Metasploit
@metasploit-r7.bsky.social
Official account of the Metasploit Project, part of the Rapid7 family.
Mastodon: @[email protected]
Slack: http://metasploit.com/slack
Mastodon: @[email protected]
Slack: http://metasploit.com/slack
Metasploit weekly wrap-up: A vulnerability fix with our thanks to longtime contributor bcoles (CVE-2025-3095), plus WonderCMS RCE and an updated LDAP password disclosure module www.rapid7.com/blog/post/20...
Metasploit Wrap-Up 05/02/2025 | Rapid7 Blog
www.rapid7.com
May 2, 2025 at 7:56 PM
Metasploit weekly wrap-up: A vulnerability fix with our thanks to longtime contributor bcoles (CVE-2025-3095), plus WonderCMS RCE and an updated LDAP password disclosure module www.rapid7.com/blog/post/20...
New in #Metasploit this week c/o @n00tmeg.bsky.social: A new msfconsole command to manage PKCS12 certificates stored in the database. Plus, automatic PKCS12-based Kerberos (and Schannel) authentication through PKINIT when no Kerberos ticket is cached. www.rapid7.com/blog/post/20...
Metasploit Wrap-Up 04/25/2025 | Rapid7 Blog
www.rapid7.com
April 28, 2025 at 1:02 AM
New in #Metasploit this week c/o @n00tmeg.bsky.social: A new msfconsole command to manage PKCS12 certificates stored in the database. Plus, automatic PKCS12-based Kerberos (and Schannel) authentication through PKINIT when no Kerberos ticket is cached. www.rapid7.com/blog/post/20...
Reposted by Metasploit
Some neat n-day vulnerability analysis of Citrix NetScaler Console CVE-2024-6235 via Calum Hutton — the vuln allows an unauthenticated attacker to obtain an admin-level session ID from an internal API and use this to create other admin users on the system. attackerkb.com/assessments/...
chutton-r7's assessment of CVE-2024-6235 | AttackerKB
On July 9, 2024, Citrix disclosed CVE-2024-6235, a sensitive information disclosure vulnerability affecting NetScaler Console. While “information disclosure” s…
attackerkb.com
April 22, 2025 at 9:20 PM
Some neat n-day vulnerability analysis of Citrix NetScaler Console CVE-2024-6235 via Calum Hutton — the vuln allows an unauthenticated attacker to obtain an admin-level session ID from an internal API and use this to create other admin users on the system. attackerkb.com/assessments/...
New in #Metasploit this week: An auxiliary auth bypass module for CrushFTP, Oracle Access Manager RCE (CVE-2021-35587), support for the LDAP protocol within RHOSTS, and more #exploits for pgAdmin, Pandora FMS, and Appsmith.
www.rapid7.com/blog/post/20...
www.rapid7.com/blog/post/20...
Metasploit Weekly Wrap-Up 04/11/2025 | Rapid7 Blog
www.rapid7.com
April 11, 2025 at 10:27 PM
New in #Metasploit this week: An auxiliary auth bypass module for CrushFTP, Oracle Access Manager RCE (CVE-2021-35587), support for the LDAP protocol within RHOSTS, and more #exploits for pgAdmin, Pandora FMS, and Appsmith.
www.rapid7.com/blog/post/20...
www.rapid7.com/blog/post/20...
Reposted by Metasploit
We have just published our AttackerKB @rapid7.com Analysis of CVE-2025-22457, an unauthenticated stack based buffer overflow in Ivanti Connect Secure. Difficult to exploit due to severe character restrictions, we detail our full RCE technique here: attackerkb.com/topics/0ybGQ...
CVE-2025-22457 | AttackerKB
On April 3, 2025, Ivanti published an advisory for CVE-2025-22457, an unauthenticated remote code execution vulnerability due to a stack based buffer overflow.…
attackerkb.com
April 10, 2025 at 6:19 PM
We have just published our AttackerKB @rapid7.com Analysis of CVE-2025-22457, an unauthenticated stack based buffer overflow in Ivanti Connect Secure. Difficult to exploit due to severe character restrictions, we detail our full RCE technique here: attackerkb.com/topics/0ybGQ...
