National Cyber Warfare Foundation (NCWF) Forums


Metasploit Weekly Wrap-Up 05 23 2024
0 user ratings		2024-06-09 20:02:51
milo
Red Team (CNA)
 - archive -- 

Infiltrate the Broadcast!


A new module from Chocapikk allows the user to perform remote code execution on vulnerable versions of streaming platform AVideo (12.4 - 14.2). The multi/http/avideo_wwbnindex_unauth_rce module leverages CVE-2024-31819, a vulnerability to PHP Filter Chaining, to gain unauthenticated and unprivileged access,



Infiltrate the Broadcast!


Metasploit Weekly Wrap-Up 05/23/2024

A new module from Chocapikk allows the user to perform remote code execution on vulnerable versions of streaming platform AVideo (12.4 - 14.2). The multi/http/avideo_wwbnindex_unauth_rce module leverages CVE-2024-31819, a vulnerability to PHP Filter Chaining, to gain unauthenticated and unprivileged access, earning it an attacker value of High on AttackerKB.


New module content (8)


Chaos RAT XSS to RCE


Authors: chebuya and h00die

Type: Exploit

Pull request: #19104 contributed by h00die

Path: linux/http/chaos_rat_xss_to_rce

AttackerKB reference: CVE-2024-30850


Description: Adds an exploit for HAOS v5.0.8, which contains a remote command execution vulnerability which

can be triggered through one of three routes: credentials, JWT token from an agent, an agent executable can be provided, or the JWT token can be extracted.


AVideo WWBNIndex Plugin Unauthenticated RCE


Author: Valentin Lobstein

Type: Exploit

Pull request: #19071 contributed by Chocapikk

Path: multi/http/avideo_wwbnindex_unauth_rce

AttackerKB reference: CVE-2024-31819


Description: Adds a module for CVE-2024-31819 which exploits an LFI in AVideo which uses PHP Filter Chaining to turn the LFI into unauthenticated RCE.


NorthStar C2 XSS to Agent RCE


Authors: chebuya and h00die

Type: Exploit

Pull request: #19102 contributed by h00die

Path: windows/http/northstar_c2_xss_to_agent_rce

AttackerKB reference: CVE-2024-28741


Description: Adds an exploit for CVE-2024-28741 which exploits an XSS vulnerability in Northstar C2.


Adi IRC credential gatherer


Authors: Barwar Salim M, Daniel Hallsworth, Jacob Tierney, Kazuyoshi Maruta, and Z. Cliffe Schreuders

Type: Post

Pull request: #19169 contributed by The-Pink-Panther

Path: windows/gather/credentials/adi_irc


Description: This adds a gather module leveraging Packrat targeting Adi IRC client.


CarotDAV credential gatherer


Authors: Barwar Salim M, Daniel Hallsworth, Jacob Tierney, Kazuyoshi Maruta, and Z. Cliffe Schreuders

Type: Post

Pull request: #19173 contributed by The-Pink-Panther

Path: windows/gather/credentials/carotdav_ftp


Description: This adds a gather module leveraging Packrat targeting the CarotDAV FTP client.


Halloy IRC credential gatherer


Authors: Barwar Salim M, Daniel Hallsworth, Jacob Tierney, Kazuyoshi Maruta, and Z. Cliffe Schreuders

Type: Post

Pull request: #19165 contributed by The-Pink-Panther

Path: windows/gather/credentials/halloy_irc


Description: This adds a module leveraging Packrat to gather credentials against the Halloy IRC client.


Quassel IRC credential gatherer


Authors: Barwar Salim M, Daniel Hallsworth, Jacob Tierney, Kazuyoshi Maruta, and Z. Cliffe Schreuders

Type: Post

Pull request: #19166 contributed by The-Pink-Panther

Path: windows/gather/credentials/quassel_irc


Description: This adds a gather module leveraging Packrat targeting Quassel IRC client.


Sylpheed email credential gatherer


Authors: Barwar Salim M, Daniel Hallsworth, Jacob Tierney, Kazuyoshi Maruta, and Z. Cliffe Schreuders

Type: Post

Pull request: #19171 contributed by The-Pink-Panther

Path: windows/gather/credentials/sylpheed


Description: This adds a gather module leveraging Packrat targeting Sylpheed Email client.


Enhancements and features (1)



  • #19189 from adfoster-r7 - Updates Metasploit framework's default Ruby version to 3.1.5; newer Ruby versions are also supported.


Bugs fixed (4)



  • #19002 from adfoster-r7 - Fixed persistent jobs not working when rebooting MSF console.

  • #19170 from sjanusz-r7 - Fixes the smb_lookupsid module hanging with STATUS_PENDING when running against Samba targets.

  • #19186 from dwelch-r7 - Fixes a bug were the show advanced command could show normal options.

  • #19192 from adfoster-r7 - Fix crashing mipsel modules when running Ruby 3.3.0.


Documentation


You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.


Get it


As always, you can update to the latest Metasploit Framework with msfupdate

and you can get more details on the changes since the last blog post from

GitHub:



If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.

To install fresh without using git, you can use the open-source-only Nightly Installers or the

commercial edition Metasploit Pro



NEVER MISS AN EMERGING THREAT


Be the first to learn about the latest vulnerabilities and cybersecurity news.





Source: Rapid7
Source Link: https://blog.rapid7.com/2024/05/23/metasploit-weekly-wrap-up-05-23-2024/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Red Team (CNA)


Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.