Metasploit Demo Meeting 2021-01-26
The Rapid7 Metasploit development team discusses (and demonstrates!) ongoing Metasploit work and features during their bimonthly sprint meeting, including the following NEW modules:
* GShodan Host Port
* WordPress Duplicator File Read Vulnerability (CVE-2020-11738)
* WordPress Easy WP SMTP Password Reset (CVE-2020-35234)
* WordPress Total Upkeep Unauthenticated Backup Downloader
* SpamTitan Unauthenticated RCE (CVE-2020-11698)
* Pulse Secure VPN gzip RCE (CVE-2020-8260)
* Apache Struts 2 Forced Multi OGNL Evaluation (CVE-2020-17530)
* WordPress AIT CSV Import Export Unauthenticated Remote Code Execution
* Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow (CVE-2020-14871)
* SYSTEM token impersonation through NTLM bits authentication on missing WinRM Service
* Microsoft Windows DrawIconEx OOB Write Local Privilege Elevation (CVE-2020-1054)
* Microsoft Spooler Local Privilege Elevation Vulnerability (CVE-2020-1337)
* CVE-2020-1170 Cloud Filter Arbitrary File Creation EOP (CVE-2020-17136)
* Windows Manage Volume Shadow Copies
Included in this recording, the team demonstrates NINE (9!!!) of the above modules and an upcoming fix! Plus the new msfconsole banner celebrating teams who participated in last month's CTF!
We also demo some new functionality added to AttackerKB (the Attacker Knowledge Base)! AttackerKB is a resource to highlight hacker community knowledge on which vulns matter most — and why! You can check out the site yourself at https://attackerkb.com!
See all the latest modules, PRs, Metasploit blogs, and contributors at https://metasploit.com.
Видео Metasploit Demo Meeting 2021-01-26 канала Metasploit
* GShodan Host Port
* WordPress Duplicator File Read Vulnerability (CVE-2020-11738)
* WordPress Easy WP SMTP Password Reset (CVE-2020-35234)
* WordPress Total Upkeep Unauthenticated Backup Downloader
* SpamTitan Unauthenticated RCE (CVE-2020-11698)
* Pulse Secure VPN gzip RCE (CVE-2020-8260)
* Apache Struts 2 Forced Multi OGNL Evaluation (CVE-2020-17530)
* WordPress AIT CSV Import Export Unauthenticated Remote Code Execution
* Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow (CVE-2020-14871)
* SYSTEM token impersonation through NTLM bits authentication on missing WinRM Service
* Microsoft Windows DrawIconEx OOB Write Local Privilege Elevation (CVE-2020-1054)
* Microsoft Spooler Local Privilege Elevation Vulnerability (CVE-2020-1337)
* CVE-2020-1170 Cloud Filter Arbitrary File Creation EOP (CVE-2020-17136)
* Windows Manage Volume Shadow Copies
Included in this recording, the team demonstrates NINE (9!!!) of the above modules and an upcoming fix! Plus the new msfconsole banner celebrating teams who participated in last month's CTF!
We also demo some new functionality added to AttackerKB (the Attacker Knowledge Base)! AttackerKB is a resource to highlight hacker community knowledge on which vulns matter most — and why! You can check out the site yourself at https://attackerkb.com!
See all the latest modules, PRs, Metasploit blogs, and contributors at https://metasploit.com.
Видео Metasploit Demo Meeting 2021-01-26 канала Metasploit
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Metasploit Framework BH US Arsenal Demo 2023
Exploit Writing Live Video (CVE-2022-44877)
Metasploit 6.3 Kerberos - 30 Second Teaser
Metasploit Framework Kerberos Protocol Support Certifried Demo
Writing Meterpreter Commands with Python with R7's Spencer McIntyre
Zimbra Unrar RCE and Slapper LPE
LDAP Gatherer Module
SAMR Computer Management
6th getsystem technique EFSRPC Named Pipe Impersonation AKA EfsPotato
Confluence RCE CVE 2022-26134
Microsoft “Word” CVE 2022-30190 AKA Follina Demo
Metasploit Module VMware Workspace ONE Access CVE 2022 22954 Unauth RCE
User Profile Arbitrary Junction LPE CVE-2022-26904
Metasploit Demo Meeting 2022-03-22
Metasploit Demo Meeting 2022-03-08
Metasploit Demo Meeting 2021-06-07
Metasploit Demo Meeting 2021-05-18
Metasploit Demo Meeting 2021-05-04
Metasploit Demo Meeting 2021-04-20
Metasploit Demo Meeting 2021-04-06
Metasploit Demo Meeting 2021-03-23