2 min
Metasploit
Metasploit Weekly Wrap-Up: 02/28/2025
New module content (5)
mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)
Author: Michael Heinzl
Type: Auxiliary
Pull request: #19878 [http://github.com/rapid7/metasploit-framework/pull/19878]
contributed by h4x-x0r [http://github.com/h4x-x0r]
Path: admin/scada/mypro_mgr_creds
AttackerKB reference: CVE-2025-22896
[http://attackerkb.com/search?q=CVE-2025-22896&referrer=blog]
Description: This module adds credential harvesting for MySCADA MyPro Manager
using CVE-20
2 min
Metasploit
Metasploit Weekly Wrap-Up 02/21/2025
BeyondTrust exploit + fetch payload updates
This Metasploit release includes an exploit module that chains two
vulnerabilities, one exploited in the wild by APT groups and another one, a
0-day discovered by Rapid7
[http://attackerkb.com/topics/vC7mUlftWA/cve-2025-1094?referrer=search] during
the vulnerability analysis. This week's release also includes a significant
enhancement to Metasploit's fetch payloads, which now support PPC, MIPS and ARM
architectures. This allows the payloads to be use
2 min
Metasploit
Metasploit Weekly Wrap-Up 02/14/2025
New module content (2)
Unauthenticated RCE in NetAlertX
Authors: Chebuya (Rhino Security Labs) and Takahiro Yokoyama
Type: Exploit
Pull request: #19868 [http://github.com/rapid7/metasploit-framework/pull/19868]
contributed by Takahiro-Yoko [http://github.com/Takahiro-Yoko]
Path: linux/http/netalertx_rce_cve_2024_46506
AttackerKB reference: CVE-2024-46506
[http://attackerkb.com/search?q=CVE-2024-46506&referrer=blog]
Description: A new module for an unauthenticated remote code execution bug i
3 min
Metasploit
Metasploit Weekly Wrap-Up 02/07/2025
Gathering data and improving workflows
This week's release includes 2 new auxiliary modules targeting Argus
Surveillance DVR and Ivanti Connect Secure. The former, contributed by Maxwell
Francis, and based on the work of John Page, can be used to retrieve arbitrary
files on the target's filesystem by exploiting an unauthenticated directory
traversal vulnerability. The latter, brought by our very own Martin Šutovský
[http://github.com/msutovsky-r7], is a HTTP login scanner for Ivanti Connect
Sec
3 min
Metasploit
Metasploit Weekly Wrap-Up 01/31/25
ESC4 Detection
This week, Metasploit’s jheysel-r7 [http://github.com/jheysel-r7] updated the
existing ldap_esc_vulnerable_cert_finder module to include detecting template
objects that can be written to by the authenticated user. This means the module
can now identify instances of ESC4 from the perspective of the account that the
Metasploit operator provided the credentials for. Metasploit has been capable of
exploiting ESC4 for some time, but required users to know which certificate
templates t
2 min
Metasploit
Metasploit Weekly Wrap-Up 01/24/2025
LibreNMS Authenticated RCE module and ESC15 improvements
This week the Metasploit Framework was blessed with an authenticated RCE module
in LibreNMS, an autodiscovering PHP/MySQL-based network monitoring system. An
authenticated attacker can create dangerous directory names on the system and
alter sensitive configuration parameters through the web portal. These two
defects combined to allow arbitrary OS commands inside shell_exec() calls, thus
achieving arbitrary code execution.
Additionally, i
2 min
Metasploit
Metasploit Wrap-Up 01/17/2025
Three new Metasploit exploit modules released, including a module targeting Cleo File Transfer Software (CVE-2024-55956)
3 min
Metasploit
Metasploit Wrap-Up 01/10/2025
New module content (5)
OneDev Unauthenticated Arbitrary File Read
Authors: Siebene and vultza
Type: Auxiliary
Pull request: #19614 [http://github.com/rapid7/metasploit-framework/pull/19614]
contributed by vultza [http://github.com/vultza]
Path: gather/onedev_arbitrary_file_read
AttackerKB reference: CVE-2024-45309
[http://attackerkb.com/search?q=CVE-2024-45309&referrer=blog]
Description: This adds an exploit module for an unauthenticated arbitrary file
read vulnerability, tracked as CVE-202
11 min
Metasploit
Metasploit 2024 Annual Wrap-Up
Another year has come and gone, and the Metasploit team has taken some time to
review the year’s notable additions. This year saw some great new features
added, Metasploit 6.4 released
[http://3p2s.51rkb.com/blog/post/2024/03/25/metasploit-framework-6-4-released/]
and a slew of new modules. We’re grateful to the community members new and old
that have submitted modules and issues this year. The real privilege escalation
was the privilege of working with the contributors and friends we made alo
2 min
Metasploit
Metasploit Weekly Wrap-Up 12/20/2024
New module content (4)
GameOver(lay) Privilege Escalation and Container Escape
Authors: bwatters-r7, g1vi, gardnerapp, and h00die
Type: Exploit
Pull request: #19460 [http://github.com/rapid7/metasploit-framework/pull/19460]
contributed by gardnerapp [http://github.com/gardnerapp]
Path: linux/local/gameoverlay_privesc
AttackerKB reference: CVE-2023-2640
[http://attackerkb.com/search?q=CVE-2023-2640&referrer=blog]
Description: Adds a module for CVE-2023-2640 and CVE-2023-32629, a local
privil
4 min
Metasploit
Metasploit Weekly Wrap-Up 12/13/2024
It’s raining RCEs!
It's the second week of December and the weather forecast announced another
storm of RCEs in Metasploit-Framework land. This weekly release includes RCEs
for Moodle e-Learning platform, Primefaces, WordPress Really Simple SSL and
CyberPanel along with two modules to change password through LDAP and SMB
protocol.
New module content (7)
Change Password
Author: smashery
Type: Auxiliary
Pull request: #19671 [http://github.com/rapid7/metasploit-framework/pull/19671]
contributed
4 min
Metasploit
Metasploit Weekly Wrap-Up 12/06/2024
Post-Thanksgiving Big Release
This week's release is an impressive one. It adds 9 new modules, which will get
you remote code execution on products such as Ivanti Connect Secure, VMware
vCenter Server, Asterisk, Fortinet FortiManager and Acronis Cyber Protect. It
also includes an account takeover on Wordpress, a local privilege escalation on
Windows and a X11 keylogger module. Finally, this release improves the
fingerprinting logic for the TeamCity login module and adds instructions about
the in
2 min
Metasploit
Metasploit Weekly Wrap-Up 11/29/2024
Four new Metasploit modules released, including CUPS IPP Attributes LAN Remote Code Execution CVE-2024-47176
3 min
Metasploit
Metasploit Weekly Wrap-Up 11/22/2024
JetBrains TeamCity Login Scanner
Metasploit added a login scanner for the TeamCity application to enable users to
check for weak credentials. TeamCity has been the subject of multiple ETR
vulnerabilities
[http://3p2s.51rkb.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/]
and is a valuable target for attackers.
Targeted DCSync added to Windows Secrets Dump
This week, Metasploit community member smashery [ht
2 min
Metasploit
Metasploit Weekly Wrap-Up: 11/15/2024
Palo Alto Expedition RCE module
This week's release includes an exploit module for the Palo Alto Expedition
exploit chain that's been making headlines recently. The first vulnerability,
CVE-2024-5910, allows attackers to reset the password of the admin user. The
second vulnerability, CVE-2024-9464 is an authenticated OS command injection.
The module makes use of both vulnerabilities in order to obtain unauthenticated
RCE in the context of the user www-data.
New module content (1)
Palo Alto Expe