Check Yourself Before You Wreck Yourself
Even if you're a pro sleuth who can sniff out a vulnerability on even the most hardened of networks, it's always nice to be have some added validation that your attack is going to be successful. That's why it's always valuable to have a solid "check" method available to verify that you're barking up the right tree. This week bcoles upgraded the UAC check for Windows to add support for Windows Server 2016. Also, green-m updated the check method in the exploits/linux/http/hadoop_unauth_exec module to improve the messaging when a vulnerable server is detected. Thanks for keeping everything in check!
Shocking New Modules
We've all seen how vulnerable most consumer IoT devices are. Well, have you thought about network-connected devices that are running major infrastructure? Community member can added a module to execute a DoS attack against Siemens SIPROTECT 4 devices, requiring the device to be manually rebooted when successful. In related electrical engineering exploit excitement, michaelj0hn added a module for communicating with devices using the IEC-104 standard. This standard is used in electrical engineering and power subsystems for communication between devices and management terminals. Are you amped up for these additions?
Become Mr. Manager of the Metasploit Database
A helpful new tool was added if you're running the msf5 development branch of the Metasploit Framework. This is an upgrade to the
msfdb command that was previously only present in installed versions of Metasploit. The new version from mkienow-r7 adds the ability to easily set up, configure, and manage the Metasploit REST API web service, as well as the PostgreSQL database backend. Try giving the new script a spin for some exciting new ways to interact with all the valuable loot you've been collecting.
Metasploitable3 Is Now in the Vagrant Cloud
Have you tried building Metasploitable3, our intentionally vulnerable VM for penetration testing? It can be a little challenging if you're not familiar with the tools that were used to build it. Luckily jmartin-r7 has built out the infrastructure needed to upload pre-built Vagrant boxes in the Vagrant Cloud. These will be kept up-to-date regularly so you can always download the latest version easily. Check out the Quick Start section of the README for details on how to utilize this new, simplified setup.
Auxiliary and post modules (4 new)
- IEC104 Client Utility by Michael John
- Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service by M. Can Kurnaz
- Cisco ASA Directory Traversal by Michał Bentkowski, Shelby Pace, and Yassine Aboukir, which exploits CVE-2018-0296
- Dicoogle PACS Web Server Directory Traversal by Carlos Avila and h00die
- PRs #10421, #10423, #10424 - Improvements to the command history and re-addition of the clear history command
- PR #10419 - Add Windows Server 2016 to UAC check
- PR #10417 - Update accuracy of the check method in
As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:
To install fresh, check out the open-source-only Nightly Installers, or the binary installers, which also include the commercial editions. PLEASE NOTE that these installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the stable Metasploit 4 branch. If you'd like to try out the newer things going into Metasploit 5, that work is available in the master branch of the Metasploit Framework repo on GitHub.