Just Let Me Grab My Popcorn First

This week, rmdavy contributed a pair of modules designed to fool Windows into authenticating to you so you can capture sweet, sweet NetNTLM hashes. BadODT targets LibreOffice/Apache OpenOffice by providing a link to an image on a network share, and the new Multi Dropper creates all sorts of files Windows itself loves to look in for SMB shares. Special thanks to asoto-r7 to getting these across the line and thinking up auxiliary/fileformat to hold them all.

More Impacket Functionality

PSEXEC is fun, but sometimes adding WMI can spice things up. Thanks to zeroSteiner, our third Impacket-based module has now landed, this time porting over the functionality of the popular wmiexec.py. "But isn't Impacket Python?" you may ask, and yes, it still is. zeroSteiner's work is made possible by the work we have done over the last year to enable modules to run in external processes, dubbed Project Coldstone. More improvements are being landed regularly in this area, and you can expect more news around this in the next couple weeks. Until then, you can catch up on PRs, read the intro post from HaXmas, or check out my demo of some of the stuff I am working on.

Jailbreaks All Around

The WebKit use-after-free CVE-2016-4657 has been the gift that kept giving us access to our devices over the last two years, first as part of the Trident jailbreak for iOS 9.3 and then for the Nintendo Switch last year. Now, with timwr's help, you can use Trident to put Meterpreter on 64-bit iOS devices <= 9.3.4. Many thanks to timwr for the months of poking at both the exploit and payload side to get this working!

New Modules

Exploit modules (2 new)

Auxiliary and post modules (4 new)

Improvements

Get It

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

To install fresh, check out the open-source-only Nightly Installers, or the binary installers which also include the commercial editions. PLEASE NOTE that these installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the stable Metasploit 4 branch. If you'd like to try out the newer things going into Metasploit 5, that work is available in the master branch of the Metasploit Framework repo on GitHub.