4分钟
Metasploit
Metasploit Weekly Wrap-Up 08/30/2024
A New Way to Encode PHP Payloads
A new PHP encoder has been released by a community contributor, jvoisin
[http://github.com/jvoisin], allowing a PHP payload to be encoded as an
ASCII-Hex字符串. This can then be decoded on the receiver to prevent issues
with unescaped or bad characters.
射线的漏洞
This release of Metasploit Framework also features 3 new modules to target
雷.io, which is a framework for distributing AI-related workloads across
multiple machines, which makes it an exce
3分钟
Metasploit
Metasploit Weekly Wrap-Up 06/21/2024
Argument Injection for PHP on Windows
This week includes modules that target file traversal 和 arbitrary file read
vulnerabilities for software such as Apache, SolarWinds 和 Check Point, with
the highlight being a module for the recent PHP vulnerability submitted by
sfewer-r7 [http://github.com/sfewer-r7]. This module exploits an argument
injection vulnerability, resulting in remote code execution 和 a Meterpreter
shell running in the context of the Administrator user.
Note, that this attac
3分钟
Metasploit
Metasploit Weekly Wrap-Up 04/12/24
Account Takeover using Shadow Credentials
The new release of Metasploit Framework includes a Shadow Credentials module
added by smashery [http://github.com/rapid7/metasploit-framework/pull/19051]
used for reliably taking over an Active 导演y user account or computer, 和
letting future authentication to happen as that account. 这可以被链接起来
with other modules present in Metasploit Framework such as windows_secrets_dump.
Details
The module targets a ‘victim’ account that is part of a
2分钟
Metasploit
Metasploit Weekly Wrap-Up 02/02/2024
Shared RubySMB Service Improvements
This week’s updates include improvements to
[http://github.com/rapid7/metasploit-framework/pull/18680] Metasploit
Framework’s SMB server implementation: the SMB server can now be reused across
various SMB modules, which are now able to register their own unique shares 和
文件. SMB modules can also now be executed concurrently. 目前,有
15 SMB modules in Metasploit Framework that utilize this feature.
New module content (2)
欢乐连接沙漠
3分钟
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 4/8/22
五个新模块 targeting Windows, Linux, macOS, 和 more. +, updates to the Log4Shell scanner 和 a new Windows Meterpreter option to enable additional logging visible in DbgView
3分钟
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: 1/14/22
五个新模块, including exploits for Log4Shell 和 SonicWall SMA 100 series devices, plus a new Meterpreter comm和 that allows users to kill all channels at once.
2分钟
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 10/8/21
New modules for vCenter Server 和 Linux Netfilter, plus fixes 和 enhancements.