National Cyber Warfare Foundation (NCWF) Forums


Metasploit Weekly Wrap-Up 05 03 24


0 user ratings
2024-05-03 18:34:25
milo
Red Team (CNA)

 - archive -- 
This week Metasploit adds an improvement to the windows_secrets_dump module along with a new RCE module targeting CVE-2024-1212 in LoadMaster.

Dump secrets inline


Metasploit Weekly Wrap-Up 05/03/24

This week, our very own cdelafuente-r7 added a significant improvement to the well-known Windows Secrets Dump module to reduce the footprint when dumping SAM hashes, LSA secrets and cached credentials. The module is now directly reading the Windows Registry remotely without having to dump the full registry keys to disk and parse them, like it was originally. This idea comes from this PR proposed by antuache. The technique takes advantage of the WriteDACL privileges held by local administrators to set temporary read permissions on the SAM and SECURITY registry hives. The module also takes care of restoring the original Security Descriptors after each read. Note that it is still possible to use the original technique by setting the INLINE option to false. Happy dumping!


New module content (1)


Kemp LoadMaster Unauthenticated Command Injection


Author: Dave Yesland with Rhino Security Labs

Type: Exploit

Pull request: #18972 contributed by DaveYesland

Path: linux/http/progress_kemp_loadmaster_unauth_cmd_injection

AttackerKB reference: CVE-2024-1212


Description: This adds a module targeting CVE-2024-1212, an unauthenticated command injection vulnerability in Kemp Progress Loadmaster versions after 7.2.48.1, but patched in 7.2.59.2 (GA), 7.2.54.8 (LTSF) and 7.2.48.10 (LTS).


Enhancements and features (3)



  • #19048 from cdelafuente-r7 - This updates the windows_secrets_dump module to enable accessing the necessary registry data without writing it to disk first.

  • #19075 from ide0x90 - :

    Updates the Softing Secure Integration Server login library to allow the code to be better reused by other modules.

  • #19148 from adfoster-r7 - Updates Metasploit-framework to compile on x64-mingw-ucrt platforms.


Bugs fixed (5)



  • #19095 from zeroSteiner - Updates the smb_enumusers module to use an updated SMB implementation from RubySMB which fixes an issue where the module could sometimes time out or return an unexpected error when targeting Samba.

  • #19137 from zeroSteiner - Fixes an infinite recursion error where Metasploit would attempt to resolve a nameserver specified as a hostname in /etc/resolv.conf while initializing.

  • #19138 from dwelch-r7 - Fixes a crash in the cve_2022_26923_certifried module.

  • #19141 from jheysel-r7 - This fixes timeout issues encountered by rocketmq and activemq modules that would occur when the target is not running the expected service.

  • #19152 from adfoster-r7 - This fixes an issue in the exploit/multi/http/apache_normalize_path_rce exploit module that affected Metasploit Pro due to how the module was handling datastore options.


Documentation


You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.


Get it


As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from

GitHub:



If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro.




Source: Rapid7
Source Link: https://blog.rapid7.com/2024/05/03/metasploit-weekly-wrap-up-05-03-24/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Red Team (CNA)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.