Moar Power

OJ Reeves added two new PowerShell transport functions to Metasploit payloads and made modifications to the PowerShell transport binding functionality. The aptly-named Add-TcpTransport function adds an active TCP transport to the current session and the Add-WebTransport function adds an HTTP/S transport to the current session. These functions are fully documented, allowing the user to leverage the Get-Help cmdlet to display usage information. The functions are simply abstractions that work on the built-in Meterpreter transport binding functionality and allow for more PowerShell fun.

Unauthenticated Journey

The Quest KACE Systems Management module by bcoles exploits an unauthenticated command injection vulnerability (CVE-2018-11138) in Quest KACE Systems Management Appliance 8.0 (build 8.0.318) and possibly previous versions. The software includes a /common/download_agent_installer.php script that can be accessed by unauthenticated users to download the agent software. This script requires both an organization ID and agent version parameter, and due to improper input sanitization it allows arbitrary command execution on the host system injected via the organization ID parameter.

Google Summer of Code

Our Google Summer of Code students are fully immersed in each of their projects and the PRs are starting to roll in. If you are curious what they are working on take a quick look at the currently open GSoC PRs. Eliott Teissonniere, one of our students, continues to make Mettle extension enhancements by adding Linux support to the microphone extension. The enhancement allows users to capture audio from the microphone on a remote Linux host, streaming the audio back to Metasploit via a Meterpreter channel.

New Modules

Exploit modules (1 new)

Auxiliary and post modules (4 new)

Improvements

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

To install fresh, check out the open-source-only Nightly Installers, or the binary installers which also include the commercial editions. PLEASE NOTE that these installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the stable Metasploit 4 branch. If you'd like to try out the newer things going into Metasploit 5, that work is available in the master branch of the Metasploit Framework repo on GitHub.