It's been a hot minute since the last Metasploit Wrapup. So why not take in our snazzy new Rapid7 blog makeover and catch up on what's been goin' down!

You can't spell 'Struts' without 'trust'

Or perhaps you can! With the all the current news coverage around an Apache Struts vulnerability from earlier this year (thanks to its involvement in a consumer credit reporting agency data breach), there's a new Struts vuln getting attention. Due to how untrusted, user-provided data is handled during deserialization, it's possible to achieve remote code execution on vulnerable versions of Struts (which reportedly go back to 2008!). Struts devs were quick to release a patch to address the new vuln, while Metasploit dev @wvu was quick to create an exploit module for Framework. For additional details and musings, check out this blog post from R7's Tod Beardsley, Director of Research.

Better living through Meterpreter

There've been a number of substantial improvements to Meterpreter going on, some of which have been released since the last wrapup post.

Transport-agnostic encryption (wat?)

Colloquially referred to as CryptTLV (because, well, it encrypts the TLV message payloads between Framework and Meterpreter), this new mechanism has a couple of immediate benefits for MSF users:

  • Doesn't require OpenSSL (reducing Meterpreter payload size by roughly 80%!)
  • Operates at the packet payload level, allowing it work across various transports types (TCP, UDP, so on...)

There's some more work coming along in this vein. Stay tuned.

Playing a 'pivotal' role

It's what you do once you have your foothold on a multi-homed system connected to a private network: you pivot. Which leads to further discovery, moving around, and sometimes more pivoting. We've recently upgraded this key Meterpreter feature with the following:

  • Works over named pipes
  • More performant than the existing tunnelling mechanism (and latency doesn't compound as you make additional pivots!)
  • Traffic is encrypted with CryptTLV

Definitely worth taking for a spin, so let us know what you think!

And SO MANY NEW MODULES!

Seriously, there's a bunch of neat stuff that's been added. Check out the New Modules list below, where you'll find stuff to help you with all the following:

  • scanning
  • credential gathering
  • container detection
  • privilege escalation
  • remote code execution
  • denial of service
  • C2 server software exploitation
(Tod gets the credit on this)

New Modules

Exploit modules (9 new)

Auxiliary and post modules (6 new)

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

To install fresh, check out the open-source-only Nightly
Installers
, or the binary installers which also include
the commercial editions.