National Cyber Warfare Foundation (NCWF) Forums


Metasploit Weekly Wrap-Up 01 12 24


0 user ratings
2024-01-12 21:32:33
milo
Red Team (CNA)

 - archive -- 

New module content (1)


Windows Gather Mikrotik Winbox "Keep Password" Credentials Extractor


Author: Pasquale 'sid' Fiorillo

Type: Post

Pull request: #18604 contributed by siddolo

Path: windows/gather/credentials/winbox_settings


Description: This pull request introduces a new post module to extract the Mikrotik Winbox credentials, which are saved



New module content (1)


Windows Gather Mikrotik Winbox "Keep Password" Credentials Extractor


Metasploit Weekly Wrap-Up 01/12/24

Author: Pasquale 'sid' Fiorillo

Type: Post

Pull request: #18604 contributed by siddolo

Path: windows/gather/credentials/winbox_settings


Description: This pull request introduces a new post module to extract the Mikrotik Winbox credentials, which are saved in the settings.cfg.viw file when the "Keep Password" option is selected in Winbox.


Enhancements and features (7)



  • #18515 from errorxyz - This PR adds a Java target for the ManageEngine ServiceDesk Plus exploit CVE-2022-47966 using the payload mentioned in this blogpost and deletes the log file that records the error due to the exploit to make it more stealthy.

  • #18672 from h00die - Fix spelling mistakes in Metasploit's library folder.

  • #18673 from h00die - Fix spelling mistakes in Metasploit's scripts folder.

  • #18674 from h00die - Fix spelling mistakes in Metasploit's plugins folder.

  • #18675 from h00die - Fix spelling mistakes in Metasploit's tools folder.

  • #18679 from h00die - Fix spelling mistakes in Metasploit's auxiliary modules.

  • #18691 from zeroSteiner - Metasploit console now requires an installed version of apktool greater than or equal to v2.9.2.


Bugs fixed (5)



  • #18656 from dwelch-r7 - Enforces all modules to be loaded as part of reload_all when the defer_module_loads feature is enabled.

  • #18666 from zeroSteiner - Fixes a crash when running the save command to save Metasploit's configuration.

  • #18667 from zeroSteiner - Re-adds the #sysinfo instance method for sessions.

  • #18669 from sjanusz-r7 - Updates the favorites command to no longer output an empty message when a chosen module does not have custom datastore values available.

  • #18690 from sjanusz-r7 - Ensures that a target's default payload is correctly chosen when selecting a module from the search command.


Documentation


You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.


Get it


As always, you can update to the latest Metasploit Framework with msfupdate

and you can get more details on the changes since the last blog post from

GitHub:



If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.

To install fresh without using git, you can use the open-source-only Nightly Installers or the

commercial edition Metasploit Pro




Source: Rapid7
Source Link: https://blog.rapid7.com/2024/01/12/metasploit-weekly-wrap-up-01-12-24/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Red Team (CNA)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.