Trevor Forget: Metasploit Town Hall @ Derbycon

Metasploit’s Brent Cook, Adam Cammack, Aaron Soto, and Cody Pierce are offering themselves up to the crowds at this year’s fourth annual Metasploit Town Hall at Derbycon. Heading to bourbon country next weekend? Block off your 5 PM hour on Saturday, October 6 to join the team as they unveil some new hotness in Metasploit Framework and take questions and requests. Can’t make it but still have something to add? Join us on Slack or @ us on Twitter. Spoiler: We delivered on our promise in memory of Trevor.

Solaris: Yes, it's still a thing.

If you couldn't get enough of last week's Solaris local privilege escalation module, we've got another one for you! The Solaris 'EXTREMEPARR' dtappgather Privilege Escalation module, by Brendan Coles, grants a user root priviliges via a directory traversal vulnerability.

Also this week in Solaris news, there is a new Arbitrary File Reader post module by h00die, which exploits a vulnerability in NetCommander 3.2.3 and 3.2.5.

Command Args, In Brief

Lots of useful new commands were added to Metasploit Framework this week.

pry was added to Meterpeter by wvu, allowing users to see a more verbose debugging interface when working with payloads. If irb isn't cutting it for you, give this a try!

Also in Meterpreter news, chmod is now supported inside your Linux Meterpreter session thanks to timwr. There is no longer a need to shell out just to change permissions.

Wearing out your "return" key by manually re-running commands over and over? There's a new repeat command by acammack-r7 that allows users to automate the repetition of a ;-separated list of commands. This supports a -t flag that can be used to specify the duration in seconds that the command should run, or a -n flag for number of iterations.

New Modules

Exploit modules (2 new)

Auxiliary and post modules (2 new)

Improvements

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

To install fresh, check out the open-source-only Nightly Installers, or the binary installers which also include the commercial editions. PLEASE NOTE that these installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the stable Metasploit 4 branch. If you'd like to try out the newer things going into Metasploit 5, that work is available in the master branch of the Metasploit Framework repo on GitHub.