
3 min Metasploit


LDAP认证改进 本周,在Metasploit v6中.4.9, the team has added multiple improvements for LDAP相关攻击. Two improvements relating to authentication is the new 支持签名[http://github.com/rapid7/metasploit-framework/pull/19127] 和通道绑定[http://github].com/rapid7/metasploit-framework/pull/19132]. 微软一直在做出改变 [http://support.microsoft.com/en-gb/topic/2020-2023-and-2024-ldap-channel-binding-and-ldap-signing-requirements-for

2 min Metasploit


密码喷洒支持 Multiple bruteforce/login scanner modules have been updated to support a PASSWORD_SPRAY模块选项. This work was completed in pull request #19079 [http://github.com/rapid7/metasploit-framework/pull/19079] from nrathaus [http://github.com/nrathaus] as well as an additional update from our 开发人员[http://github.com/rapid7/metasploit-framework/pull/19158] . When the password spraying option is set, the order of attempted users and password 尝试改变了

2 min Metasploit


内联转储秘密 This week, our very own cdelafuente-r7 [http://github.com/cdelafuente-r7]添加 a significant improvement to the well-known Windows Secrets Dump module [http://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/windows_secrets_dump.rb] to reduce the footprint when dumping SAM hashes, LSA secrets and cached credentials. The module is now directly reading the Windows Registry remotely without having to dump the full registry keys to disk and parse th

4 min Metasploit


Rancher Modules This week, Metasploit community member h00die [http://github.com/h00die]添加 the second of two modules targeting Rancher instances. 这些模块每个泄漏 sensitive information from vulnerable instances of the application which is 用于管理Kubernetes集群. 这些都是一个伟大的补充 Metasploit’s coverage for testing Kubernetes environments [http://docs.metasploit.com/docs/pentesting/metasploit-guide-kubernetes.html]. PAN-OS RCE Metasploit也发布了一份电子邮件

2 min Events

Take Command Summit: Take Breaches from Inevitable to Preventable on May 21

Registration is now open for Take Command, a day-long virtual summit in partnership with AWS. 你将获得新的攻击情报, 对人工智能颠覆的洞察, 透明的耐多药耐药性伙伴关系, and more.

2 min Metasploit


欢迎Ryan和新的CrushFTP模块 It's not every week we add an awesome new exploit module to the Framework while adding the original discoverer of the vulnerability to the Rapid7 team as well. We're very excited to welcome Ryan Emmons to the 紧急威胁响应 team, which works alongside Metasploit here at Rapid7. 瑞安发现了一个不合适的 Controlled Modification of Dynamically-Determined Object Attributes vulnerability in CrushFTP (CVE-2023-43177) versions prior to 10.5.1 whic

3 min Metasploit


使用影子凭证接管帐户 The new release of Metasploit Framework includes a Shadow Credentials module 由smashery [http://github]添加.com/rapid7/metasploit-framework/pull/19051] used for reliably taking over an Active Directory user account or computer, and letting future authentication to happen as that account. 这可以被链接起来 with other modules present in Metasploit Framework such as windows_secrets_dump. Details The module targets a ‘victim’ account that is part of a

3 min Metasploit


新增ESC4 AD CS模板 Metasploit增加了功能 [http://docs.metasploit.com/docs/pentesting/active-directory/ad-certificates/attacking-ad-cs-esc-vulnerabilities.html] for exploiting the ESC family of flaws in AD CS in Metasploit 6.3. The ESC4 technique in particular has been supported for some time now thanks to the ad_cs_cert_templates module which enables users to read and write certificate 模板对象. This facilitates the exploitation of ESC4 which is a 错误配置在

3 min Metasploit


Metasploit adds three new exploit modules including an RCE for SharePoint.

12 min Metasploit

Metasploit框架.4 Released

Today, Metasploit is pleased to announce the release of Metasploit Framework 6.4. It has been just over a year since the release of version 6.3 [http://hl6.jiechengstone.net/blog/post/2023/01/30/metasploit-framework-6-3-released/] and the team has added many new features and improvements since then. For news reporters, please reach out to press@jiechengstone.net. Kerberos的改进 Metasploit 6.3 included initial support for Kerberos authentication within Metasploit and was one of the larger features i

2 min Metasploit


新增模块内容(1) OpenNMS Horizon认证RCE 作者:埃里克·温特 Type: Exploit 拉取请求:#18618 [http://github ..com/rapid7/metasploit-framework/pull/18618] erikynter [http://github]贡献.com/ErikWynter] Path: linux/http/opennms_horizon_authenticated_rce 攻击者kb参考:CVE-2023-0872 [http://attackerkb.com/search?q=CVE-2023-0872?referrer=blog] Description: This module exploits built-in functionality in OpenNMS Horizon in 命令执行任意命令,如t

2 min Metasploit


新增模块内容(3) GitLab密码重置帐户接管 作者:asterion04和h00die Type: Auxiliary 拉取请求:#18716 [http://github ..com/rapid7/metasploit-framework/pull/18716] h00die [http://github]贡献.com/h00die] Path: admin/http/gitlab_password_reset_account_takeover 攻击者kb参考:CVE-2023-7028 [http://attackerkb.com/search?q=CVE-2023-7028?referrer=blog] Description: This adds an exploit module that leverages an account-take-over 要控制脆弱

3 min Metasploit


新增模块内容(2) GitLab标签RSS订阅邮件披露 作者:erruquill和n00bhaxor Type: Auxiliary 拉取请求:#18821 [http://github ..com/rapid7/metasploit-framework/pull/18821] 由n00bhaxor [http://github]贡献.com/n00bhaxor] Path: gather/gitlab_tags_rss_feed_email_disclosure 攻击者kb参考:CVE-2023-5612 [http://attackerkb.com/search?q=CVE-2023-5612?referrer=blog] Description: This adds an auxiliary module that leverages an information 披露漏洞

2 min Metasploit


Metasploit adds an RCE exploit for ConnectWise ScreenConnect and new documentation for exploiting ESC13.

4 min Metasploit


LDAP捕获模块 Metasploit now has an LDAP capture module thanks to the work of JustAnda7 [http://github.com/JustAnda7]. 这项工作是作为…的一部分完成的 谷歌代码之夏项目. When the module runs it will by default require privileges to listen on port 389. The module implements a default implementation for BindRequest, SearchRequest, UnbindRequest, and will capture both plaintext credentials and 可以强制脱机的NTLM哈希值. 收到成功的Bin