changelog brosec v18.104.22.168 (June 30, 2017): * Minor Fix & Enhancement + Added new payloads to wmic (bros 34) + Added netsh proxy command to…
In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters…
Topic: Humax HG100R 2.0.6 Backup File Download Risk: High Text:# coding: utf-8 # Exploit Title: Humax Backup file download # Date: 29/06/2017 # Exploit Author: gambler # Vendor Homepag…
PenTestIT RSS Feed
Since my initial post about WPSeku was about v0.1.0, an updated was made by the author and a new version was released. This post is an attempt at mentioning the changes made to the tool. What is WPSeku? WPSeku is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installationsRead more about UPDATE: WPSeku v0.2.1!
The post UPDATE: WPSeku v0.2.1! appeared first on PenTestIT.
This week marks the 50th anniversary of the automated teller machine — better known to most people as the ATM or cash machine. Thanks to the myriad methods thieves have devised to fleece unsuspecting cash machine users over the years, there are now more ways than ever to get ripped off at the ATM. Think you’re good at spotting the various scams? A newly released ATM fraud inspection guide may help you test your knowledge.
The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.
Metasploit HackathonWe were happy to host the very first Metasploit framework open source hackathon this past week in the Rapid7 Austin. Eight Metasploit hackers from outside of Rapid7 joined forces with the in-house team and worked on a lot of great projects, small and large. @bcook started the hackathon working with @sempervictus on his amazing backlog of framework features, including REX library improvements, UDP sessions, TLS encrypted sessions, and support for running framework in Rubinius . We had a lot of good chats on how to move forward with bigger features, and our trees have begun to converge more. @zerosteiner worked on server support for the Net-ssh library, and gave right after dropped Railgun support for OSX Meterpreter, and gave a talk on it at BSides Cleveland. On the module side, we got the long-awaited DNS injection module from @kingsabri rewritten and enhanced. @bcook worked a lot with @mubix’s, whose intense testing and feedback made the module really great. Mubix served a unique role at the hackathon to of testing everyone’s ideas and providing a critical eye on usability and reliability in engagements. @bcook also worked with @sure-fire testing public PoC code for CVE-2017-3881 on a variety of Cisco gear, and we were able to convert @artkond’s great research into another module PR. @bperry stopped by with his guitar, and worked on a plugin for the Arachni web scanner. In his words, “This complements the sqlmap plugin well, going from general web app scanning with arachni to full exploitation with sqlmap straight from Metasploit. It’s something I’ve wanted in Metasploit for a while now.". He also composed a song for the occasion. @bcook worked on a long-awaited search function for the Metasploit RPC interface while @mubix added a nifty new plugin that publishes an RSS feed of shells as they come in. While testing various things, @mubix noticed that his database was taking a long time to delete a workspace. @darkbushido took a look and found that we could speed up deleting workspaces by several orders of magnitude by using a different method. Joining the hackathon virtually, @oj completed his PR for an all-new crypto layer for Meterpreter transports, which provides application-layer encryption for sessions independent of the transport used. It also has the nice effect of reducing the size of Windows meterpreter 5-fold! @bwatters-r7, @hdm, @kernelsmith, @acammack-r7, and @izobashi also worked on a number of interesting projects as well, like a socks5 proxy, automated payload testing, selfhash support, and mimipenguins integration. We will be covering those as the make their way into the PR queue. In total, the hackathon was a great success and we look forward to having another one soon. PasswordsIn the continual game of cat and mouse with Windows password storage, Rogdham has brought the mice back on top this week. SQUEEK! Previously, Windows stored hashes using RC4 hashing, but Windows 10 uses AES128. With this update, the hashdump module will work with the AES128 hashes, too. catch yourself before you wrek yourselfNo one likes seg faults while you’re trying to be stealthy, so kudos to tkmru who added some error handling to our armle reverse_tcp payload. Previously, the payload would segfault if it could not call back. Now, if it fails to call back, it fails silently, because the best kind of failure is the kind no one notices! New ModulesExploit modules (4 new)* Netgear DGN2200 dnslookup.cgi Command Injection by SivertPL and thecarterb exploits CVE-CVE-2017-6334* Symantec Messaging Gateway Remote Code Execution by Mehmet Ince exploits CVE-CVE-2017-6326* Easy File Sharing HTTP Server 7.2 POST Buffer Overflow by Marco Rivoli and bl4ck h4ck3rAuxiliary and post modules (1 new)* Riverbed SteelHead VCX File Read by Gregory DRAPERI and h00die Get itAs always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:Pull Requsts 4.14.26…4.14.28Full diff 4.14.26…4.14.28To install fresh, check out the open-source-only Nightly Installers, or the binary installers which also include the commercial editions.
Digital Canal Structural Wind Analysis versions 9.1 and below suffer from a buffer overflow vulnerability.
Schneider Electric Wonderware InduSoft Web Studio versions 8.0 Patch 3 and below suffer from having incorrect default permissions.