National Cyber Warfare Foundation (NCWF)

Metasploit Weekly Wrap-Up 12 20 2024


0 user ratings
2024-12-20 19:25:08
milo
Red Team (CNA)

New module content (4)


GameOver(lay) Privilege Escalation and Container Escape


Authors: bwatters-r7, g1vi, gardnerapp, and h00die

Type: Exploit

Pull request: #19460 contributed by gardnerapp

Path: linux/local/gameoverlay_privesc

AttackerKB reference: CVE-2023-2640


Description: Adds a module for CVE-2023-2640 and CVE-2023-32629, a local privilege escalation in some Ubuntu kernel versions



New module content (4)


GameOver(lay) Privilege Escalation and Container Escape


Metasploit Weekly Wrap-Up 12/20/2024

Authors: bwatters-r7, g1vi, gardnerapp, and h00die

Type: Exploit

Pull request: #19460 contributed by gardnerapp

Path: linux/local/gameoverlay_privesc

AttackerKB reference: CVE-2023-2640


Description: Adds a module for CVE-2023-2640 and CVE-2023-32629, a local privilege escalation in some Ubuntu kernel versions that abuses overly trusting OverlayFS features.


Clinic's Patient Management System 1.0 - Unauthenticated RCE


Authors: Aaryan Golatkar and Oğulcan Hami Gül

Type: Exploit

Pull request: #19733 contributed by aaryan-11-x

Path: multi/http/clinic_pms_fileupload_rce

AttackerKB reference: CVE-2022-40471


Description: New exploit module for Clinic's Patient Management System 1.0 that targets CVE-2022-40471. The module exploits unrestricted file upload, which can be further used to get remote code execution (RCE) through a malicious PHP file.


WordPress WP Time Capsule Arbitrary File Upload to RCE


Authors: Rein Daelman and Valentin Lobstein

Type: Exploit

Pull request: #19713 contributed by Chocapikk

Path: multi/http/wp_time_capsule_file_upload_rce

AttackerKB reference: CVE-2024-8856


Description: This exploits a remote code execution (RCE) vulnerability (CVE-2024-8856) in the WordPress WP Time Capsule plugin (versions ≤ 1.22.21). This vulnerability allows unauthenticated attackers to upload and execute arbitrary files due to improper validation within the plugin.


WSO2 API Manager Documentation File Upload Remote Code Execution


Authors: Heyder Andrade <@HeyderAndrade>, Redway Security , and Siebene@ <@Siebene7>

Type: Exploit

Pull request: #19647 contributed by heyder

Path: multi/http/wso2_api_manager_file_upload_rce

AttackerKB reference: CVE-2023-2988


Description: Adds an exploit module for a vulnerability in the 'Add API Documentation' feature of WSO2 API Manager (CVE-2023-2988) that allows malicious users with specific permissions to upload arbitrary files to a user-controlled server location. This flaw allows for RCE on the target system.


Enhancements and features (4)



  • #19546 from adfoster-r7 - Improves the database module cache performance from ~3 minutes to ~1 minute by performing bulk inserts of module metadata instead of multiple smaller inserts for every module/reference/author/etc.

  • #19660 from zeroSteiner - Updates OptEnum to validate values without being case sensitive while preserving the case the author was expecting.

  • #19715 from oddlittlebird - Improves db/README.md documentation.

  • #19718 from sjanusz-r7 - Expose the currently authenticated rpc_token to RPC handlers.


Bugs fixed (4)



  • #19719 from bwatters-r7 - Fixed a syntax error in the code generated by fetch payloads when the FETCH_DELETE option was enabled.

  • #19721 from bwatters-r7 - This updates the way the module checks the Windows build version to determine if it's vulnerable to CVE-2020-0668.

  • #19726 from pczinser - The reverse HTTP and HTTPS Meterpreter x64 payloads now correctly set the User-Agent HTTP header when connecting back to Metasploit. Before this fix, the HttpUserAgent option was not used properly. You can now use this option to customize the User-Agent HTTP header when using these payloads.

  • #19739 from sjanusz-r7 - Fixes an issue with the post/multi/recon/local_exploit_suggester module which would crash if a TARGET value was set.


Documentation


You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.


Get it


As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:



If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro.




Source: Rapid7
Source Link: https://blog.rapid7.com/2024/12/20/metasploit-weekly-wrap-up-12-20-2024/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Red Team (CNA)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.