Porting CVE-2018-8120 to an MSF module
Hi Internet,| inputzero
Metasploit Wrap-Up 01/30/2026
FreeBPX Content Galore This week brings 3 new pieces of module content for targeting FreePBX. All three chain multiple vulnerabilities together, starting with CVE-2025-66039. This initial vulnerability allows unauthenticated users to bypass the authentication process to interact with FreePBX. From this point, the different modules leverage either a SQL injection vulnerability (CVE-2025-61675) or a file upload vulnerability (CVE-2025-61678) to obtain remote code execution. New module content (...| Rapid7 Cybersecurity Blog
Metasploit Wrap-Up 01/23/2026
Oracle E-Business Suite Unauth RCE This week, we are pleased to announce the addition of a module that exploits CVE-2025-61882, a pre-authentication remote code execution vulnerability in Oracle E-Business Suite versions 12.2.3 through 12.2.14. The exploit chains multiple flaws—including SSRF, path traversal, HTTP request smuggling, and XSLT injection—to coerce the target into fetching and executing a malicious XSL file hosted by the attacker. Successful exploitation results in arbitrary ...| Rapid7 Cybersecurity Blog
Metasploit Wrap-Up 01/16/2026
Persistence, dMSA Abuse & RCE Goodies This week, we have received a lot of contributions from the community, such as h00die, Chocapikk and countless others, which is greatly appreciated. This week’s modules and improvements in Metasploit Framework range from new modules, such as dMSA Abuse (resulting in escalation of privilege in Windows Active Directory environments), authenticated and unauthenticated RCE modules, as well as many improvements and additions to the persistence modules and...| Rapid7 Cybersecurity Blog
Metasploit Wrap-Up 01/09/2026
RISC-V Payloads This week brings more RISC-V payloads from community member bcoles. One provides a new adapter which allows RISC-V payloads to be converted to commands and delivered as a Metasploit fetch-payload. The second is a classic bind shell, offering the user interactive connectivity to the target host. Both of these go a long way in improving Metasploit’s support for RISC-V systems. Annual Wrap Up With a new year comes a new annual wrap up. Earlier this week, the Metasploit project...| Rapid7 Cybersecurity Blog
Metasploit 2025 Annual Wrap-Up
Hard to believe it's that time again, and that Metasploit Framework will see the dawn of another Annual Wrap-Up (and a New Year). All of the metrics and modules you see here would in large part not be possible without the dedicated community members who care about the Framework and its mission on all the days of the year. It is their hard work and dedication that makes it look like magic, and sometimes, it feels like it too. A heartfelt thank you to all of our researchers and contributors, yo...| Rapid7 Cybersecurity Blog
AD Recon – NetBIOS (137/138/139) and SMB (445) Part-1
In this two-part post on AD Recon, we will review various tools that can be used to enumerate the NetBIOS (UDP port 137/138 | TCP port 139) and SMB (TCP port 445) services. To begin, we will learn about the NetBIOS and SMB services, how they tie together, as well as how they are useful for domain […] The post AD Recon – NetBIOS (137/138/139) and SMB (445) Part-1 first appeared on Juggernaut Pentesting Blog.| Juggernaut Pentesting Blog
Offensive security tools 2025
Offensive security tools for 2025: Metasploit, Nuclei, Bloodhound & more. Uncover and remediate vulnerabilities before they’re exploited.| HackerTarget.com
Giving an LLM Command Line Access to Nmap | HackerTarget.com
What would it look like giving LLM's command line access to Nmap. Explore the possibilities in the security tools space.| HackerTarget.com
PHP-CGI für Windows: Angriffe auf CVE-2024-4577 eskalieren - Greenbone
Die PHP-CGI-Schwachstelle CVE-2024-4577 ermöglicht RCE-Angriffe und eskaliert weltweit, dringende Sicherheitsmaßnahmen erforderlich.| Greenbone
Εξερευνώντας, ένα ASCII Buffer Overflow. | Ghost in the Lab
Πριν από μερικές μέρες, για τις ανάγκες ενός project, κατέβασα την freeware εφαρμογή CPE17 Autorun Killer (AntiAutorun), η οποία έχει σκοπό της, την διαγραφή των ύποπτων “autorun.inf” α…| Ghost in the Lab
“From SQL injection to shell” exercise – My sqli2shell tool. | Ghost in the Lab
PentesterLab is an easy and great way to learn penetration testing. PentesterLab provides vulnerable systems that can be used to test and understand vulnerabilities.| Ghost in the Lab
SEH Exploitation – Κοροϊδεύοντας το φύλακα! | Ghost in the Lab
Σε προηγούμενα άρθρα (1,2) καταφέραμε –σχετικά εύκολα– να ανακατευθύνουμε τη ροή του προγράμματος στο οποίο επιτεθήκαμε, με αποτέλεσμα να εκτελέσουμε επιτυχώς δικό μας κακόβουλο κώδικα …| Ghost in the Lab
Metasploit Plugin for EasyFTP Server Exploit | my 20%
Update: The module has been added to the Metasploit tree. Thanks to jduck for cleaning it up and generalizing it! View here; now just use svn update to get the module. — In my previous post…| my 20%
MSSQL : You get admin! You get admin! EVERYONE GETS ADMIN! – GrimBlog
TLDR: Domain Users permitted to authenticate to Microsoft SQL databases can use the limited privileges they are granted to run a stored procedure. The stored procedure can be used to send the datab…| GrimBlog