This week's #Metasploit release includes a new module for SMB-to-LDAP relaying — a long-in-the-works addition from @n00tmeg.bsky.social and @zerosteiner.bsky.social 🔥See the weekly wrap-up for details!
www.rapid7.com/blog/post/20...
www.rapid7.com/blog/post/20...
Metasploit Wrap-Up 03/21/2025 | Rapid7 Blog
www.rapid7.com
March 21, 2025 at 7:59 PM
This week's #Metasploit release includes a new module for SMB-to-LDAP relaying — a long-in-the-works addition from @n00tmeg.bsky.social and @zerosteiner.bsky.social 🔥See the weekly wrap-up for details!
www.rapid7.com/blog/post/20...
www.rapid7.com/blog/post/20...
We're bad at posting updates regularly, but the March 6 #Metasploit release has some gems, including a SonicWall HTTP login scanner, an aux module to retrieve NAA creds from SCCM servers, and better applicability checks for relay modules www.rapid7.com/blog/post/20...
Metasploit Wrap-Up 03/06/2025 | Rapid7 Blog
This week's Metasploit Wrap Up saw 3 new modules. Learn more about the enhancements, features, and bugs fixed.
www.rapid7.com
March 17, 2025 at 6:37 PM
We're bad at posting updates regularly, but the March 6 #Metasploit release has some gems, including a SonicWall HTTP login scanner, an aux module to retrieve NAA creds from SCCM servers, and better applicability checks for relay modules www.rapid7.com/blog/post/20...
Root cause analysis of Sitecore XM + XP remote code execution CVE-2025-27218 via @rapid7.com's pen testing team attackerkb.com/assessments/...
machang-r7's assessment of CVE-2025-27218 | AttackerKB
On January 6, 2025, Sitecore published a security bulletin, SC2024-002-624693 , for a critical unauthenticated remote code execution (RCE) vulnerability affect…
attackerkb.com
March 5, 2025 at 11:05 PM
Root cause analysis of Sitecore XM + XP remote code execution CVE-2025-27218 via @rapid7.com's pen testing team attackerkb.com/assessments/...
New in #Metasploit this week: RCE exploits for InvokeAI and BeyondTrust + PostgreSQL, OSVDB search functionality in msfconsole, and new support for PPC, MIPS, and ARM architectures in Metasploit's fetch payloads to allow for better targeting of embedded systems 🐚 www.rapid7.com/blog/post/20...
Metasploit Weekly Wrap-Up 02/21/2025 | Rapid7 Blog
www.rapid7.com
February 21, 2025 at 10:09 PM
New in #Metasploit this week: RCE exploits for InvokeAI and BeyondTrust + PostgreSQL, OSVDB search functionality in msfconsole, and new support for PPC, MIPS, and ARM architectures in Metasploit's fetch payloads to allow for better targeting of embedded systems 🐚 www.rapid7.com/blog/post/20...
In this week's #Metasploit release: 2 new exploit modules targeting mySCADA myPRO Manager and NetAlertX, plus a community enhancement to allow users with established shell sessions to deconflict built-in MSF commands and native commands on the target host. www.rapid7.com/blog/post/20...
Metasploit Weekly Wrap-Up 02/14/2025 | Rapid7 Blog
www.rapid7.com
February 15, 2025 at 1:13 AM
In this week's #Metasploit release: 2 new exploit modules targeting mySCADA myPRO Manager and NetAlertX, plus a community enhancement to allow users with established shell sessions to deconflict built-in MSF commands and native commands on the target host. www.rapid7.com/blog/post/20...
Reposted by Metasploit
New Rapid7 vuln disclosure c/o @stephenfewer.bsky.social: CVE-2025-1094 is a SQL injection flaw in PostgreSQL's psql interactive tool that was discovered while analyzing BeyondTrust RS CVE-2024-12356. The bug is interesting — 🧵on its relation to BeyondTrust www.rapid7.com/blog/post/20...
