Metasploit keeping that developer awareness rate up.
Thanks to mr_me & wvu, SharePoint is an even better target to find in your next penetration test. The newly minted module can net you a shell and a copy of the servers config, making that report oh so much more fun.
Like to escape the sandbox? WizardOpium has your first taste of freedom. Brought to you by timwr and friends through Chrome, this module might be that push you need to get out onti solid ground.
apk
generation commands to be more explicit with options.run
command by cgranleese-r7 adds tab completion for specifying inline options when using the run
command. For example, within Metasploit’s console typing run
and then hitting the tab key twice will now show all available option names. Incomplete option names and values can also be also suggested, for example run LHOST=
and then hitting the tab key twice will show all available LHOST values.exploit/multi/browser/chrome_object_create.rb
module that exploits CVE-2018-17463 in Chrome, thereby allowing users to both elevate their privileges on affected versions of Windows, as well as potentially execute a full end to end attack chain to go from a malicious web page to SYSTEM on systems running vulnerable versions of Chrome and Windows.apk
generation commands to be more explicit with options.As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial edition).