Teenage ROBOT Returns
Imagine the joy robot parents must feel when their infant leaves home and returns as a teenager. ROBOT (Return of Bleichenbacher Oracle Threat) is a 19-year-old vulnerability that allows RSA decryption and signing with the private key of a TLS server. It allows for an adaptive-chosen ciphertext attack. It is still very much relevant today as some modern HTTPS hosts are vulnerable to ROBOT. Metasploit now includes auxiliary/scanner/ssl/bleichenbacher_oracle, which checks if a host is susceptible to ciphertext attacks.
In last week's Metasploit Wrapup, we featured MS17-010: EternalRomance, EternalSynergy, and EternalChampion contributed by zerosum0x0. Check out this demo in which our very own Matthew exploits a Windows Server 2012 R2 Standard. EternalBlue is a gift that keeps on giving.
ICYMI, Rapid7 launched an open beta this week for a new phishing simulation and training tool called InsightPhish. A bunch of the offensive security folks here in Austin have been working on this nifty new offering. If you’re a fan of the social engineering capabilities in Metasploit Pro, feel free to mosey on over to the beta to take a look at what the team is developing for the security awareness training use case (no exploits here!). If you’re so inclined, you can sign up to test out some pre-built simulations on domains you own.
Auxiliary and post modules (1 new)
- Bleichenbacker Oracle Scanner (AKA: ROBOT) by Adam Cammack, Hanno Böck, Juraj Somorovsky, Craig Young, and Daniel Bleichenbacher
- Linux Meterpreter fix to flush the buffer when cmd_exec provides empty output.
- pivot handler fix to not consume all packets
- HTML escaping fix for UTF-8 module metadata
- Dup Scout Enterprise v10.4.16 update to buffer overflow exploit module.
As always, you can update to the latest Metasploit Framework with
and you can get more details on the changes since the last blog post from
PLEASE NOTE that these installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the stable Metasploit 4 branch. If you'd like to try out the newer things going into Metasploit 5, that work is available in the master branch of the Metasploit Framework repo on GitHub.