Wow, I don't know about you, kind reader, but I'm just about blogged out after that 12 Days of HaXmas sprint. I'll try to keep this update short and sweet.
Arbitrary Driver Loading
This week's update include a delightful new post module for managing a compromised target, the Windows Manage Driver Loader by longtime Metasploit community contributor, Borja Merino. If you, as a penetration tester, pops a box get gains administrator rights (or elevate yourself there using any of the several strategies availalbe), this module makes it both easy and fun to load whatever Kernel Mode Driver (KMD) you like.
The possibilities with this, of course, are only limited by your imagination and arsenal of dirty tricks. Want to install a keystroke logger? Maybe a shim to the network stack to quietly reflect traffic to you? Go for it. Maybe you feel like your target could really use a better anti-virus solution -- by better, meaning, one you've already analyzed and compromised.
With modules like these, the name of the game is persistence. While scoring shells is any pen-tester's great success, maintaining access through reboots, network relocations, and patching can be a little tricky. Thanks to Borja's work, the business of installing drivers and services on the fly gets a whole lot simpler. Thanks!
Win a WiFi Pineapple
I know Christian mentioned it in the last blog post, but it bears repeating: We really and truly want to hear from you, Framework, Community, and Pro users, about where you'd like to see Metasploit go in 2014. To that end, please take a couple minutes to provide some thoughtful answers to our Make Metasploit More Awesome Survey. In return, you'll get a chance win a WiFi Pineapple. They're super fun devices, great for parties as well as on the job, and yes, you really need one.
Alas, only four new modules this week, including the aforementioned driver_loader post module. Clearly, Juan didn't take that whole holiday thing nearly as seriously as the rest of us.
- vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload by juan vazquez and Egidio Romano exploits CVE-2013-3215
- IBM Forms Viewer Unicode Buffer Overflow by juan vazquez and rgod exploits ZDI-13-274
- IcoFX Stack Buffer Overflow by juan vazquez and Marcos Accossatto exploits CVE-2013-4988
Auxiliary and post modules
- Windows Manage Driver Loader by Borja Merino
If you're new to Metasploit, you can get started by downloading Metasploit for Linux or Windows. If you're already tracking the bleeding-edge of Metasploit development, then these modules are but an msfupdate command away. For readers who prefer the packaged updates for Metasploit Community and Metasploit Pro, you'll be able to install the new hotness today when you check for updates through the Software Updates menu under Administration.