Metasploit For Beginners – #1 – The Basics – Modules, Exploits & Payloads
Tag: metasploit
Apache OFBiz XML-RPC Java Deserialization
This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz’s unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.04.
Docker Privileged Container Escape
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## # POC modified from https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/ class MetasploitModule < Msf::Exploit::Local Rank = NormalRanking prepend Msf::Exploit::Remote::AutoCheck include Msf::Post::File include Msf::Post::Linux::Priv include Msf::Post::Linux::System include Msf::Exploit::EXE include […]
Plex Unpickle Dict Windows Remote Code Execution
This Metasploit module exploits an authenticated Python unsafe pickle.load of a Dict file. An authenticated attacker can create a photo library and add arbitrary files to it. After setting the Windows only Plex variable LocalAppDataPath […]
Apache Spark – Unauthenticated Command Execution (Metasploit)
This module exploits an unauthenticated command execution vulnerability in Apache Spark with standalone cluster mode through REST API. It uses the function CreateSubmissionRequest to submit a malious java class and trigger it. [su_quote] ## # […]
SonicWall Global Management System XMLRPC set_time_zone Command Injection (Metasploit)
This module exploits a vulnerability in SonicWall Global Management System Virtual Appliance versions 8.1 (Build 8110.1197) and below. This virtual appliance can be downloaded from http://www.sonicwall.com/products/sonicwall-gms/ and is used ‘in a holistic way to manage […]
