Committing to some shells in GitList

Shelby has been killing it with new exploit and aux modules by the day. In this iteration, she's produced an exploit for GitList 0.6.0 and likely older versions. The software is built on PHP and allows users to view a Git repo on the web. Through an argument injection, a fake pager can be executed... that is really our shell. There's no reverting this one!

phpMyAdmin today, phpMyAdmin tomorrow

Our pentester-turned-dev and general bad*ss Jacob comes at us this week with a well-researched and implemented exploit module for phpMyAdmin 4.8.0 and 4.8.1. This vuln turns LFI (local file inclusion) into RCE (remote code execution, of course!). Jacob's exploit works on both Windows and Linux, including a MySQL table file on Windows and the PHP sessions file on Linux. Great job!

C randomization for your evasion totally legit needs

Longtime dev and researcher sinn3r aka "Wei Chen" took it upon himself to add C code randomization capabilities to Metasploit::Framework::Compiler. Now you can take raw C code, mutate it, and compile it on the fly with Metasploit. You can use the new feature independently or within a module. The possibilities are endless!

New Modules

Exploit modules (9 new)

Auxiliary and post modules (4 new)

Improvements

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

To install fresh, check out the open-source-only Nightly Installers, or the binary installers which also include the commercial editions. PLEASE NOTE that these installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the stable Metasploit 4 branch. If you'd like to try out the newer things going into Metasploit 5, that work is available in the master branch of the Metasploit Framework repo on GitHub.