugeGraph服务器漏洞
[http://github.com/advisories/GHSA-29r
2 min
Metasploit
Metasploit Wrap-Up 05/10/2024
Password Spraying support
多个暴力破解/登录扫描模块已经更新,以支持
PASSWORD_SPRAY module option. 这项工作在pull request #19079中完成
[http://github.从nrathaus
[http://github.com . nrathaus]以及我们的
developers [http://github.com/rapid7/metasploit-framework/pull/19158] . When
设置密码喷洒选项,尝试用户和密码的顺序
attempts are changed
2 min
Metasploit
Metasploit周报01/12/24
New module content (1)
Windows收集microtik Winbox“保留密码”凭据提取器
Author: Pasquale 'sid' Fiorillo
Type: Post
拉取请求:#18604 [http://github ..com/rapid7/metasploit-framework/pull/18604]
siddolo [http://github]贡献.com/siddolo]
路径:windows /收集/凭证/ winbox_settings
描述:这个pull请求引入了一个新的post模块来提取
microtik Winbox凭据,这些凭据保存在设置中.cfg.viw file when
the "Keep Password" option
1 min
Metasploit
Metasploit Wrap-Up: Nov. 23, 2023
Metasploit 6.3.发布了稳定性改进和模块修复
2 min
Metasploit
Metasploit Weekly Wrap-Up: Oct. 27, 2023
New module content (4)
Atlassian Confluence数据中心和服务器身份验证绕过
Access Control
Authors: Emir Polat and Unknown
Type: Auxiliary
拉取请求:#18447 [http://github ..com/rapid7/metasploit-framework/pull/18447]
由emirpolatt [http://github]贡献.com/emirpolatt]
路径:admin / http / atlassian_confluence_auth_bypass
攻击者kb参考:CVE-2023-22515
[http://attackerkb.com/topics/q5f0itszw5/cve - 2023 - 22515?referrer=blog]
描述:这增加了一个漏洞
2 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 8, 2023
New module content (4)
Roundcube TimeZone认证文件披露
作者:joel, stonepresto和thomascube
Type: Auxiliary
拉取请求:#18286 [http://github ..com/rapid7/metasploit-framework/pull/18286]
由cudalac [http://github]贡献.com/cudalac]
路径:辅助/收集/ roundcube_auth_file_read
攻击者kb参考:CVE-2017-16651
[http://attackerkb.com/topics/he57fr8fb4/cve - 2017 - 16651?referrer=blog]
描述:这个PR添加了一个模块来检索主机上的任意文件
run
2 min
Metasploit
Metasploit Weekly Wrap-Up: Aug. 11, 2023
A new Metabase RCE module, 针对CVE-2023-3519的citrix_formssso_target_rce模块更新,以包含两个新目标, Citrix ADC (NetScaler) 12.1-65.25, and 12.1-64.17, and more
2 min
Metasploit
Metasploit Weekly Wrap-Up: 6/2/23
增加了对活动目录证书服务ESC4利用的支持, 以及一个新的sudoedit额外参数权限升级模块
2 min
Metasploit
Metasploit每周总结:1/13/23
New module content (2)
Gather Dbeaver Passwords
Author: Kali-Team
Type: Post
拉取请求:#17337 [http://github ..com/rapid7/metasploit-framework/pull/17337]
cn-kali-team [http://github]贡献.com/cn-kali-team]
描述:这增加了一个获取Dbeaver会话数据的post exploit模块
from local configuration files. 它能够提取和解密凭证
存储在这些文件中,适用于安装在Windows或Windows上的任何版本的Dbeaver
Linux/Unix systems.
Gather MinIO Client Key
A
2 min
Metasploit
Metasploit每周总结:11/15/22
2个针对F5设备的新模块,DuckyScript支持,bug修复等等
4 min
Metasploit
Metasploit Weekly Wrap-Up: 9/2/22
ICPR Certificate Management
本周Metasploit有一个新的ICPR证书管理模块来自Oliver
Lyak [http://github.com/ly4k]和我们的Spencer McIntyre
[http://github.com/zeroSteiner],可用于颁发证书
通过Active Directory证书服务. It has the capability to issue
证书,它在一些上下文中很有用,包括持久化、ESC1
[http://posts.specterops.Io /certified-pre-owned-d95910965cd2]
primitive necessary for exp
2 min
Metasploit
Metasploit Wrap-Up: Jul. 9, 2021
A new module for CVE-2021-34527, dubbed PrintNightmare, 以及用于nsclien++的本地权限升级模块
5 min
Metasploit
Metasploit Wrap-Up: 3/26/21
新的Exchange ProxyLogon模块,VMWare View Planner RCE, Advantech iView RCE等!
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 10/30/20
支持收集已保存PuTTY会话的ProxyUsername和ProxyPassword, PsExec模块的可用性改进, and another CTF coming soon.