Even with the year winding down to a close, activity around Metasploit has been decidedly “hustle and bustle”. Some cool new things to talk about this week, so sit back and dig in!

For Your iOS Only

If you’ve been wanting to run Meterpreter under iOS, then this bit is for you! While Mettle has technically worked on iOS since February, @timwr has added official Metasploit Framework support for stageless payloads targeting 32-bit and 64-bit ARM-based iOS devices. While the out-of-box configuration currently only works with jailbroken devices as a stageless payload, with a little effort, you can also link the library portion of Mettle into a new iOS app, allowing it to run on a non-jailbroken device as well. Look for more interesting delivery mechanisms for this payload in the future.

And speaking of Mettle...

Extensions: Not Just For Hair and Deadlines

Now that the associated PRs have landed, we’re excited for folks to try out the new Mettle extension loader functionality! Certainly there are some similarities to how extensions in the C Meterpreter operate, such as being built separate of the Meterpreter, itself, and using the Meterpreter load command to download and execute an extension. That said, there are a few notable differences with Mettle extensions:

  • They can exist as a binary image which is deployed inside of a hollowed process
  • They can be written in any language that is supported by the target

If you’d like more details (and see an example using our new sniffer extension, as well as how to create a simple “hello, world” extension), check out our recent video!

Now Available: Airbag Authentication

For the past few months, Craig Smith, Rapid7’s director of transportation security research, has been working with researchers Jürgen Dürrwang and Johannes Braun from the Karlsruhe University of Applied Sciences on a methodology for performing testing in automotive networks for security-relevant attack vectors. That’s a lot of words, but the TL;DR is this: Dürrwang and Braun found that a security component on the airbag deployment system from several auto vendors wasn’t implemented securely, and they disclosed this to the affected vendors. Craig wrote a testing module that leverages this research and Metasploit’s hardware bridge to authenticate airbags for deployment during a standard salvage routine. Local access to a CAN bus is required, but if transport security testing strikes your fancy and you don’t know where to start, Craig and Andrew Bindner have a cool series of write-ups here on building your own car hacking workbench.

But Wait, There’s More!

So much more. We’ve picked up two new exploit modules—modules that can score you remote code execution via vulnerable versions of Jenkins and Tuleap. And we have a smattering of new auxiliary modules rounding things out, including a DoS module, a login scanner module, and a Same-Origin Policy (SOP) bypass cred gathering module. Details on all those are below, and as always a BIG THANKS to our contributors!

New Modules

Exploit modules (2 new)

Auxiliary and post modules (4 new)

Get It

As always, you can update to the latest Metasploit Framework by simply updating to the latest version provided by BlackArch Linux, Kali Linux, Metasploit Pro, or by using the handy msfupdate command available in the Nightly Installers.

You can get more details on the changes since the last wrapup here at:

Pull Requests 4.16.23...4.16.26
Full diff (4.16.23...4.16.26)

To install fresh, you can use the:

Nightly Installer (open source/MSF only)
Binary installer (includes the commercial editions)

Want a fresh wrapup in your RSS feed every week? You're in luck.