2 min
Metasploit
Metasploit Weekly Wrap-Up 09/06/2024
Honey, I shrunk the PHP payloads
这个版本包含了Julien Voisin对PHP有效负载的更多改进. Last
上周,我们从Julien获得了一个PR,为php/base64添加了一个数据存储选项
编码器,当启用时,将使用zlib压缩负载
极大地减小了大小,将4040字节的有效负载降低到仅为
1617 bytes. 本周发布的版本包括一个php/minify编码器,它删除了所有
负载中不需要的字符,包括注释、空行、引子
4 min
Metasploit
Metasploit Weekly Wrap-Up 08/30/2024
A New Way to Encode PHP Payloads
社区贡献者jvoisin发布了一个新的PHP编码器
[http://github./jvoisin],允许PHP有效负载被编码为
ASCII-Hex string. 然后可以在接收器上对其进行解码以防止出现问题
with unescaped or bad characters.
Ray Vulnerabilities
这次发布的Metasploit框架还提供了3个新的模块
ray.它是一个用于跨web分发ai相关工作负载的框架
multiple machines, which makes it an exce
1 min
Metasploit
Metasploit Weekly Wrap-Up 08/23/2024
New module content (3)
Fortra FileCatalyst工作流SQL注入漏洞(CVE-2024-5276)
Authors: Michael Heinzl and Tenable
Type: Auxiliary
Pull request: #19373 [http://github.com/rapid7/metasploit-framework/pull/19373]
contributed by h4x-x0r [http://github.com/h4x-x0r]
路径:admin / http / fortra_filecatalyst_workflow_sqli
AttackerKB reference: CVE-2024-5276
[http://attackerkb.com/search?q=CVE-2024-5276&referrer=blog]
描述:这增加了一个辅助模块来利用CVE-2024-5276,一个SQL
inj
2 min
Metasploit
Metasploit Weekly Wrap-Up 08/16/2024
New module content (3)
Apache HugeGraph Gremlin RCE
Authors: 6right and jheysel-r7
Type: Exploit
Pull request: #19348 [http://github.com/rapid7/metasploit-framework/pull/19348]
contributed by jheysel-r7 [http://github.com/jheysel-r7]
路径:linux / http / apache_hugegraph_gremlin_rce
AttackerKB reference: CVE-2024-27348
[http://attackerkb.com/search?q=CVE-2024-27348&referrer=blog]
描述:增加了一个针对GHSA-29rc-vq7f-x335的Apache HugeGraph服务器漏洞
[http://github.com/advisories/GHSA-29r
1 min
Metasploit
Metasploit Weekly Wrap-Up 08/09/2024
Black Hat & DEF CON
希望大家能够抓住我们的Rapid7研究人员@zeroSteiner
[http://x.com/zeroSteiner] & Jack Heysel show off the Metasploit 6.4's
功能,专注于组合,允许新的,流线型的攻击
workflows at Black Hat. 如果没有,他们也将在明天的DEF CON上进行演示
room W304!
New module content (1)
Calibre Python代码注入漏洞(CVE-2024-6782)
Authors: Amos Ng and Michael Heinzl
Type: Exploit
Pull request: #19357 [http://github.com/rapid7/meta
2 min
Metasploit
Metasploit Weekly Wrap-Up 08/02/2024
Metasploit goes to Hacker Summer Camp
下周,Metasploit将在黑帽大会上进行演示
[http://www.blackhat.com/us-24/arsenal/schedule/index.html#the-metasploit-framework-39570]
and DEF CON [http://defcon.org/html/defcon-32/dc-32-demolabs.html#54186] where
将展示今年的最新功能. The Black Hat demo
将在周四,8号,10:10 - 11:25举行DEF CON演示
Saturday the 10th from 12:00 to 13:45.
