Log in
E-mail
Password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Settings
Settings
Dynamic quotes 
OFFON

MarketScreener Homepage  >  Equities  >  Nasdaq  >  Rapid7, Inc.    RPD

RAPID7, INC.

(RPD)
  Report
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector news

Rapid7 : Metasploit Wrap-Up

04/04/2021 | 02:14pm EDT
share with twitter
share with LinkedIn
share with facebook
Sprinkle on the Modules


The first quarter of 2021 has given us wave after wave of Exchange vulnerabilities, and while our awesome contributors helped us continue coverage with another Exchange module we were able to add to Metasploit, we also added modules covering very heavy-hitting vulnerabilities in F5, SAP, and SaltStack that may have gotten less notice in the shadow of the Exchange vulnerabilities earlier this quarter. This update offers two new modules from community contributor Vladimir Ivanov targeting remote code execution vulnerabilities in SAP, a new module by our own Will Vu covering a remote code execution vulnerability in F5 Big-IP and BIG-IQ devices that gives root access, and a new module by Metasploit team-member Chrisophe De La Fuente covering a remote code execution in Salt Stack also yielding root access. Then, to top it off, community contributor Erik Wynter contributed a scanner module to identify Nagios XI applications and suggest possible exploit modules that may work on the identified targets!

Search your Feelings… and POSIX filesystems!

Our own space-r7 added the fs_search function into our Mettle payloads (A.K.A. POSIX Meterpreter). You can now search target filesystems just as you can with the Windows Meterpreter!

New Modules (6)
  • SAP Solution Manager remote unauthorized OS commands execution by Dmitry Chastuhin, Pablo Artuso, Vladimir Ivanov, and Yvan Genuer, which exploits CVE-2020-6207 This PR adds two modules to exploit a vulnerability in the SAP Solution Manager application. Successful exploitation of the vulnerability enables unauthenticated remote attackers to achieve SSRF and execute OS commands from the agent connected within the context of the application.
  • Nagios XI Scanner by Erik Wynter, which exploits CVE-2020-35578 A new set of libraries have been added to support developers wishing to target Nagios XI machines, which should help to supply developers with several commonly used pieces of functionality. Additionally a scanner module has been added which will scan Nagios XI installations and try to detect the version installed. Once the version of Nagios XI has been obtained, it will then suggest exploits in Metasploit that can be used to exploit that version of Nagios XI, if any exploits are available.
  • F5 iControl REST Unauthenticated SSRF Token Generation RCE by wvu and Rich Warren, which exploits CVE-2021-22986 This adds a module that exploits an unauthenticated SSRF vulnerability in F5's iControl REST API that is then leveraged to execute code as the root user on various versions of F5's BIG-IP and BIG-IQ devices.
  • SaltStack Salt API Unauthenticated RCE through wheel_async client by Alex Seymour and Christophe De La Fuente, which exploits CVE-2021-25282 This adds an exploit module that exploits an authentication bypass and a directory traversal vulnerability in versions 3002.5 and below of SaltStack Salt's REST API. Remote code execution as the root user is achieved by writing a custom grain module to the extension module directory and waiting until a recurring maintenance check executes the malicious grain module.
  • Windows Gather Exchange Server Mailboxes by SophosLabs Offensive Security team. This PR adds a module for enumerating end extracting mailboxes on Exchange servers.
Enhancements and features
  • #14937 from cgranleese-r7 Improves the performance of the various show commands within the console. For instance show exploits now takes ~0.5 seconds instead of ~14 seconds
  • #14945 from mekhalleh This updates the ProxyLogon RCE module to use an RPC request to identify the backend server's FQDN.
  • #14951 from timwr This updates the Linux Meterpreter implementation to support the search command which allows users to search for files on a compromised system.
Bugs Fixed
  • #14918 from zeroSteiner Fixes an issue where the VHOST option was not being correctly populated when the RHOST option was specified with domain names.
  • #14962 from cgranleese-r7 Updates the nexpose_connect login functionality to correctly handle the @ symbol being present in the password
  • #14966 from ryanpohlner This improves the ProxyLogon RCE module to address an issue where a payload would be run twice.
  • #14969 from timwr This fixes a bug in the Python Meterpreter's DNS resolving function.
Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial edition).

Disclaimer

Rapid7 Inc. published this content on 02 April 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 04 April 2021 18:13:07 UTC.


© Publicnow 2021
All news about RAPID7, INC.
02:14pRAPID7  : Metasploit Wrap-Up
PU
03/30MDR VENDOR MUST-HAVES, PART 3 : Ingestion of Other Technology Investments
PU
03/29RAPID7  : SolarWinds Patches Four New Vulnerabilities in Their Orion Platform
PU
03/29MDR VENDOR MUST-HAVES, PART 2 : Ingestion of Network Device Data
PU
03/26RAPID7  : Metasploit Wrap-Up
PU
03/25ATTACK VS. DATA : What You Need to Know About Threat Hunting
PU
03/24RAPID7  : Named a Strong Performer in Managed Detection and Response Report
AQ
03/24Rapid7 Named a Strong Performer in Managed Detection and Response Report
GL
03/24RAPID7  : Recognized as a Strong Performer in the Inaugural Forrester Wave&trade..
PU
03/24DEFENDING AGAINST THE ZERO DAY : Analyzing Attacker Behavior Post-Exploitation o..
PU
More news
Financials (USD)
Sales 2021 494 M - -
Net income 2021 -95,5 M - -
Net Debt 2021 49,0 M - -
P/E ratio 2021 -48,3x
Yield 2021 -
Capitalization 4 075 M 4 075 M -
EV / Sales 2021 8,35x
EV / Sales 2022 7,00x
Nbr of Employees 1 847
Free-Float 94,8%
Chart RAPID7, INC.
Duration : Period :
Rapid7, Inc. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends RAPID7, INC.
Short TermMid-TermLong Term
TrendsNeutralNeutralBullish
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus BUY
Number of Analysts 14
Average target price 102,46 $
Last Close Price 77,35 $
Spread / Highest target 42,2%
Spread / Average Target 32,5%
Spread / Lowest Target 18,9%
EPS Revisions
Managers and Directors
NameTitle
Corey Eugene Thomas Chairman & Chief Executive Officer
Andrew Frank Burton President & Chief Operating Officer
Jeffrey Alan Kalowski Chief Financial Officer
Tas Giakouminakis Chief Technology Officer
J. Benjamin H. Nye Lead Independent Director
Sector and Competitors
1st jan.Capitalization (M$)
RAPID7, INC.-14.21%4 075
MICROSOFT CORPORATION8.96%1 827 856
SEA LIMITED18.79%121 046
ZOOM VIDEO COMMUNICATIONS, INC.-3.29%95 818
DASSAULT SYSTÈMES SE12.70%57 536
ATLASSIAN CORPORATION PLC-4.62%55 779
Categories
Free services
Mobile App
SOLUTIONS
About
Stock Market Quotes Interactive brokers The best of tweets Stock Market News Börse: Aktien, Kurse und Nachrichten
Copyright © 2021 Surperformance. All rights reserved. Stock quotes are provided by Factset, Morningstar and S&P Capital IQ