Lucene search
K

4 matches found

Rapid7 Blog
Rapid7 Blog
added 2024/11/22 8:28 p.m.34 views

Metasploit Weekly Wrap-Up 11/22/2024

JetBrains TeamCity Login Scanner Metasploit added a login scanner for the TeamCity application to enable users to check for weak credentials. TeamCity has been the subject of multiple ETR vulnerabilities and is a valuable target for attackers. Targeted DCSync added to Windows Secrets Dump This...

10CVSS7AI score0.16513EPSS
Exploits29
Rapid7 Blog
Rapid7 Blog
added 2024/05/03 6:29 p.m.32 views

Metasploit Weekly Wrap-Up 05/03/24

Dump secrets inline This week, our very own cdelafuente-r7 added a significant improvement to the well-known Windows Secrets Dump module to reduce the footprint when dumping SAM hashes, LSA secrets and cached credentials. The module is now directly reading the Windows Registry remotely without...

7.5CVSS9.6AI score0.95388EPSS
Exploits9
Rapid7 Blog
Rapid7 Blog
added 2023/11/03 7:10 p.m.66 views

Metasploit Weekly Wrap-Up

PTT for DCSync This week, community member smashery made an improvement to the windowssecretsdump module to enable it to dump domain hashes using the DCSync method after having authenticated with a Kerberos ticket. Now, if a user has a valid Kerberos ticket for a privileged account, they can run...

5CVSS8AI score0.99999EPSS
Exploits15
Metasploit
Metasploit
added 2020/09/30 5:41 p.m.1036 views

Windows Secrets Dump

Dumps SAM hashes and LSA secrets including cached creds from the remote Windows target without executing any agent locally. This is done by remotely updating the registry key security descriptor, taking advantage of the WriteDACL privileges held by local administrators to set temporary read...

7.3AI score
Exploits0
Rows per page
Query Builder