This update has something for everyone -- new exploits, new auxiliary modules, new post modules, and even new payloads. If quadfecta is a word, we totally hit it this week!

More Mac OSX 64-Bit Payloads

The parade of OSX 64-bit payloads continues, with five new 64-bit payloads added this week:

  • modules/payloads/singles/osx/x64/say.rb
  • modules/payloads/singles/osx/x64/shell_find_tag.rb
  • modules/payloads/stagers/osx/x64/bind_tcp.rb
  • modules/payloads/stagers/osx/x64/reverse_tcp.rb
  • modules/payloads/stages/osx/x64/dupandexecve.rb

Nemo was responsible for last week's new 64-bit payloads, so huge thanks again to him for continuing to fill out Metasploit's payload offerings for Apple platforms. I'm looking forward to seeing how this whole OSX-as-a-target theme unfolds.

Exploit for Samba ZDI vulnerability

It's always handy to have fresh Samba exploits -- in local area networks, Samba is often found as a core intranet service so people in different organizations can easily share files across platforms. So, targets running Samba tend to be pretty high-value for pen-testers. Thanks especially to blasty, from whom Metasploit was able to port the exploit. If this attribution isn't correct, then I'm sure someone will let us know. (:

This particular vulnerability was apparently reported is was reported initially via TippingPoint's ZDI program back in March and fixed in April. So, while this isn't an 0-day in any meaningful sense, it's still technically difficult to pull off reliable Samba.

Local enumeration modules

This update features a couple local enumeration post modules by community contributor Barry Shteiman. The first, enum_db, goes through the Windows registry to pick up all kinds of information about all kinds of databases -- specifically, Oracle, Microsoft SQL, MySQL, and Sybase. The second paws through local installations of Apache Tomcat, and can turn up usernames, passwords, and roles, since they're stored in the clear in a known location. These are a very typical post-exploit chores, so automating this kind of thing as a post module is hugely useful. Thanks Sectorix!

Print Job Hijinks

Finally, we have a new auxiliary module, printjob_capture, from long time Metasploit contributor Chris John Riley. I kind of fell in love with this module module when it popped up in our pull queue, and immediately set about stealing print jobs here in the Metasploit office (with permission, of course). It's great fun and totally spooky -- you end up saving off a copy of the print job in an easy-to-read PS format, then handing off the print job to the real printer. The victim, of course, is none the wiser. I'm working up a screencast of this module in action, since producing a printjob as it comes off the tray of a real printer has some pretty excellent theatrical value.

New Modules

All in all, not a bad haul -- here's the breakdown with the links to Metasploit's Exploit Database.

Exploit modules

Auxiliary modules

Post modules

It's not all gem updates, of course. We have a smattering of new modules for you, too. For details and usage on these, just follow the links to our Exploit Database.

Availability

If you're new to Metasploit, you can get started by downloading Metasploit for Linux or Windows. If you're already tracking the bleeding-edge of Metasploit development, then these modules are but an msfupdate command away. For readers who prefer the packaged updates for Metasploit Community and Metasploit Pro, you'll be able to install the new hotness today when you check for updates through the Software Updates menu under Administration.

For additional details on what's changed and what's current, please see the most excellent release notes.