Metasploit Weekly Wrap-Up 09/05/2025

Persistence Improvements and Exploits This week, the Metasploit team and the community has made improvements to some persistence modules such as Bash, which improves how they function behind the scenes. They have also been tagged with MITRE ATT&CK techniques. A new exploit has also been added thi...

GNU wget Arbitrary File Upload / Code Execution

Exploit Title: GNU Wget 1.18 - Arbitrary File Upload / Remote Code Execution 2 Original Exploit Author: Dawid Golunski Exploit Author: liewehacksie Version: GNU Wget 1.18 CVE: CVE-2016-4971 import http.server import socketserver import socket import sys class...

Bash Profile Persistence Exploit

This Metasploit module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. A handler is not run automatically, so you must configure an appropriate exploit/multi/handler to receive the callbac...

Bash Profile Persistence

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bash Profile Persistence', 'Description' = %q" This module writes an execution trigger to the target's Bash profile. The execution trigger execut...

openSUSE Security Update : postgresql (openSUSE-2019-2685)

This update for postgresql fixes the following issues : - Changed permissions, so that the directory can only be used by users in the postgres group bsc1123886. - Moved bash profile out of /var/lib to allow transactional updates bsc1100397. This update was imported from the SUSE:SLE-15:Update...

OPENSUSE-SU-2019:2685-1 Security update for postgresql

This update for postgresql fixes the following issues: - Changed permissions, so that the directory can only be used by users in the postgres group bsc1123886. - Moved bash profile out of /var/lib to allow transactional updates bsc1100397. This update was imported from the SUSE:SLE-15:Update upda...

Bash Profile Persistence

This module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. A handler is not run automatically, so you must configure an appropriate exploit/multi/handler to receive the callback. This...

Security update for postgresql (moderate)

openSUSE Security Update: Security update for postgresql Announcement ID: openSUSE-SU-2019:2685-1 Rating: moderate References: 1100397 1123886 Affected Products: openSUSE Leap 15.1 An update that contains security fixes can now be installed. Description: This update for postgresql fixes the...

SUSE-SU-2019:3212-1 Security update for postgresql

This update for postgresql fixes the following issues: - Changed permissions, so that the directory can only be used by users in the postgres group bsc1123886. - Moved bash profile out of /var/lib to allow transactional updates bsc1100397...