National Cyber Warfare Foundation (NCWF)

Metasploit Weekly Wrap-Up 10 04 2024


0 user ratings
2024-10-06 23:24:54
milo
Red Team (CNA)

New module content (3)


cups-browsed Information Disclosure


Authors: bcoles and evilsocket

Type: Auxiliary

Pull request: #19510 contributed by bcoles

Path: scanner/misc/cups_browsed_info_disclosure


Description: Adds scanner module to retrieve CUPS version and kernel version information from cups-browsed services.


Acronis Cyber Infrastructure default password remote code execution


Authors:



New module content (3)


cups-browsed Information Disclosure


Metasploit Weekly Wrap-Up 10/04/2024

Authors: bcoles and evilsocket

Type: Auxiliary

Pull request: #19510 contributed by bcoles

Path: scanner/misc/cups_browsed_info_disclosure


Description: Adds scanner module to retrieve CUPS version and kernel version information from cups-browsed services.


Acronis Cyber Infrastructure default password remote code execution


Authors: Acronis International GmbH and h00die-gr3y

Type: Exploit

Pull request: #19463 contributed by h00die-gr3y

Path: linux/http/acronis_cyber_infra_cve_2023_45249

AttackerKB reference: CVE-2023-45249


Description: This module exploits a default password vulnerability in Acronis Cyber Infrastructure (ACI) which allows an attacker to access the ACI PostgreSQL database and gain administrative access to the ACI Web Portal. This allows for the attacker to upload ssh keys that enables root access to the appliance/server. This attack can be remotely executed over the WAN as long as the PostgreSQL and SSH services are exposed to the outside world.


VICIdial Authenticated Remote Code Execution


Authors: Jaggar Henry of KoreLogic, Inc. and Valentin Lobstein

Type: Exploit

Pull request: #19456 contributed by Chocapikk

Path: unix/webapp/vicidial_agent_authenticated_rce

AttackerKB reference: CVE-2024-8504


Description: This adds a module to exploit CVE-2024-8504 an authenticated RCE in VICIdial.


Enhancements and features (3)



  • #19466 from jvoisin

  • #19471 from zeroSteiner - This adds a plugin that offers the fzuse command to offer a different UI for the selection of modules. It requires fzf to be present.

  • #19480 from jvoisin - This updates exploits/linux/local/service_persistence.rb to work on systems that are running OpenRC. This module will create a service on the box, and mark it for auto-restart.


Bugs fixed (2)



  • #19523 from adfoster-r7

  • #19526 from sjanusz-r7 - Reverts the Readline to Reline library upgrade, to fix an issue where users could not input Chinese characters correctly.


Documentation


You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.


Get it


As always, you can update to the latest Metasploit Framework with msfupdate

and you can get more details on the changes since the last blog post from

GitHub:



If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.

To install fresh without using git, you can use the open-source-only Nightly Installers or the

commercial edition Metasploit Pro




Source: Rapid7
Source Link: https://blog.rapid7.com/2024/10/04/metasploit-weekly-wrap-up-10-04-2024/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Red Team (CNA)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.