Have you witnessed the power of the fully revamped and operational Metasploit.com?
As Brent mentioned in last week’s wrap-up, metasploit.com has a whole new look and a lot of new content on Metasploit Framework. Take a look around, relax in the soothing dark greys and blues, learn how you can help, and find a module or pull request that strikes your fancy! Gather 'round the contributor family, with a pocket full of shells.
Exploit modules (7 new)
A bevy of new remote code execution modules this round:
- Tomcat JSP Upload by peewpw; module doc
- Trend Micro OfficeScan (XG and 11) by mr_me and Mehmet Ince; module doc
- OrientDB 2.2.x by Ricardo Jorge Borges de Almeida; module doc
- Rancher Server (Docker) by Martin Pizala; module doc
- Sync Breeze Enterprise by Daniel Teixeira, Andrew Smith, and Owais Mehtab; module doc
- Mix some auth bypass into your RCE against Trend Micro InterScan Messaging Security appliances by mr_me and Mehmet Ince; module doc
- Windows UAC bypass via DLL hijacking by Ernesto Fernandez; module doc
Auxiliary and post modules (2 new)
- Apache OptionsBleed scanner by h00die and Hanno Boeck; module doc
- IBM Notes Client DoS by Dhiraj Mishra; module doc
Mettle's new extension loader
The new extension loader underway for mettle supports two extension formats:
- ELF executables: these are uploaded to the target from MSF and stored on disk, then run as a separate process. Being resident on the hard drive, this is not so stealthy, or as handy when A/V is around, but it's a great option for simpler devices, or those with sufficient storage available and limited RAM.
- Binary images: these are uploaded to the target from MSF, but not written to disk. When run, they are forked from mettle via process hollowing, and only run in RAM.
There are other benefits to the new extension loader as well:
- You can use libraries with different license schemes as compared to mettle. Need to use a handy library with a GPL license inside BSD-flavored mettle? Cool and copacetic: all comms are over STDIN/STDOUT, and this simplicity gives you more flexibility for dependencies.
- Use it for migration to solve the problem of plugins that run at different permission levels, e.g. in local Linux exploits: elevate privileges while not killing the original process.
- Loaded extensions can tunnel through each other, a la named_pipes on Windows.
Keep an eye out for a video coming soon on using mettle and more on how it works.
But they're good stats, Brent.
Some reports indicate that Brent may have fallen from 1st place in the commit count! Conveniently, October 20 is World Statistics Day, so we can take a closer look at the situation:
Verily, more data confirms the reports. Might morosity be to blame?!? If you watched the latest sprint demo (you are subscribed to the Metasploit YouTube channel... right?), you may have heard that Brent was very disappointed that he let the last wrapup pass with no mention of it being Friday the 13th.
Fight the sadness! Next year, Brent, remember to ask yourself this question.
As always, you can update to the latest Metasploit Framework by simply updating to the latest version provided by BlackArch Linux, Kali Linux, Metasploit Pro, or by using the handy
msfupdate command available in the Nightly Installers.
To install fresh, you can use the: