Windows Meterpreter: Reloaded
If you've been around Metasploit for any length of time, you know that Meterpreter is the preferred and de facto standard for manipulating a target computer after exploit. While Meterpreter and Metasploit go hand-in-hand, we did manage to get some code seperation between the two by breaking Windows Meterpreter out to its own open source respository on GitHub.
As threatened in a previous blog post, we've got some fresh eyeballs looking at that codebase. One of the major hassles with maintaining and improving Meterpreter has been its finicky build requirements. Well, that's been pretty much totally solved; thanks to the valiant efforts by OJ Reeves, building Meterpreter from source locally is as simple as a) ensuring you have the documented build dependencies, then running 'make.' Yep, good old trusty 'make.' That's it!
Getting a sane and understandable build environment is but the first step for getting a stable, testable- and buildable-by-anyone Meterpreter out there, and has already resolved a bug or two that's been bothering us forever. For example, thanks to this refresh, OJ was able to spot and fix a problem with 64-bit pointer truncation that was wanging up process migration under certain circumstances.
So, if you're of the Windows C developer persuasion, and have a favorite bug in Meterpreter, please check out the new environment. I promise, you won't end up clawing your eyes out over build errors and warnings. If you do, please, a) get to a hospital, and then, b) file a bug. If you just care about having fresh binaries to use on your engagement, the shipping code has been compiled for you and is already hanging out in your Metasploit distribution of choice.
If you're running a packaged build, you won't notice anything about the recent refresh of a pile of Ruby gem dependencies; the installers and updaters all take care of these things for you. However, if you're running Metasploit straight from a git repo (either ours or some fork of Rapid7's), you'll want to run either 'bundle install' to get a quick refresh, or update with 'msfupdate' (which takes care of these things for you).
These gem updates are not particularly exciting, but I know that when people update and see the warning about missing Ruby gems, they occasionally freak out and think that everything's broken. Don't fret. All you need to do is get your gems refreshed and you'll be back in the exploitation business in just a minute.
We've got ten new modules this week -- seven exploits, three auxiliary modules. Of particular interest are the two new exploits targeting the Sophos Web Appliance. If you're relying on this gear to help protect your internal user base from evilness on the Web, you will definitely want to update to the latest patched version. It can be pretty career-limiting when when your enterprise gets owned via a vulnerability in security software.
- D-Link Devices UPnP SOAP Telnetd Command Execution by juan vazquez and Michael Messner exploits OSVDB-94924
- Sophos Web Protection Appliance sblistpack Arbitrary Command Execution by juan vazquez and Francisco Falcon exploits CVE-2013-4983
- Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation by juan vazquez and Francisco Falcon exploits CVE-2013-4984
- HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload by juan vazquez and rgod exploits ZDI-13-225
- HP ProCurve Manager SNAC UpdateDomainControllerServlet File Upload by juan vazquez and rgod exploits ZDI-13-226
- Agnitum Outpost Internet Security Local Privilege Escalation by juan vazquez and Ahmad Moghimi exploits OSVDB-96208
- IKE and AuthIP IPsec Keyring Modules Service (IKEEXT) Missing DLL by Ben Campbell
- Sophos Web Protection Appliance patience.cgi Directory Traversal by juan vazquez and Wolfgang Ettlingers exploits CVE-2013-2641
- HP ProCurve SNAC Domain Controller Credential Dumper by juan vazquez and rgod
- Host Information Enumeration via NTLM Authentication by Brandon Knight
If you're new to Metasploit, you can get started by downloading Metasploit for Linux or Windows. If you're already tracking the bleeding-edge of Metasploit development, then these modules are but an msfupdate command away. For readers who prefer the packaged updates for Metasploit Community and Metasploit Pro, you'll be able to install the new hotness today when you check for updates through the Software Updates menu under Administration.