标签为Metasploit每周总结的帖子

4 min Metasploit

Metasploit每周总结

这种特权升级迅速升级 This release features a module leveraging CVE-2023-22515 [http://ingrahamhs.757be.com/blog/post/2023/10/04/etr-cve-2023-22515-zero-day-privilege-escalation-in-confluence-server-and-data-center/] , a vulnerability in Atlassian’s on-premises Confluence Server first listed as a privilege escalation, but quickly recategorized as a “broken access control” 与10的CVSS分数. The exploit itself is very simple and easy to use so 当

3 min Metasploit

Metasploit每周总结

基巴纳的污染 本周,贡献者h00die [http://github].[h00die]增加了一个模块 leverages a prototype pollution bug in Kibana prior to version 7.6.3. Particularly, this issue is within the Upgrade Assistant and enables an attacker 执行任意代码. This vulnerability can be triggered by sending a 设置新构造函数的查询.prototype.sourceURL直接到Elastic或 通过使用Kibana提交相同的查询. 注意,Kibana需要这样做 重新启动或等待c

2 min Metasploit

Metasploit每周总结

新增模块内容(3) LDAP登录扫描器 作者:迪恩·韦尔奇 Type: Auxiliary 拉取请求:#18197 [http://github ..com/rapid7/metasploit-framework/pull/18197] 由dwelch-r7 [http://github]贡献.com/dwelch-r7] 路径:扫描仪/ ldap / ldap_login Description: This PR adds a new login scanner module for LDAP. Login scanners are the classes that provide functionality for testing authentication against 各种不同的协议和机制. 此LDAP登录扫描程序支持 多种类型的aut

3 min Metasploit

Metasploit每周总结

TeamCity authentication bypass and remote code execution This week’s Metasploit release includes a new module for a critical authentication bypass in JetBrains TeamCity CI/CD Server. All versions of 2023版本之前的TeamCity.05.4个国家容易受到这个问题的影响. The vulnerability was originally discovered by SonarSource, and the Metasploit module was developed by Rapid7’s Principal Security Researcher Stephen Fewer who additionally published a technical analysis on AttackerKB for CVE-2023-4279

4 min Metasploit

Metasploit每周总结

改进机票锻造 Metasploit’s admin/kerberos/forge_ticket module has been updated to work with Server 2022. In Windows Server 2022, Microsoft started requiring additional new PAC elements to be present - the PAC requestor and PAC attributes. The newly forged tickets will have the necessary elements added automatically based on the user提供域SID和用户RID. For example: msf6 auxiliary(admin/kerberos/forge_ticket) > run aes_key=4a52b73cf37ba06cf693c40f352e2f4d2002ef61f6031f649

4 min Metasploit

Metasploit每周总结

Flask Cookies This week includes two modules related to Flask cookie signatures. One is specific to Apache Superset where session cookies can be resigned, allowing an attacker to elevate their privileges and dump the database connection strings. While adding this functionality, community member h00die [http://github.com/h00die] also added a module for generically working with the Flask使用的默认会话cookie. 这个通用模块 辅助/收集/ python_flask_cookie_signer [http://git

2 min Metasploit

Metasploit每周总结

新增模块内容(4) Roundcube TimeZone Authenticated File Disclosure 作者:joel, stonepresto和thomascube Type: Auxiliary 拉取请求:#18286 [http://github ..com/rapid7/metasploit-framework/pull/18286] 由cudalac [http://github]贡献.com/cudalac] 路径:辅助/收集/ roundcube_auth_file_read 攻击者kb参考:CVE-2017-16651 [http://attackerkb.com/topics/he57fr8fb4/cve - 2017 - 16651?referrer=blog] Description: This PR adds a module to retrieve an arbitrary file on hosts run

2 min Metasploit

Metasploit每周总结

南瓜香料模块 Here in the northern hemisphere, fall is on the way: leaves changing, the air growing crisp and cool, and some hackers changing the flavor of their caffeine. This release features a new exploit module targeting Apache NiFi as well as a 新的和改进的库与它交互. 新增模块内容(1) Apache NiFi H2 Connection String Remote Code Execution 作者:Matei“Mal”Badanoiu和h00die Type: Exploit 拉取请求:#18257 [http://github ..com/rapid7/metasploit-fra

3 min Metasploit

Metasploit每周总结

权力(壳)点 This week’s new features and improvements start with two new exploit modules 利用cve - 2023 - 34960 [http://attackerkb.com/topics/vvjpmespup/cve - 2023 - 34960?引用博客]Chamilo = versions 1.11.18及以下和CVE-2023-26469 [http://attackerkb.com/topics/rt7g6vyw1l/cve - 2023 - 26469?介绍人=博客] Jorani 1.0.0. 像cve - 2023 - 34960 [http://attackerkb.com/topics/vvjpmespup/cve - 2023 - 34960?,我也是。 有时我觉得自己被ppt攻击了. 我们也有几个进口商

2 min Metasploit

Metasploit每周总结

Meterpreter测试 This week’s release adds new payload tests to our automated test suite. This is intended to help the team and community members identify issues and behavior 变更前的差异. 有效载荷运行在各种不同的 platforms including Windows, Linux, and OS X each of which has multiple Meterpreter implementations available that are now tested to help ensure consistency. This should improve payload stability and make testing easier for 社区成员

2 min Metasploit

Metasploit每周总结

一个新的元数据库RCE模块, updates to the citrix_formssso_target_rce module for CVE-2023-3519 to include two new targets, Citrix ADC (NetScaler.1-65.25, and 12.1-64.17, and more

4 min Metasploit

Metasploit每周总结

用这个新的云漏洞在天空中飞行! This week, a new module was added that takes advantage of both authentication bypass and command injection in certain versions of Western Digital's MyCloud hardware. 由社区成员Erik Wynter提交 [http://github.com/ErikWynter], this module gains access to the target, attempts to bypass authentication, verifies whether that was successful, then 使用根权限执行负载. 这适用于之前的版本 2.30.196, and offer

3 min Metasploit

Metasploit每周总结

VMware产品中未经认证的RCE This week, community contributor h00die [http://github.[h00die]添加了一个 exploit module that leverages a command injection vulnerability in VMWare Aria Operations for Networks, formerly known as vRealize Network Insight. Versions 6.2 to 6.10个漏洞(CVE-2023-20887) [http://attackerkb.com/topics/gxz1cuyfh2/cve - 2023 - 20887?referrer=blog]). A remote attacker could abuse the Apache Thrift RPC interface by sending specially 精心制作的数据,并得到解锁

2 min Metasploit

Metasploit每周总结

This week's weekly wrapup includes two new Metasploit modules - Piwigo Gather Credentials via SQL Injection ( CVE-2023-26876 ) and Openfire authentication bypass with RCE plugin (CVE-2023-32315)

2 min Metasploit

Metasploit每周总结

Authentication bypass in Wordpress插件 WooCommerce Payments This week's Metasploit release includes a module for CVE-2023-28121 by h00die [http://github.com/h00die]. 这个模块可以用于任何wordpress instance that uses WooCommerce payments < 5.6.1. 这个模块利用了一个授权 by-pass vulnerability in the WooCommerce WordPress plugin. 你可以简单地加上a header to execute the bypass and use the API to create a new admin user in Wordpress. 新增模块内容(3) Wordpress插件