20 matches found
Metasploit Wrap-Up 04/04/2025
New RCEs Metasploit added four new modules this week, including three that leverage vulnerabilities to obtain remote code execution RCE. Among these three, two leverage deserialization, showing that the exploit primitive is still going strong. The Tomcat vulnerability in particular CVE-2025-24813...
Metasploit Weekly Wrap-Up 11/22/2024
JetBrains TeamCity Login Scanner Metasploit added a login scanner for the TeamCity application to enable users to check for weak credentials. TeamCity has been the subject of multiple ETR vulnerabilities and is a valuable target for attackers. Targeted DCSync added to Windows Secrets Dump This...
JetBrains TeamCity Login Scanner
This module performs login attempts against a JetBrains TeamCity webpage to bruteforce possible credentials. Module Options msf use auxiliary/scanner/teamcity/teamcitylogin msf auxiliaryteamcitylogin show actions ...actions... msf auxiliaryteamcitylogin set ACTION msf auxiliaryteamcitylogin show...
Binom3 Web Management Login Scanner, Config And Password File Dump
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Binom3 Web Management Login Scanner, Config and Password File Dump', 'Description' = % This module scans for Binom3 Multifunctional Revenue Energ...
Sage X3 AdxAdmin Login Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/loginscanner/x3' require 'metasploit/framework/credentialcollection' class MetasploitModule 'Sage X3 AdxAdmin Login Scanner', 'Description'...
Cambium CnPilot R200/r201 Login Scanner And Config Dump
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cambium cnPilot r200/r201 Login Scanner and Config Dump', 'Description' = % This module scans for Cambium cnPilot r200/r201 management login...
SNMP Community Login Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/communitystringcollection' require 'metasploit/framework/loginscanner/snmp' class MetasploitModule 'SNMP Community Login Scanner',...
LDAP Login Scanner
This module attempts to login to the LDAP service. Module Options msf use auxiliary/scanner/ldap/ldaplogin msf auxiliaryldaplogin show actions ...actions... msf auxiliaryldaplogin set ACTION msf auxiliaryldaplogin show options ...show and set options... msf auxiliaryldaplogin run This module...
Metasploit Weekly Wrap-Up
Wowza, a new credential gatherer and login scanner! This week Metasploit Framework gained a credential gatherer for Wowza Streaming Engine Manager. Credentials for this application are stored in a file named admin.password in a known location and the file is readable by default by BUILTIN\Users o...
Servisnet Tessa - MQTT Credentials Dump (Unauthenticated) Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/mqtt' class MetasploitModule 'Servisnet Tessa - MQTT Credentials Dump...
PhpMyAdmin Login Scanner
This module will attempt to authenticate to PhpMyAdmin. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/loginscanner/phpmyadmin' require 'metasploit/framework/credentialcollection' class...
Teradata ODBC Login Scanner Module
Login scanner module for ODBC connections to Teradata databases. Port specification TCP 1025 by default is not necessary for ODBC connections. Blank passwords are not supported by ODBC connections. Requires ODBC driver and Python Teradata module. !/usr/bin/env python3 -- coding: utf-8 -- 2018-05-...
Cambium cnPilot r200/r201 Login Scanner and Config Dump
This module scans for Cambium cnPilot r200/r201 management login portals, attempts to identify valid credentials, and dump device configuration. The device has at least two 2 users - admin and user. Due to an access control vulnerability, it is possible for 'user' account to access full device...
SSH Public Key Login Scanner
This module will test ssh logins on a range of machines using a defined private key file, and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. Key files may be a single...
Cambium ePMP 1000 Login Scanner
This module scans for Cambium ePMP 1000 management login portals, and attempts to identify valid credentials. Default login credentials are - admin/admin, installer/installer, home/home and readonly/readonly. This module requires Metasploit: https://metasploit.com/download Current source:...
Wordpress XML-RPC system.multicall Credential Collector
This module attempts to find Wordpress credentials by abusing the XMLRPC APIs. Wordpress versions prior to 4.4.1 are suitable for this type of technique. For newer versions, the script will drop the CHUNKSIZE to 1 automatically. This module requires Metasploit: https://metasploit.com/download...
Western Digital MyBook Live Login Utility
This module simply attempts to login to a Western Digital MyBook Live instance using a specific user/pass. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require...
PostgreSQL Login Utility
This module attempts to authenticate against a PostgreSQL instance using username and password combinations indicated by the USERFILE, PASSFILE, and USERPASSFILE options. Note that passwords may be either plaintext or MD5 formatted hashes. This module requires Metasploit:...
DB2 Authentication Brute Force Utility
This module attempts to authenticate against a DB2 instance using username and password combinations indicated by the USERFILE, PASSFILE, and USERPASSFILE options. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework requi...
VMWare Authentication Daemon Login Scanner
This module will test vmauthd logins on a range of machines and report successful logins. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require...