National Cyber Warfare Foundation (NCWF) Forums


Metasploit Weekly Wrap-Up 02 02 2024
0 user ratings		2024-02-02 20:19:30
milo
Red Team (CNA)
 - archive -- 

Shared RubySMB Service Improvements


This week’s updates include improvements to Metasploit Framework’s SMB server implementation: the SMB server can now be reused across various SMB modules, which are now able to register their own unique shares and files. SMB modules can also now be executed concurrently. Currently, there



Shared RubySMB Service Improvements


Metasploit Weekly Wrap-Up 02/02/2024

This week’s updates include improvements to Metasploit Framework’s SMB server implementation: the SMB server can now be reused across various SMB modules, which are now able to register their own unique shares and files. SMB modules can also now be executed concurrently. Currently, there are 15 SMB modules in Metasploit Framework that utilize this feature.


New module content (2)


Mirth Connect Deserialization RCE


Authors: Naveen Sunkavally, Spencer McIntyre, and r00t

Type: Exploit

Pull request: #18755 contributed by zeroSteiner

Path: multi/http/mirth_connect_cve_2023_43208


Description: This PR adds an exploit module for Mirth Connect. Versions < 4.4.1 are vulnerable to CVE-2023-43208 and CVE-2023-37679, where the former is a patch bypass for the latter. In both cases, an attacker can execute an OS command in the context of the target service using a specially crafted HTTP request and Java deserialization gadget. A technical analysis of CVE-2023-37679 is available in AttackerKB.


Puppet Config Gather


Author: h00die

Type: Post

Pull request: #18628 contributed by h00die

Path: linux/gather/puppet


Description: This PR adds a post gather module to get Puppet configs and other sensitive files.


Enhancements and features (2)



  • #18680 from zeroSteiner - This adds a service compatible with Rex::ServiceManager for SMB that can be shared among modules.

  • #18742 from sjanusz-r7 - Enhances the post/multi/gather/memory_search with additional UX improvements such as outputting a list of matched processes that are being targeted, as well as improved error handling if the process architecture is not correct.


Bugs fixed (2)



  • #18750 from adfoster-r7 - Updates the to_handler command for payload modules to support option overrides. The to_handler command is a convenient way of using multi/handler, setting the payload, and setting datastore options.

  • #18760 from adfoster-r7 - Fixes an issue where Metasploit fails to start when resolv.conf cannot be found.


Documentation


You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.


Get it


As always, you can update to the latest Metasploit Framework with msfupdate

and you can get more details on the changes since the last blog post from

GitHub:



If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.

To install fresh without using git, you can use the open-source-only Nightly Installers or the

commercial edition Metasploit Pro




Source: Rapid7
Source Link: https://blog.rapid7.com/2024/02/02/metasploit-weekly-wrap-up-02-02-2024/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Red Team (CNA)


Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.