National Cyber Warfare Foundation (NCWF) Forums


Metasploit Weekly Wrap-Up 06 28 2024
0 user ratings		2024-06-28 20:37:36
milo
Red Team (CNA)
 - archive -- 

Unauthenticated Command Injection in Netis Router


This week's Metasploit release includes an exploit module for an unauthenticated command injection vulnerability in the Netis MW5360 router which is being tracked as CVE-2024-22729. The vulnerability stems from improper handling of the password parameter within the router's web interface which allows for command



Unauthenticated Command Injection in Netis Router


Metasploit Weekly Wrap-Up 06/28/2024

This week's Metasploit release includes an exploit module for an unauthenticated command injection vulnerability in the Netis MW5360 router which is being tracked as CVE-2024-22729. The vulnerability stems from improper handling of the password parameter within the router's web interface which allows for command injection. Fortunately for attackers, the router's login page authorization can be bypassed by simply deleting the authorization header, leading to the vulnerability. All router firmware versions up to V1.0.1.3442 are vulnerable.


New module content (2)


MS-NRPC Domain Users Enumeration


Author: Haidar Kabibo https://x.com/haider_kabibo

Type: Auxiliary

Pull request: #19205 contributed by sud0Ru

Path: scanner/dcerpc/nrpc_enumusers


Description: This adds a new module that can enumerate accounts on a target Active Directory Domain Controller without authenticating to it; instead the module does so by issuing a DCERPC request and analyzing the returned error status.


Netis router MW5360 unauthenticated RCE.


Authors: Adhikara13 and h00die-gr3y [email protected]

Type: Exploit

Pull request: #19188 contributed by h00die-gr3y

Path: linux/http/netis_unauth_rce_cve_2024_22729

AttackerKB reference: CVE-2024-22729


Description: This adds an exploit module that leverages CVE-2024-22729, a command injection vulnerability in Netis router MW5360 to achieve remote code execution as the user root. All router firmware versions up to V1.0.1.3442 are vulnerable.


Bugs fixed (3)



  • #19259 from dledda-r7 - This updates Metasploit to check for a new flag that is sent as part of the encryption key negotiation with Meterpreter which indicates if Meterpreter had to use a weak source of entropy to generate the key.

  • #19267 from zeroSteiner - Fixes a crash in the ldap_esc_vulnerable_cert_finder module when targeting an AD CS server that has a certificate template containing parenthesis.

  • #19283 from adeherdt-r7 - Fixes the auxiliary/scanner/redis/redis_login module to correctly track the registered service name as redis - previously it was blank.


Documentation


You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.


Get it


As always, you can update to the latest Metasploit Framework with msfupdate

and you can get more details on the changes since the last blog post from

GitHub:



If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.

To install fresh without using git, you can use the open-source-only Nightly Installers or the

commercial edition Metasploit Pro


Metasploit Weekly Wrap-Up 06/28/2024




Source: Rapid7
Source Link: https://blog.rapid7.com/2024/06/28/metasploit-weekly-wrap-up-06-28-2024/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Red Team (CNA)


Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.