National Cyber Warfare Foundation (NCWF) Forums


Metasploit Weekly Wrap-Up 08 09 2024


0 user ratings
2024-08-09 18:27:17
milo
Red Team (CNA)

Black Hat & DEF CON


Hopefully folks were able to catch our Rapid7 researchers @zeroSteiner & Jack Heysel show off the Metasploit 6.4's features, focusing on combinations that allow for new, streamlined attack workflows at Black Hat. If not they will also be demoing at DEF CON tomorrow in



Black Hat & DEF CON


Metasploit Weekly Wrap-Up 08/09/2024

Hopefully folks were able to catch our Rapid7 researchers @zeroSteiner & Jack Heysel show off the Metasploit 6.4's features, focusing on combinations that allow for new, streamlined attack workflows at Black Hat. If not they will also be demoing at DEF CON tomorrow in room W304!


New module content (1)


Calibre Python Code Injection (CVE-2024-6782)


Authors: Amos Ng and Michael Heinzl

Type: Exploit

Pull request: #19357 contributed by h4x-x0r

Path: multi/misc/calibre_exec

AttackerKB reference: CVE-2024-6782


Description: Adds a module targeting CVE-2024-6782, an unauthenticated Python code injection vulnerability in the Content Server component of Calibre v6.9.0 - v7.14.0. Once enabled (disabled by default), it will listen in its default configuration on all network interfaces on TCP port 8080 for incoming traffic. The injected payload will get executed in the same context under which Calibre is being executed.


Bugs fixed (1)



  • #19355 from dledda-r7 - Fixes an issue where Meterpreter sessions would fail to migrate when MeterpreterDebugBuild is enabled.


Documentation


You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.


Get it


As always, you can update to the latest Metasploit Framework with msfupdate

and you can get more details on the changes since the last blog post from

GitHub:



If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.

To install fresh without using git, you can use the open-source-only Nightly Installers or the

commercial edition Metasploit Pro


Metasploit Weekly Wrap-Up 08/09/2024




Source: Rapid7
Source Link: https://blog.rapid7.com/2024/08/09/metasploit-weekly-wrap-up-08-09-2024/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Red Team (CNA)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.