The Rapid7 Metasploit development team discusses (and demonstrates!) ongoing Metasploit work and features during their bimonthly sprint meeting, including the following NEW modules:
* Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection (CVE-2020-17506)
* Jenkins CLI Deserialization (CVE-2017-1000353)
* TP-Link Cloud Cameras NCXXX Bonjour Command Injection (CVE-2020-12109)
* VyOS restricted-shell Escape and Privilege Escalation (CVE-2018-18556)
* Microsoft Spooler Local Privilege Elevation Vulnerability (CVE-2020-1048)
* Netlogon Weak Cryptographic Authentication (CVE-2020-1472, a.k.a. Zerologon)
* SOCKS Proxy Server
* Multiplatform Installed Software Version Enumerator
* Windows SecureCRT Session Information Enumeration
* MaraCMS Arbitrary PHP File Upload (CVE-2020-25042)
* Safari in Operator Side Effect Exploit (CVE-2020-9856)
* Cisco AnyConnect Privilege Escalations (CVE-2020-3153 and CVE-2020-3433)
* Windows Update Orchestrator unchecked ScheduleWork call (CVE-2020-1313)
* VyOS Configuration Importer
* Windows Secrets Dump
* VyOS Gather Device General Information by h00die
Included in this recording are NINE (9!) demos here, including the new module for ZeroLogin, Safari, AnyConnect, and Jenkins, and we discuss enhancements and bug fixes, too!
Also, our new web app that we’ve been building called AttackerKB (Attacker Knowledge Base) is NOW IN OPEN BETA!!! AttackerKB is a new resource to highlight hacker community knowledge on which vulns matter most — and why! You can check out the site yourself at https://attackerkb.com! For more details, you can find our recent “Meet AttackerKB” post at https://blog.rapid7.com/.
See all the latest modules, PRs, Metasploit blogs, and contributors at https://metasploit.com.