4 min
Metasploit
Metasploit每周总结
这种特权升级迅速升级
This release features a module leveraging CVE-2023-22515
[http://psbv.district4promotions.com/blog/post/2023/10/04/etr-cve-2023-22515-zero-day-privilege-escalation-in-confluence-server-and-data-center/]
, a vulnerability in Atlassian’s on-premises Confluence Server first listed as a
privilege escalation, but quickly recategorized as a “broken access control”
与10的CVSS分数. The exploit itself is very simple and easy to use so
当
2 min
Metasploit
Metasploit每周总结
南瓜香料模块
Here in the northern hemisphere, fall is on the way: leaves changing, the air
growing crisp and cool, and some hackers changing the flavor of their caffeine.
This release features a new exploit module targeting Apache NiFi as well as a
新的和改进的库与它交互.
新增模块内容(1)
Apache NiFi H2 Connection String Remote Code Execution
作者:Matei“Mal”Badanoiu和h00die
Type: Exploit
拉取请求:#18257 [http://github ..com/rapid7/metasploit-fra
3 min
Metasploit
Metasploit每周总结
权力(壳)点
This week’s new features and improvements start with two new exploit modules
利用cve - 2023 - 34960
[http://attackerkb.com/topics/vvjpmespup/cve - 2023 - 34960?引用博客]Chamilo =
versions 1.11.18及以下和CVE-2023-26469
[http://attackerkb.com/topics/rt7g6vyw1l/cve - 2023 - 26469?介绍人=博客]
Jorani 1.0.0. 像cve - 2023 - 34960
[http://attackerkb.com/topics/vvjpmespup/cve - 2023 - 34960?,我也是。
有时我觉得自己被ppt攻击了.
我们也有几个进口商
2 min
Metasploit
Metasploit每周总结
Nothing but .NET?
Smashery继续通过更新我们的 .. NET程序集执行模块.
最初的模块允许用户运行 .. NET exe作为进程内的线程
它们在远程主机上创建. Smashery的改进让用户可以运行
executable within a thread of the process hosting Meterpreter and also changed
the I/O for the executing thread to support pipes, allowing interaction with the
spawned .NET thread, even when the other process has control over STDIN and
STDOUT. The
3 min
Metasploit
Metasploit每周总结
MOVEit
It has been a busy few weeks in the security space; the MOVEit
[http://psbv.district4promotions.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/?utm_campaign = sm-blog&twitter utm_source =&utm_medium =有机社交]
vulnerability filling our news feeds with dancing lemurs and a Barracuda
[http://psbv.district4promotions.com/blog/post/2023/06/08/etr-cve-2023-2868-total-compromise-of-physical-barracuda-esg-appliances/?utm_campaign = sm-ETR&utm_source = twitter、linkedin&utm_me
6 min
Metasploit
Fetch Payloads: A Shorter Path from Command Injection to Metasploit Session
Rapid7 is pleased to announce the availability of Metasploit fetch payloads, which increase efficiency and user control over the commands executed.
3 min
Metasploit
Metasploit每周总结
把另一根木头[文件]扔进火里
Our own Stephen Fewer authored a module targeting CVE-2023-26360
[http://attackerkb.com/topics/f36clhttiq/cve - 2023 - 26360?referrer=blog]
affecting ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update
15 and earlier. The vulnerability allows multiple paths to code execution, but
our module works by leveraging a request that will result in the server
evaluating the ColdFusion Markup language on an arbitrary file on the remote
system. This all
3 min
Metasploit每周总结
Metasploit每周总结
度过了一个安静的假期
Thankfully, it was a relatively quiet holiday break for security this year, so
we hope everyone had a relaxing time while they could. 这个包裹覆盖了
last three Metasploit releases, and contains three new modules, two updates, and
修复了五个bug.
确保你的OpenTSDB不是太开放
Of particular note in this release is a new module from community contributors
埃里克·温特[http://github ..[erikynter]和Shai rod
[http://github.com/nightrang3r
4 min
Metasploit
Metasploit每周总结
A sack full of cheer from the Hacking Elves of Metasploit
It is clear that the Metasploit elves have been busy this season: Five new
modules, six new enhancements, nine new bug fixes, and a partridge in a pear
这周我们要出发了! (不包括鹧鸪和梨树.) In this sack
of goodies, we have a gift that keeps on giving: Shelby’s
[http://github.com/space-r7] Acronis TrueImage Privilege Escalation
[http://github.com/rapid7/metasploit-framework/pull/17265] works wonderfully,
even
3 min
Metasploit
Metasploit每周总结
C是饼干
And that’s good enough for Apache CouchDB, apparently. 我们的杰克·海塞尔
[http://github.com/jheysel-r7] added an exploit module based on CVE-2022-24706
在3之前针对CouchDB.2.2、利用一个特殊的默认“怪物”cookie
允许用户运行操作系统命令.
我刚做的这台假电脑上写着我是管理员
Metasploit的zeroSteiner [http://github].com/zeroSteiner]添加了一个模块
perform Role-based Constrained Delegation (RBCD) on an Active Directory network.
2 min
Metasploit
Metasploit每周总结
高知名度模块的融合
This release features modules covering the Confluence remote code execution bug
CVE-2022-26134 and the hotly-debated CVE-2022-30190, a file format vulnerability
in the Windows Operating System accessible through malicious documents. Both
have been all over the news, and we’re very happy to bring them to you so that
you can verify mitigations and patches in your infrastructure. 如果你愿意的话
read more about these vulnerabilities, Rapid7 has AttackerKB analy
2 min
Metasploit
Metasploit每周总结
图片来源:http://upload.wikimedia.org/wikipedia/commons/c/c7/Logs.jpg
without changewhile (j==shell); Log4j;
The Log4j loop continues as we release a module targeting vulnerable vCenter
releases. This is a good time to suggest that you check your vCenter releases
and maybe even increase the protection surrounding them, as it’s been a rough
一年以上的vCenter
[http://attackerkb.com/search?q=vcenter&标签= exploitedInTheWild].
让你的壳自己走吧
bcoles [http://github.com/bcoles
3 min
Metasploit每周总结
Metasploit简讯
Jira用户枚举的新模块, Git远程代码执行通过Git -lfs, Geutebruck相机后开发模块, 以及elFinder PHP应用程序中未经身份验证的RCE
2 min
Metasploit
Metasploit简讯
无法容纳的容器
Our own Christophe De La Fuente added a module for CVE-2019-5736 based on the
work of Adam Iwaniuk that breaks out of a Docker container by overwriting the
runc binary of an image which is run in the user context whenever someone
outside the container runs docker exec to make a request of the container.
请执行一个图像,Wordpress
Community contributor Alexandre Zanni sent us a PR that uses native PHP
functions to upload a file as an image attachment to Wo
2 min
Metasploit每周总结
Metasploit简讯
这是CTF周(结束)! Plus, steal files from Apache Tomcat servers thanks to a new Ghostcat exploit, and dump process memory with a new post module that leverages Avast AV's built-in AvDump utility.