CVE-2025-1094: PostgreSQL psql SQL injection (FIXED) | Rapid7 Blog
www.rapid7.com
February 13, 2025 at 3:25 PM
New Rapid7 vuln disclosure c/o @stephenfewer.bsky.social: CVE-2025-1094 is a SQL injection flaw in PostgreSQL's psql interactive tool that was discovered while analyzing BeyondTrust RS CVE-2024-12356. The bug is interesting — 🧵on its relation to BeyondTrust www.rapid7.com/blog/post/20...
Reposted by Metasploit
Our @metasploit-r7.bsky.social exploit module for unauthenticated RCE against BeyondTrust Privileged Remote Access & Remote Support is now available. The exploit can either leverage CVE-2024-12356 and CVE-2025-1094 together, or solely leverage CVE-2025-1094 for RCE: github.com/rapid7/metas...
Exploit module for BeyondTrust Privileged Remote Access & Remote Support (CVE-2024-12356, CVE-2025-1094) by sfewer-r7 · Pull Request #19877 · rapid7/metasploit-framework
Overview
This pull request adds an unauthenticated RCE exploit module targeting BeyondTrust Privileged Remote Access & Remote Support, leveraging CVE-2024-12356 + CVE-2025-1094.
CVE-2024-12356 ...
github.com
February 13, 2025 at 4:05 PM
Our @metasploit-r7.bsky.social exploit module for unauthenticated RCE against BeyondTrust Privileged Remote Access & Remote Support is now available. The exploit can either leverage CVE-2024-12356 and CVE-2025-1094 together, or solely leverage CVE-2025-1094 for RCE: github.com/rapid7/metas...
Reposted by Metasploit
We are also publishing our AttackerKB Rapid7 analysis for CVE-2024-12356 - Unauth RCE affecting BeyondTrust PRA & RS, which was exploited in the wild last Dec as 0day ...our analysis details leveraging the new PostgreSQL vuln CVE-2025-1094 for RCE! 👀 attackerkb.com/topics/G5s8Z...
attackerkb.com
February 13, 2025 at 4:05 PM
We are also publishing our AttackerKB Rapid7 analysis for CVE-2024-12356 - Unauth RCE affecting BeyondTrust PRA & RS, which was exploited in the wild last Dec as 0day ...our analysis details leveraging the new PostgreSQL vuln CVE-2025-1094 for RCE! 👀 attackerkb.com/topics/G5s8Z...
Reposted by Metasploit
Today Rapid7 has disclosed CVE-2025-1094, a new PostgreSQL SQLi vuln we discovered while researching CVE-2024-12356 in BeyondTrust Remote Support. Untrusted inputs that have been safely character escaped could still generate SQLi under certain conditions: www.rapid7.com/blog/post/20...
CVE-2025-1094: PostgreSQL psql SQL injection (FIXED) | Rapid7 Blog
www.rapid7.com
February 13, 2025 at 4:05 PM
Today Rapid7 has disclosed CVE-2025-1094, a new PostgreSQL SQLi vuln we discovered while researching CVE-2024-12356 in BeyondTrust Remote Support. Untrusted inputs that have been safely character escaped could still generate SQLi under certain conditions: www.rapid7.com/blog/post/20...
#Metasploit weekly wrap-up: ESC4 now supported in the ldap_esc_vulnerable_cert_finder module 🎉Plus, lots of bug fixes and usability improvements, including for LDAP and SMB login scanners, the LDAP query module, PetitPotam, and more. www.rapid7.com/blog/post/20...
Metasploit Weekly Wrap-Up 01/31/25 | Rapid7 Blog
www.rapid7.com
February 3, 2025 at 9:11 AM
#Metasploit weekly wrap-up: ESC4 now supported in the ldap_esc_vulnerable_cert_finder module 🎉Plus, lots of bug fixes and usability improvements, including for LDAP and SMB login scanners, the LDAP query module, PetitPotam, and more. www.rapid7.com/blog/post/20...
