The Rapid7 Metasploit development team discusses (and demonstrates!) ongoing Metasploit work and features during their bimonthly sprint meeting, including the following NEW modules:
* rConfig 3.x Chained Unauthenticated RCE (CVE-2019-19509, CVE-2020-10220)
* ManageEngine Desktop Central Java Deserialization Unauthenticated RCE (CVE-2020-10189)
* Google Chrome Unauthenticated RCE
* 67, 68 and 69 (Object.create, CVE-2018-17463)
* 72 and 73 (Array.map; CVE-2019-5825)
* PHPStudy Backdoor Unauthenticated RCE
* Nagios XI Authenticated RCE (CVE-2019-15949)
* Centreon Poller Authenticated RCE
* SQL Server Reporting Services (SSRS) ViewState Deserialization Authenticated RCE (CVE-2020-0688)
* Tautulli v2.1.9 – Shutdown Denial of Service (CVE-2019-19833)
Also included in this recording are demonstrations of the SQL Server Reporting Services (SSRS) ViewState Deserialization Authenticated RCE, ManageEngine Desktop Central Java Deserialization Unauthenticated RCE, and rConfig 3.x Chained Unauthenticated RCE modules, as well as new ‘tip’ console functionality. Yep yep!
And there’s also many enhancements and a bug fix we cover, too!
Lastly, we launched our Beta program for a new web app we’ve been building called AttackerKB (Attacker Knowledge Base!). AttackerKB is a new resource to highlight hacker community knowledge on which vulns matter most — and why! You can find a recent write-up containing details and Beta sign up information, if you’d like to participate, at https://blog.rapid7.com/.
See all the latest modules, PRs, Metasploit blogs, and contributors at https://metasploit.com.