Have you ever been on a conference call where you really wished you could take command of the situation? With Metasploit Framework and the new Polycom HDX exploit, you can (if given permission by the owner of the device, that is)! If teleconferencing isn't your target's style, you can also pwn correspondence the old-fashioned way: through a Microsoft Office exploit. Be it written or video, we here at Rapid7 know you value other people's communication!
After another Python module and the Mac root vulnerability last week, this week was a blissfully slow week where all we did was fight with Unicode, improve our docker support, troubleshoot 2016 domain controller hash dumping, and (to top it off) put on a remote CTF before adding two new exploits.
Last week, we announced Rapid7 was hosting a community CTF to give early access to the Linux version of Metasploitable3. We opened up 500 slots for participants, and we were excited and honored when those spots filled up faster than we ever imagined. Getting it set up and running was a lot of work, but hopefully it has been as much fun for the participants as it has been for those of us who got to run it. Play is still ongoing, but several teams have already completed all the challenges (!). We eagerly await the final standings. Once the CTF concludes, we will release a blog post about it, so keep an eye open!
Exploit modules (2 new)
- Polycom Shell HDX Series Traceroute Command Execution by Mumbai, Paul Haas, h00die, and staaldraad
- Microsoft Office CVE-2017-11882 by embedi and mumbai
I � Unicode
We did see several fixes and improvements recently. Fixes to our payloads allowed them to pull Unicode usernames properly and recursively delete directories, even if they are not empty. Additionally, there were fixes for new error conditions on Windows server 2016, docker improvements, and data display.
As always, you can update to the latest Metasploit Framework with
and you can get more details on the changes since the last blog post from
Want moar Metasploit? Follow all things 'sploity here.