Metasploit Demo Meeting 2021-01-26
The Rapid7 Metasploit development team discusses (and demonstrates!) ongoing Metasploit work and features during their bimonthly sprint meeting, including the following NEW modules:
* GShodan Host Port
* WordPress Duplicator File Read Vulnerability (CVE-2020-11738)
* WordPress Easy WP SMTP Password Reset (CVE-2020-35234)
* WordPress Total Upkeep Unauthenticated Backup Downloader
* SpamTitan Unauthenticated RCE (CVE-2020-11698)
* Pulse Secure VPN gzip RCE (CVE-2020-8260)
* Apache Struts 2 Forced Multi OGNL Evaluation (CVE-2020-17530)
* WordPress AIT CSV Import Export Unauthenticated Remote Code Execution
* Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow (CVE-2020-14871)
* SYSTEM token impersonation through NTLM bits authentication on missing WinRM Service
* Microsoft Windows DrawIconEx OOB Write Local Privilege Elevation (CVE-2020-1054)
* Microsoft Spooler Local Privilege Elevation Vulnerability (CVE-2020-1337)
* CVE-2020-1170 Cloud Filter Arbitrary File Creation EOP (CVE-2020-17136)
* Windows Manage Volume Shadow Copies
Included in this recording, the team demonstrates NINE (9!!!) of the above modules and an upcoming fix! Plus the new msfconsole banner celebrating teams who participated in last month's CTF!
We also demo some new functionality added to AttackerKB (the Attacker Knowledge Base)! AttackerKB is a resource to highlight hacker community knowledge on which vulns matter most — and why! You can check out the site yourself at https://attackerkb.com!
See all the latest modules, PRs, Metasploit blogs, and contributors at https://metasploit.com.
Видео Metasploit Demo Meeting 2021-01-26 канала Metasploit
* GShodan Host Port
* WordPress Duplicator File Read Vulnerability (CVE-2020-11738)
* WordPress Easy WP SMTP Password Reset (CVE-2020-35234)
* WordPress Total Upkeep Unauthenticated Backup Downloader
* SpamTitan Unauthenticated RCE (CVE-2020-11698)
* Pulse Secure VPN gzip RCE (CVE-2020-8260)
* Apache Struts 2 Forced Multi OGNL Evaluation (CVE-2020-17530)
* WordPress AIT CSV Import Export Unauthenticated Remote Code Execution
* Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow (CVE-2020-14871)
* SYSTEM token impersonation through NTLM bits authentication on missing WinRM Service
* Microsoft Windows DrawIconEx OOB Write Local Privilege Elevation (CVE-2020-1054)
* Microsoft Spooler Local Privilege Elevation Vulnerability (CVE-2020-1337)
* CVE-2020-1170 Cloud Filter Arbitrary File Creation EOP (CVE-2020-17136)
* Windows Manage Volume Shadow Copies
Included in this recording, the team demonstrates NINE (9!!!) of the above modules and an upcoming fix! Plus the new msfconsole banner celebrating teams who participated in last month's CTF!
We also demo some new functionality added to AttackerKB (the Attacker Knowledge Base)! AttackerKB is a resource to highlight hacker community knowledge on which vulns matter most — and why! You can check out the site yourself at https://attackerkb.com!
See all the latest modules, PRs, Metasploit blogs, and contributors at https://metasploit.com.
Видео Metasploit Demo Meeting 2021-01-26 канала Metasploit
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Metasploit Framework BH US Arsenal Demo 2023Exploit Writing Live Video (CVE-2022-44877)Metasploit 6.3 Kerberos - 30 Second TeaserMetasploit Framework Kerberos Protocol Support Certifried DemoWriting Meterpreter Commands with Python with R7's Spencer McIntyreZimbra Unrar RCE and Slapper LPELDAP Gatherer ModuleSAMR Computer Management6th getsystem technique EFSRPC Named Pipe Impersonation AKA EfsPotatoConfluence RCE CVE 2022-26134Microsoft “Word” CVE 2022-30190 AKA Follina DemoMetasploit Module VMware Workspace ONE Access CVE 2022 22954 Unauth RCEUser Profile Arbitrary Junction LPE CVE-2022-26904Metasploit Demo Meeting 2022-03-22Metasploit Demo Meeting 2022-03-08Metasploit Demo Meeting 2021-06-07Metasploit Demo Meeting 2021-05-18Metasploit Demo Meeting 2021-05-04Metasploit Demo Meeting 2021-04-20Metasploit Demo Meeting 2021-04-06Metasploit Demo Meeting 2021-03-23