Metasploit Wrap-Up 12/05/2025

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL: https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-12-05-2025
• Blog Title: Metasploit Wrap-Up 12/05/2025
• Suggested Section: Pentesting Web -> File Upload / Arbitrary File Write & Auth Bypass patterns (for Monsta FTP and WP AI Engine) and Pentesting Web -> Login Bypass / Account Takeover (for Twonky and WP AI Engine); plus Binary Exploitation -> Reverse Shells (Linux) or Reverse Shells (Linux, Windows, MSFVenom) for the RISC-V reverse TCP shell patterns.

🎯 Content Summary

This Metasploit wrap-up describes newly added exploit/auxiliary modules and payloads in Metasploit 6.4.101, plus framework enhancements that directly support exploitation workflows and protocol coverage.

Twonky Server Log Leak Authentication Bypass (CVE-2025-13315, CVE-2025-13316)

Module: gather/twonky_authbypass_logleak
Type: Auxiliary
PR:

[carlospolop]

🔗 Additional Context

Original Blog Post: https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-12-05-2025

Content Categories: Based on the analysis, this content was categorized under "Pentesting Web -> File Upload / Arbitrary File Write & Auth Bypass patterns (for Monsta FTP and WP AI Engine) and Pentesting Web -> Login Bypass / Account Takeover (for Twonky and WP AI Engine); plus Binary Exploitation -> Reverse Shells (Linux) or Reverse Shells (Linux, Windows, MSFVenom) for the RISC-V reverse TCP shell patterns.".

Repository Maintenance:

• MD Files Formatting: 914 files processed

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0