PCAnywhere, Anywhere

The big news this week centered around Symantec's pcAnywhere. For starters, there's a new ZDI advisory for a buffer overflow in the username field. More notably, though, was the advice in a Symantec white paper which advises customers to "disable or remove Access Server and use remote sessions via secure VPN tunnels." So, while the Metasploit elves bang away at a proper buffer overflow module, HD Moore busted out a pair of pcAnywhere service scanner modules, pcanywhere_tcp and pcanywhere_udp, and the Nexpose team wrote up a how-to blog post on auditing your infrastructure for pcAnywhere services using Dynamic Asset Groups. It's important to keep in mind that PCAnywhere has a tendency to show up as rogue software (not installed or approved by IT), so it would behoove one to audit one's network regularly -- to get started, you can download Metasploit here.

New Payloads

This week we also have a smattering of new payloads. Payload updates tend to be less frequent than modules, but these guys are pretty much what proves that a vulnerability is, in fact, exploitable. For that reason, it's always notable when new techniques and platforms are added into the mix. Community contributor argp provides  osx/x64/exec, which allows for arbitrary command execution against Mac OSX 64-bit platforms. We also have three new payloads for PHP targets: php/bind_perl_ipv6 (by Samy and cazz), php/bind_php_ipv6 (by diaul and James "egyp7" Lee), and php/bind_tcp_ipv6 (also by egyp7).

New Modules

Of course, no update would be complete without the usual smattering of new modules:

  • vbseo_proc_deutf exploits BID-51647 against Crawlability's vbSEO plugin for vBulletin, submitted by EgiX
  • ektron_cms400net, an auxiliary module which tests default passwords against Ektron CMS400.NET services, submitted by Justin Cacak.
  • vmware_http_login, which targets VMWare Server, ESX, and ESXi for brute forcing, added by David "TheLightCosine" Maloney
  • ms12_004_midi targets the Window Media Player bug CVE-2012-0003 (aka, MS12-004), provided by Wei "sinn3r" Chen, and Juan Vazquez
  • hp_magentservice exploits CVE-2011-4789, a bug with HP Diagnostics Server's magnetservice.exe, submitted by hal
  • find_vmx and enum_vbox, two post modules which enumerate local VMWare and Virtual Box virtual machines, also by TheLightCosine.

As always, thanks to everyone out there in open source land for their efforts on these.

Availability

If you're new to Metasploit, you can get started by downloading Metasploit for Linux or Windows. If you're already tracking the bleeding-edge of Metasploit development, then these modules are but an msfupdate command away. For readers who prefer the packaged updates for Metasploit Community and Metasploit Pro, you'll be able to install the new hotness today when you check for updates through the Software Updates menu under Administration.

For additional details on what's changed and what's current, please see Jonathan Cran's most excellent release notes.