It’s a special day here in the U.S.. This morning, media folks were hovering over a specific rodent living in an eastern state to discover that we are in for six more weeks of winter, apparently. ¯\_(ツ)_/¯ Guess we’ll stay inside and work on Metasploit…

Or sleep in...

EternalSunshine of the Security Minded

If you’re still following along since the Shadow Broker’s leak last April, then we’ve got two new modules just for you. Courtesy of contributor zerosum0x0, both modules exploit MS17-010 vulnerabities via EternalRomance, EternalSynergy, and EternalChampion. You can use auxiliary/admin/smb/ms17_010_command.rb for command execution on a vulnerable Windows target, or if code execution is more your jam, check out exploits/windows/smb/ms17_010_psexec.rb. The exploit chain in both modules is considered more reliable than EternalBlue, requires the target have a named pipe and SMBv1 enabled, and it works against any version of Windows!

EternalBliss can be yours

Did the Oracle Foretell this RCE…?

From the keystrokes of kkirsche comes a new module targeting certain versions of Oracle WebLogic Server. The vulnerability lies within the WLS WSAT component, where one can get unauthenticated remote code execution via an XML deserialization. Just make sure you target a vulnerable version, of course...

Pictured: non-vulnerable Oracle

A Rising Tide Lifts All Privs

From the “I was only trying to help!” file comes a tale of two Linux utilities designed to provide developers with valuable info related to application crashes. Vulnerable versions of apport (Ubuntu) and ABRT (Fedora) each can be cajoled into running a specially crafted executable, leaving you with root privs. This new module from bcoles will even kick off a payload for you, too!

New Modules

Exploit modules (5 new)

Auxiliary and post modules (2 new)

Improvements

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

To install fresh, check out the open-source-only Nightly Installers,
or the binary installers which also include the commercial
editions. PLEASE NOTE that these installers, and Metasploit
Framework versions included in distros such as Kali, Parrot, etc.,
are based off the stable Metasploit 4 branch. If you'd like to try out
the newer things going into Metasploit 5, that work is
available in the master branch of the Metasploit Framework repo on GitHub.