The Rapid7 Metasploit development team discusses (and demonstrates!) ongoing Metasploit work and features during their bimonthly sprint meeting, including the following NEW modules:
* GShodan Host Port
* WordPress Duplicator File Read Vulnerability (CVE-2020-11738)
* WordPress Easy WP SMTP Password Reset (CVE-2020-35234)
* WordPress Total Upkeep Unauthenticated Backup Downloader
* SpamTitan Unauthenticated RCE (CVE-2020-11698)
* Pulse Secure VPN gzip RCE (CVE-2020-8260)
* Apache Struts 2 Forced Multi OGNL Evaluation (CVE-2020-17530)
* WordPress AIT CSV Import Export Unauthenticated Remote Code Execution
* Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow (CVE-2020-14871)
* SYSTEM token impersonation through NTLM bits authentication on missing WinRM Service
* Microsoft Windows DrawIconEx OOB Write Local Privilege Elevation (CVE-2020-1054)
* Microsoft Spooler Local Privilege Elevation Vulnerability (CVE-2020-1337)
* CVE-2020-1170 Cloud Filter Arbitrary File Creation EOP (CVE-2020-17136)
* Windows Manage Volume Shadow Copies
Included in this recording, the team demonstrates NINE (9!!!) of the above modules and an upcoming fix! Plus the new msfconsole banner celebrating teams who participated in last month’s CTF!
We also demo some new functionality added to AttackerKB (the Attacker Knowledge Base)! AttackerKB is a resource to highlight hacker community knowledge on which vulns matter most — and why! You can check out the site yourself at https://attackerkb.com!
See all the latest modules, PRs, Metasploit blogs, and contributors at https://metasploit.com.