Lucene search

rapid7blogSpencer McIntyreRAPID7BLOG:0C3EDBDC537092A20C850F762D5A5856
HistoryOct 09, 2020 - 7:41 p.m.

Metasploit Wrap-Up

Spencer McIntyre





SAP Internet Graphics Server (IGS)

Metasploit Wrap-Up

This week includes a new module targeting the SAP Internet Graphics Server application, contributed by community member Vladimir Ivanov. This particular module covers two CVEs that are both XML External Entity (XXE) bugs that are remotely exploitable. The module comes fully featured with the ability to check for the presence of the vulnerabilities as well as two methods to leverage them. The first is a read action that allows users to read files from the remote server, while the second can be used to trigger a denial of service (DoS) condition.

Just read the (new Zerologon) docs

The module documentation for the Zerologon (CVE-2020-1472) module has been updated with details of how to run the entire attack workflow through Metasploit. This specifically included leveraging the new auxiliary/gather/windows_secrets_dump which can recover the machine password to restore on the targeted Domain Controller and using the PSexec module to execute a payload. It’s important to restore the machine account password to prevent services from breaking. Module documentation can be accessed from msfconsole by using the info -d command. The most recent Metasploit Demo meeting also covered this content, showing the newly documented workflow in action.

New modules (1)

Enhancements and features

Bugs fixed

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).