























This week, we added a whole new bunch of HTTP/HTTPS-based CMD payloads for X64 and X86 versions of Windows. The additional breadth of selectable payloads and delivery techniques allows users new options to tailor the attack workflow for their environment. This was contributed by bwatters-r7. Adding new architectures for adapted payloads is surprisingly easy and something a first-time contributor might want to look into!
New modules added to Metasploit Framework also allow for targeting FreeScout and Grav CMS, both of which result in remote code execution. These modules were contributed by Chocapikk and x1o3 respectively. Thanks!
Thanks to g0tmi1k, Metasploit Framework now also includes an exploit module, multi/http/os_cmd_exec, which allows for targeting generic HTTP command execution vulnerabilities where user-supplied input is directly passed to system execution functions via an HTTP request. This can result in a Meterpreter shell on the remote target.
To round this week off, we have a new persistence technique on Windows, thanks to Nayeraneru, which abuses the HKCU\Environment\UserInitMprLogonScript registry value to execute a payload at user logon.
Authors: Moses Bhardwaj (MosesOX) , Nir Zadok (nirzadokox) , Valentin Lobstein [email protected], and offensiveee
Type: Exploit
Pull request: #21069 contributed by Chocapikk
Path: multi/http/freescout_htaccess_rce
AttackerKB reference: CVE-2026-27636
Description: This adds an exploit module for CVE-2026-28289, an unauthenticated remote code execution vulnerability in FreeScout versions prior or equal to 1.8.206.
Authors: binneko and x1o3
Type: Exploit
Pull request: #21029 contributed by x1o3
Path: multi/http/grav_admin_direct_install_rce_cve_2025_50286
AttackerKB reference: CVE-2025-50286
Description: This adds a new exploit module for CVE-2025-50286, an authenticated RCE vulnerability in Grav CMS 1.1.x–1.7.x with Admin Plugin 1.2.x–1.10.x. The module exploits the Direct Install feature to upload a malicious plugin ZIP and execute an arbitrary PHP payload as the web server user.
Authors: egypt [email protected] and g0tmi1k
Type: Exploit
Pull request: #21023 contributed by g0tmi1k
Path: multi/http/os_cmd_exec
Description: Adds a new exploits/multi/http/os_cmd_exec module that targets generic HTTP command execution vulnerabilities where user-supplied input is directly passed to system execution functions via an HTTP request.
Author: Nayera
Type: Exploit
Pull request: #21032 contributed by Nayeraneru
Path: windows/persistence/userinit_mpr_logon_script
Description: This adds a new Windows persistence module that abuses the HKCU\Environment\UserInitMprLogonScript registry value to execute a payload at user logon.
Authors: Brendan Watters, Chris John Riley, hdm [email protected], sf [email protected], and vlad902 [email protected]
Type: Payload (Adapter)
Pull request: #21172 contributed by bwatters-r7
Description: This adds HTTP and HTTPS fetch payloads for 32-bit Windows targets.
You can always find more documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。