Posts by Christopher Granleese

2 min Metasploit

Metasploit每周总结- 2024年9月20日

New module content (3) update-motd.d Persistence Author: Julien Voisin Type: Exploit 拉取请求:#19454 [http://github ..com/rapid7/metasploit-framework/pull/19454] 由jvoisin [http://github]贡献.com/jvoisin] Path: linux/local/motd_persistence 描述:它添加了一个post模块来在Linux目标上保持持久性 writing a motd [http://manpages.ubuntu.com/manpages/trusty/man5/update-motd.5.html] bash 每次用户登录到系统时使用root权限触发的脚本

2 min Metasploit

Metasploit周报08/16/2024

New module content (3) Apache HugeGraph Gremlin RCE Authors: 6right and jheysel-r7 Type: Exploit 拉取请求:#19348 [http://github ..com/rapid7/metasploit-framework/pull/19348] 由jheysel-r7 [http://github]贡献.com/jheysel-r7] 路径:linux / http / apache_hugegraph_gremlin_rce 攻击者kb参考:CVE-2024-27348 [http://attackerkb.com/search?q=CVE-2024-27348&referrer=blog] 描述:增加了一个针对GHSA-29rc-vq7f-x335的Apache HugeGraph服务器漏洞 [http://github.com/advisories/GHSA-29r

2 min Metasploit

Metasploit Wrap-Up 05/10/2024

Password Spraying support 多个暴力破解/登录扫描模块已经更新,以支持 PASSWORD_SPRAY module option. 这项工作在pull request #19079中完成 [http://github.从nrathaus [http://github.com . nrathaus]以及我们的 developers [http://github.com/rapid7/metasploit-framework/pull/19158] . When 设置密码喷洒选项,尝试用户和密码的顺序 attempts are changed

2 min Metasploit

Metasploit周报01/12/24

New module content (1) Windows收集microtik Winbox“保留密码”凭据提取器 Author: Pasquale 'sid' Fiorillo Type: Post 拉取请求:#18604 [http://github ..com/rapid7/metasploit-framework/pull/18604] siddolo [http://github]贡献.com/siddolo] 路径:windows /收集/凭证/ winbox_settings 描述:这个pull请求引入了一个新的post模块来提取 microtik Winbox凭据,这些凭据保存在设置中.cfg.viw file when the "Keep Password" option

1 min Metasploit

Metasploit Wrap-Up: Nov. 23, 2023

Metasploit 6.3.发布了稳定性改进和模块修复

2 min Metasploit

Metasploit Weekly Wrap-Up: Oct. 27, 2023

New module content (4) Atlassian Confluence数据中心和服务器身份验证绕过 Access Control Authors: Emir Polat and Unknown Type: Auxiliary 拉取请求:#18447 [http://github ..com/rapid7/metasploit-framework/pull/18447] 由emirpolatt [http://github]贡献.com/emirpolatt] 路径:admin / http / atlassian_confluence_auth_bypass 攻击者kb参考:CVE-2023-22515 [http://attackerkb.com/topics/q5f0itszw5/cve - 2023 - 22515?referrer=blog] 描述:这增加了一个漏洞

2 min Metasploit

Metasploit Weekly Wrap-Up: Sep. 8, 2023

New module content (4) Roundcube TimeZone认证文件披露 作者:joel, stonepresto和thomascube Type: Auxiliary 拉取请求:#18286 [http://github ..com/rapid7/metasploit-framework/pull/18286] 由cudalac [http://github]贡献.com/cudalac] 路径:辅助/收集/ roundcube_auth_file_read 攻击者kb参考:CVE-2017-16651 [http://attackerkb.com/topics/he57fr8fb4/cve - 2017 - 16651?referrer=blog] 描述:这个PR添加了一个模块来检索主机上的任意文件 run

2 min Metasploit

Metasploit Weekly Wrap-Up: Aug. 11, 2023

A new Metabase RCE module, 针对CVE-2023-3519的citrix_formssso_target_rce模块更新,以包含两个新目标, Citrix ADC (NetScaler) 12.1-65.25, and 12.1-64.17, and more

2 min Metasploit

Metasploit Weekly Wrap-Up: 6/2/23

增加了对活动目录证书服务ESC4利用的支持, 以及一个新的sudoedit额外参数权限升级模块

2 min Metasploit

Metasploit每周总结:1/13/23

New module content (2) Gather Dbeaver Passwords Author: Kali-Team Type: Post 拉取请求:#17337 [http://github ..com/rapid7/metasploit-framework/pull/17337] cn-kali-team [http://github]贡献.com/cn-kali-team] 描述:这增加了一个获取Dbeaver会话数据的post exploit模块 from local configuration files. 它能够提取和解密凭证 存储在这些文件中,适用于安装在Windows或Windows上的任何版本的Dbeaver Linux/Unix systems. Gather MinIO Client Key A

2 min Metasploit

Metasploit每周总结:11/15/22

2个针对F5设备的新模块,DuckyScript支持,bug修复等等

4 min Metasploit

Metasploit Weekly Wrap-Up: 9/2/22

ICPR Certificate Management 本周Metasploit有一个新的ICPR证书管理模块来自Oliver Lyak [http://github.com/ly4k]和我们的Spencer McIntyre [http://github.com/zeroSteiner],可用于颁发证书 通过Active Directory证书服务. It has the capability to issue 证书,它在一些上下文中很有用,包括持久化、ESC1 [http://posts.specterops.Io /certified-pre-owned-d95910965cd2] primitive necessary for exp

2 min Metasploit

Metasploit Wrap-Up: Jul. 9, 2021

A new module for CVE-2021-34527, dubbed PrintNightmare, 以及用于nsclien++的本地权限升级模块

5 min Metasploit

Metasploit Wrap-Up: 3/26/21

新的Exchange ProxyLogon模块,VMWare View Planner RCE, Advantech iView RCE等!

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 10/30/20

支持收集已保存PuTTY会话的ProxyUsername和ProxyPassword, PsExec模块的可用性改进, and another CTF coming soon.