Reposted by Metasploit
A little bird told me that @metasploit-r7.bsky.social is working on a persistence mechanism based on @burpsuite.bsky.social extensions 👀
github.com/rapid7/metas...
github.com/rapid7/metas...
Burp extension persistence by h00die · Pull Request #19821 · rapid7/metasploit-framework
This PR creates a new persistence mechanism via Burp extension. Install the extension in burp and it gives you back a shell every burp start. Tested against windows and linux targets. You can eithe...
github.com
January 23, 2025 at 11:05 AM
A little bird told me that @metasploit-r7.bsky.social is working on a persistence mechanism based on @burpsuite.bsky.social extensions 👀
github.com/rapid7/metas...
github.com/rapid7/metas...
Latest #Metasploit wrap-up has authenticated RCE in LibreNMS plus improvements to the icpr_cert module and some bug fixes. www.rapid7.com/blog/post/20...
Metasploit Weekly Wrap-Up: 01/24/2025 | Rapid7 Blog
This week the Metasploit Framework was blessed with an authenticated RCE module in LibreNMS, an autodiscovering PHP / MySQL-based network monitoring system.
www.rapid7.com
January 28, 2025 at 5:17 PM
Latest #Metasploit wrap-up has authenticated RCE in LibreNMS plus improvements to the icpr_cert module and some bug fixes. www.rapid7.com/blog/post/20...
First #Metasploit wrap-up of 2025 has 5 new modules, ARM stager improvements, and bug fixes/doc updates. www.rapid7.com/blog/post/20...
Metasploit Wrap-Up: 1/10/2025 | Rapid7 Blog
This Metasploit Weekly saw 4 new module contents. Adds a module for CVE-2023-2640 & CVE-2023-32629, among others. Learn more!
www.rapid7.com
January 13, 2025 at 2:11 PM
First #Metasploit wrap-up of 2025 has 5 new modules, ARM stager improvements, and bug fixes/doc updates. www.rapid7.com/blog/post/20...
Reposted by Metasploit
We now have a @metasploit-r7.bsky.social RCE exploit module in the pull queue for CVE-2024-55956 - an unauthenticated file write vulnerability affecting Cleo LexiCom, VLTrader, and Harmony which was exploited in the wild last month as 0day: github.com/rapid7/metas...
January 7, 2025 at 8:55 PM
We now have a @metasploit-r7.bsky.social RCE exploit module in the pull queue for CVE-2024-55956 - an unauthenticated file write vulnerability affecting Cleo LexiCom, VLTrader, and Harmony which was exploited in the wild last month as 0day: github.com/rapid7/metas...
Belated #Metasploit wrap-up: Last week's release dished out 4 new modules, significantly better performance for database module caching, and a fix that allows customization of the User-Agent HTTP header when using Meterpreter HTTP[S] x64 payloads. Happy festive season! www.rapid7.com/blog/post/20...
Metasploit Weekly Wrap-Up 12/20/2024 | Rapid7 Blog
www.rapid7.com
December 26, 2024 at 2:49 PM
Belated #Metasploit wrap-up: Last week's release dished out 4 new modules, significantly better performance for database module caching, and a fix that allows customization of the User-Agent HTTP header when using Meterpreter HTTP[S] x64 payloads. Happy festive season! www.rapid7.com/blog/post/20...
Reposted by Metasploit
Rapid7 analysis of Apache #Struts 2 CVE-2024-53677 here via research lead Ryan Emmons — highlights:
* No, this isn't really being successfully exploited in the wild
* Payloads need to be customized to the target
* The 'fixed' version *does not* remediate the vuln
attackerkb.com/assessments/...
