Welcome to another installment of the week! This installment features a new ETERNALBLUE module in everyone's favorite reptile-brain language, Python! Sporting support for Windows 8 and 10, it has everything you need, including immutable strings and enforced whitespace.
In other Windows 10 news, chervalierly fixed an annoying bug in rex-powershell that prevented PsExec from working on later versions of Windows 10. Now, you can PsExec to your heart’s content. Go forth and shell!
And speaking of spaces, we also got our first contribution (of many) from the newest member of our Rapid7 team, space-r7! Space’s new module exploits a directory traversal vulnerability in httpdasm v0.92 to allow you to read files on the hosting server. Welcome to the team, Space!
You should check your DSL routers, as the hardware elves in our awesome community don’t take the summer off. It looks like some vendor-provided hardware (namely the D-Link DSL-2750B) is susceptible to a command injection vulnerability. Like a delicious steak, the exploit pairs well with our fantastic mipsbe mettle payload for a delicious experience and a strong finish.
Finally, if you are forever concerned that this incident will be reported, I have good news! bcoles added a slick new tool to enumerate the sudoers configuration file for a given session, so you know what commands are available to you before you run them! It serves as a great recon tool and a goldmine for possible privilege escalation attacks against Linux systems.
Exploit modules (3 new)
- D-Link DSL-2750B OS Command Injection by Marcin Bury and p
- phpMyAdmin Authenticated Remote Code Execution by Matteo Cantoni and Michal Čihař and Cure53, which exploits CVE-2016-5734
- MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption for Win8+ by Equation Group, Shadow Brokers, sleepya, and wvu
Auxiliary and post modules (2 new)
- Better, stronger, and especially faster: Several members of the community came together to fix up Rex-Text, our library for text handling, offering some pretty impressive performance improvements in regular expressions and other text-related tasks in framework.
- U [tab] Complete me: I know none of you are lazy, but if you were, green-m's improvements to our tab completion would make you super-happy. Now you don’t have to check the options, but only tab it out!
If you’re not a subscriber to our YouTube channel, you may have missed this week’s Framework sprint demo. Click play below for a look at what landed and what’s coming, including PsExec on SMBv2, EternalBlue enhancements, and some of the C obfuscation and randomization work in @_sinn3r’s ongoing AV evasion research. Subscribe here for the latest.
As always, you can update to the latest Metasploit Framework with
msfupdate and you can get more details on the changes since the last blog post from GitHub:
To install fresh, check out the open-source-only Nightly Installers, or the binary installers which also include the commercial editions. PLEASE NOTE that these installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the stable Metasploit 4 branch. If you'd like to try out the newer things going into Metasploit 5, that work is available in the master branch of the Metasploit Framework repo on GitHub.