The highlights will include demonst
2 min
Metasploit
Metasploit Weekly Wrap-Up 07/26/2024
New module content (3)
Magento XXE Unserialize Arbitrary File Read
Authors: Heyder and Sergey Temnikov
Type: Auxiliary
Pull request: #19304 [http://github.com/rapid7/metasploit-framework/pull/19304]
contributed by heyder [http://github.com/heyder]
Path: gather/magento_xxe_cve_2024_34102
AttackerKB reference: CVE-2024-34102
[http://attackerkb.com/search?q=CVE-2024-34102&referrer=blog]
说明:这将为XXE添加一个辅助模块,从而产生一个
arbitrary file in Magento which is
2 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up 7/19/2024
一个新的未经身份验证的RCE利用GeoServer, 加上库和Meterpreter更新和增强.
2 min
Metasploit
Metasploit Weekly Wrap-Up 07/12/2024
The Usual Suspects
这个版本有两个针对老朋友的新漏洞:Confluence和
Ivanti. CVE-2024-21683
[http://attackerkb.com/search?q=CVE-2024-21683&referrer=blog] is a very easy
但是正如在《pg电子游戏试玩》中指出的那样
[http://attackerkb.com/assessments/5ad314a1 - 9 - fd7 - 47 - d7 - 835 f - f29680b3961d?referrer=blog]
,则需要以“合流管理员”身份进行身份验证.’ On the other hand,
CVE-2024-29824是Ivanti端未经认证的SQL注入漏洞
2 min
Metasploit
Metasploit Weekly Wrap-Up 07/05/2024
3个新模块- MOVEit Transfer认证旁路CVE-2024-5806, Zyxel command injection, and Azure CLI credentials gatherer
2 min
Metasploit
Metasploit Weekly Wrap-Up 06/28/2024
nettis路由器的未经认证命令注入
本周发布的Metasploit包含一个针对未经身份验证的漏洞利用模块
命令注入漏洞存在于Netis MW5360路由器中
tracked as CVE-2024-22729. 的不当处理导致该漏洞
允许命令的路由器web界面中的密码参数
injection. 幸运的是,对于攻击者来说,路由器的登录页面授权可以
只需删除授权头即可绕过,
3 min
Metasploit
Metasploit Weekly Wrap-Up 06/21/2024
Argument Injection for PHP on Windows
本周包括目标文件遍历和任意文件读取的模块
Apache、SolarWinds和Check Point等软件的漏洞
最重要的是一个针对最近PHP漏洞的模块
sfewer-r7 [http://github.com/sfewer-r7]. This module exploits an argument
注入漏洞,导致远程代码执行和计量器
在Administrator用户上下文中运行的shell.
Note, that this attac
3 min
Metasploit
Metasploit Weekly Wrap-Up 06/14/2024
New module content (5)
Telerik Report Server Auth Bypass
Authors: SinSinology and Spencer McIntyre
Type: Auxiliary
Pull request: #19242 [http://github.com/rapid7/metasploit-framework/pull/19242]
contributed by zeroSteiner [http://github.com/zeroSteiner]
路径:扫描仪/ http / telerik_report_server_auth_bypass
AttackerKB reference: CVE-2024-4358
[http://attackerkb.com/search?q=CVE-2024-4358?referrer=blog]
描述:这增加了一个CVE-2024-4358的漏洞,这是一个身份验证
bypass in Te
2 min
Metasploit
Metasploit Weekly Wrap-Up 06/07/2024
New OSX payloads:ARMed and Dangerous
除了利用CVE-2024-5084的RCE,通过WordPress获得RCE
哈希形式,这个版本的特点是增加了几个新的二进制OSX
支持aarch64的无阶段有效负载:执行命令、Shell绑定TCP和
Shell Reverse TCP.
新的osx/aarch64/shell_bind_tcp有效负载在目标上打开一个侦听端口
机器,它允许攻击者连接到这个开放端口来生成
命令shell使用用户提供的命令使用exe
2 min
Metasploit
Metasploit Weekly Wrap-Up 05/31/2024
Quis dīrumpet ipsos dīrumpēs
在这个版本中,我们采用了双重攻击:两个漏洞,每个针对两个
pieces of software. 第一对来自h00die [http://github].com/h00die]
targeting the Jasmine Ransomeware Web Server. The first uses CVE-2024-30851 to
检索勒索软件服务器的登录,第二个是目录
允许任意文件读取的遍历漏洞. The second pair from Dave
Rhino Security的Yesland利用CVE-2024-2389及其攻击Progress Flowmon
pai