Check the computer, the mainframe computer
This week's update comes with our first ever exploit module for z/OS, the operating system used by mainframes, from our friend Bigendian Smalls who also built the payloads. The module in question is an example of authenticated code execution by design, which takes advantage of a design feature allowing users to submit jobs via uploading files to an FTP daemon.
So all we have to do is load it anywhere into the credit union mainframe, and it'll do the rest.
More movie hacking
Also this week, we have a module straight out of the movies. Long-time contributor nstarke brings us another fun RCE-by-design exploit, this time for a TP-Link surveillance camera. From a network perspective it's just another embedded Linux system, of course, but having root on one of these things means you can potentially steal surveillance video or even replace the feed with old benign images while you steal those diamonds from under the nose of that hapless security guard.
Our friendly neighborhood exploit dev, sinn3r, recently put together a really handy system for writing module documentation in markdown. I haven't mentioned it in a Wrapup yet because I'm working on a bigger announcement, but for now it will suffice to say that markdown docs are super fun and easy to write, and that figuring out how a module is supposed to work has never been easier. From
msfconsole, just type
info -d and you'll get the full knowledge base for the given module.
We've already added supporting documentation for several modules, including the new mainframe exploit module mentioned above. If you've ever wanted to contribute, but don't feel like you want to write code, this is a great place to get started.
Exploit modules (3 new)
- TP-Link SC2020n Authenticated Telnet Injection by Nicholas Starke
- FTP JCL Execution by Bigendian Smalls, S&Oxballs a.k.a. chiefascot, and mainframed a.k.a. soldier of fortran
- Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection by sinn3r, and bperry exploits CVE-2014-4977
Auxiliary and post modules (2 new)
- Search Engine Subdomains Collector by Nixawk
- Generate TCP/UDP Outbound Traffic On Multiple Ports by Stuart Morgan
As always, you can update to the latest Metasploit Framework with a simple
msfupdate and the full diff since the last blog post is available on GitHub: 4.11.26...4.12.2