* No, this isn't really being successfully exploited in the wild
* Payloads need to be customized to the target
* The 'fixed' version *does not* remediate the vuln
attackerkb.com/assessments/...
remmons-r7's assessment of CVE-2024-53677 | AttackerKB
CVE-2024-53677 is a flawed upload logic vulnerability in Apache Struts 2. The vulnerability permits an attacker to override internal file upload variables in a…
attackerkb.com
December 18, 2024 at 8:48 PM
Rapid7 analysis of Apache #Struts 2 CVE-2024-53677 here via research lead Ryan Emmons — highlights:
* No, this isn't really being successfully exploited in the wild
* Payloads need to be customized to the target
* The 'fixed' version *does not* remediate the vuln
attackerkb.com/assessments/...
* No, this isn't really being successfully exploited in the wild
* Payloads need to be customized to the target
* The 'fixed' version *does not* remediate the vuln
attackerkb.com/assessments/...
It's raining RCEs in this week's #Metasploit wrap-up 🌧️
7 new modules to help you get RCE on Primefaces, Moodle, WordPress Really Simple SSL, and CyberPanel, as well as change passwords via the LDAP and SMB protocols. www.rapid7.com/blog/post/20...
7 new modules to help you get RCE on Primefaces, Moodle, WordPress Really Simple SSL, and CyberPanel, as well as change passwords via the LDAP and SMB protocols. www.rapid7.com/blog/post/20...
Metasploit Weekly Wrap-Up: 12/13/2024 | Rapid7 Blog
This weekly release includes RCEs for Moodle e-Learning platform, Primefaces, WordPress Really Simple SSL & CyberPanel along with two other modules.
www.rapid7.com
December 13, 2024 at 10:15 PM
It's raining RCEs in this week's #Metasploit wrap-up 🌧️
7 new modules to help you get RCE on Primefaces, Moodle, WordPress Really Simple SSL, and CyberPanel, as well as change passwords via the LDAP and SMB protocols. www.rapid7.com/blog/post/20...
7 new modules to help you get RCE on Primefaces, Moodle, WordPress Really Simple SSL, and CyberPanel, as well as change passwords via the LDAP and SMB protocols. www.rapid7.com/blog/post/20...
Big Metasploit release this week: 9 new modules to help you get RCE on Ivanti Connect Secure, VMware vCenter Server, Asterisk, Fortinet FortiManager and Acronis Cyber Protect. Plus, a WordPress account takeover, a Windows LPE, and an X11 keylogger module 💅 www.rapid7.com/blog/post/20...
Metasploit Weekly Wrap-Up 12/06/2024 | Rapid7 Blog
www.rapid7.com
December 6, 2024 at 9:06 PM
Big Metasploit release this week: 9 new modules to help you get RCE on Ivanti Connect Secure, VMware vCenter Server, Asterisk, Fortinet FortiManager and Acronis Cyber Protect. Plus, a WordPress account takeover, a Windows LPE, and an X11 keylogger module 💅 www.rapid7.com/blog/post/20...
New vuln disclosure blog, technical whitepaper, and public exploit from @stephenfewer.bsky.social on 5 CVEs he discovered and chained to get unauthenticated RCE on Lorex 2K Indoor Wi-Fi security cameras: www.rapid7.com/blog/post/20...
Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulns (FIXED) | Rapid7 Blog
The Lorex 2K Indoor Wi-Fi Security Camera is a cloud-based video camera for consumers. This device was a target at the 2024 Pwn2Own IoT competition.
www.rapid7.com
December 4, 2024 at 4:40 PM
New vuln disclosure blog, technical whitepaper, and public exploit from @stephenfewer.bsky.social on 5 CVEs he discovered and chained to get unauthenticated RCE on Lorex 2K Indoor Wi-Fi security cameras: www.rapid7.com/blog/post/20...
Reposted by Metasploit
My favourite class I teach is this 2hr intro to Metasploit why? Seeing the reactions the students have to popping a shell is 😙👌 they’re so happy and in shock with themselves it just warms my heart
November 22, 2024 at 9:18 AM
My favourite class I teach is this 2hr intro to Metasploit why? Seeing the reactions the students have to popping a shell is 😙👌 they’re so happy and in shock with themselves it just warms my heart