With Hacker Summer Camp 2017 wrapped up and folks now recovering from it, why not grab a drink and read up on what's new with Metasploit?

Where there's smoke...

At least a few versions of open source firewall IPFire contain a post-auth RCE vulnerability, and we (well, you!) now have a module to help exploit that. Due to how an incoming Snort Oinkcode is processed via HTTP POST request, the IPFire software leaves itself open for shoving a payload in as the Oinkcode and having it executed. Like throwing water on an IPFire...

Razer's edge

Synapse, a computer peripheral configuration application from popular peripheral device vendor Razer, contains an access control vulnerability in their rzpnk.sys driver. Exploiting this vuln allows privilege escalation, including reading and writing of other process' memory and remote code execution. And there's a new module for this. As of this writing, this vulnerability has not yet been patched (and considering Synapse will auto-install on peripheral connect—at least under Windows 10—there may be many susceptible targets out there!).

Scanner Lightly

And we've landed a few new aux modules for your scanning pleasure: RDP and NNTP. While RDP is likely familiar to many readers, NNTP (Network News Transfer Protocol) might be less so. But you never know what a target might be running...

Mo' Meterpreter

We've had some improvements to a couple of our Meterpreters to share.

Windows Meterpreter

  • screen capture of HiDPI screen is now supported (and captures the full screen)
  • new threads are now automatically setup to not throw a dialog box or crash notification on failure

macOS/OSX Meterpreter

  • native-code Meterpreter now available
  • microphone audio streaming is supported

Feed me, RSS!

Had a desire to follow what your sessions are up to via an RSS feed? If so, rejoice! There's now a new framework plugin for doing exactly that thanks to @mubix.

Rise of the robots.txt

In an effort to make framework's HttpServer a bit less leaky, @dbfarrow added the ability to serve up a canned 'plz no crawl/index my pagez' robot.txt response for clients who request it. And, for those clients who do request it and honor it, that canned response should be enough to shoo them off from accessing files HttpServer is hosting...

New Modules

Exploit modules (5 new)

Auxiliary and post modules (2 new)

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

To install fresh, check out the open-source-only Nightly Installers, or the binary installers which also include the commercial editions.