It's Wednesday, and while many of you are enjoying the week off between Christmas and New Years, we've been cranking out another Metasploit Update.
Telnet Encrypt Option Scanner and Exploits
I won't rehash this subject too much since HD already covered these modules in depth here and here, but this update does include exploits for CVE-2011-4862, written by Jaime Penalba Estebanez, Brandon Perry, Dan Rosenberg, and HD Moore. These exploits are kind of a big deal; not only are traditional servers running telnet vulnerable, but there are about a zillion embedded and network devices that enable telnet servers and use BSD and Kerberos5 derived code. Thanks to the Metasploit scanner module, administrators and pentesters alike can quickly audit their environment for suspect telnet servers.
This week, Jonathan Cran cranked out a bunch of small fixes to the 'lab' plugin for compatibility and usability. If you haven't had a chance to experiment with the lab plugin, it's just a matter of `load lab` and `help` to get started from the Metasploit Framework console. Despite the unassuming name, this plugin is hugely useful for both professional and amateur Metasploit developers, since it allows for direct access to running Virtual Machines -- this can speed up exploit development time considerably, since you can RC-script most major management tasks on VMware and VirtualBox hosted targets after firing off in-progress exploits and fuzzers.
Getting Started with Easy Exploits
This update also sees the addition of an exploit for the OpenTFTP (CVE-2008-2161). We had this vulnerability up on the Contributing to Metasploit wiki page for a couple weeks, which is a list of relatively "easy" exploits that Metasploit newbies ought to take a crack at. Out of the blue, first-time contributor "steponequit" submitted a pull request with a fully functional exploit and a link to the vulnerable version of the software, which was thought to have been lost to the mists of time. Also, he gave us this excellent protip: If you're looking for old versions of opensource software, take a look at the archives on http://ftp.heanet.ie/mirrors/ -- it's a treasure trove of out-of-date software, all ready to be exploited for fun and practice.
Other New Modules
In addition to all of that, we have new modules for scanning and using default administrator credentials on OKI printers, exploits for Plone (CVE-2011-3587) and Splunk (CVE-2011-4642), and an exploit for the Oracle Job Scheduler as described in David Litchfield's Oracle Hacker's Handbook.
For those of you who rely on the msfupdate command to track Framework development, you already have these sitting in your local checkout. For readers who prefer the packaged updates for Metasploit Community and Metasploit Pro, you'll be able to install the new Framework hotness today when you check for updates through the Software Updates menu under Administration.
For more details on what's changed and what's current, please see Jonathan Cran's most excellent release notes.