Metasploit Wrap-Up 11/14/2025

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL: https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-11-14-2025
• Blog Title: Metasploit Wrap-Up 11/14/2025
• Suggested Section: Windows Hardening -> Active Directory Methodology -> AD Certificates (AD CS) for the SMB cert pipe recon trick, and Pentesting Web -> Deserialization (or Pentesting Web -> 80,443 - Pentesting Web Methodology -> IIS/Microsoft SharePoint/Other MS Web Services) for the WSUS deserialization RCE pattern.

🎯 Content Summary

This Metasploit weekly wrap-up post announces new exploitation content and supporting features, centered around a critical unauthenticated remote code execution vulnerability in Windows Server Update Services (WSUS), plus several quality-of-life improvements to existing Metasploit modules.

CVE-2025-59287 – WSUS Deserialization RCE Metasploit module

The core technical addition is an exploit module for CVE-2025-59287, a Critical-severity deserialization vulnerability affect...

🔧 Technical Details

Unauthenticated WSUS deserialization RCE (CVE-2025-59287)
This technique abuses an unauthenticated deserialization endpoint exposed by Windows Server Update Services (WSUS) over HTTP(S). WSUS accepts serialized objects from clients and deserializes them without sufficient validation. An attacker who can reach the WSUS HTTP(S) interface can send a crafted serialized payload that triggers arbitrary code execution during deserialization. Because the WSUS service runs as SYSTEM, this yields remote code execution with SYSTEM privileges. Metasploit’s windows/http/wsus_deserialization_rce module automates discovery and exploitation, sending the malicious serialized object and establishing a high-privileged session if the server is vulnerable.

Standardized persistence implementation via Metasploit mixin
The LINQPad persistence module is updated to use Metasploit’s persistence mixin, demonstrating a reusable pattern for persistence modules. T...

🤖 Agent Actions

Summary:

• Added a new “Service Recon & Remote Exploits” section to the Active Directory Methodology page covering two recent techniques: SMB \PIPE\cert enumeration for rapid AD CS discovery and the unauthenticated WSUS deserialization RCE (CVE-2025-59287).
• Documented practical operator workflows, including updated Metasploit module usage, manual verification commands, and follow-on actions for both techniques.
• Updated the references to include Rapid7’s Metasploit 11/14/2025 wrap-up, the source for these new reconnaissance and exploitation insights.

Tests: Not run (not applicable).

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

[carlospolop]

🔗 Additional Context

Original Blog Post: https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-11-14-2025

Content Categories: Based on the analysis, this content was categorized under "Windows Hardening -> Active Directory Methodology -> AD Certificates (AD CS) for the SMB cert pipe recon trick, and Pentesting Web -> Deserialization (or Pentesting Web -> 80,443 - Pentesting Web Methodology -> IIS/Microsoft SharePoint/Other MS Web Services) for the WSUS deserialization RCE pattern.".

Repository Maintenance:

• MD Files Formatting: 913 files processed

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0