Trevor Forget: Metasploit Town Hall @ Derbycon
Metasploit’s Brent Cook, Adam Cammack, Aaron Soto, and Cody Pierce are offering themselves up to the crowds at this year’s fourth annual Metasploit Town Hall at Derbycon. Heading to bourbon country next weekend? Block off your 5 PM hour on Saturday, October 6 to join the team as they unveil some new hotness in Metasploit Framework and take questions and requests. Can’t make it but still have something to add? Join us on Slack or @ us on Twitter. Spoiler: We delivered on our promise in memory of Trevor.
Solaris: Yes, it's still a thing.
If you couldn't get enough of last week's Solaris local privilege escalation module, we've got another one for you! The Solaris 'EXTREMEPARR' dtappgather Privilege Escalation module, by Brendan Coles, grants a user root priviliges via a directory traversal vulnerability.
Command Args, In Brief
Lots of useful new commands were added to Metasploit Framework this week.
Wearing out your "return" key by manually re-running commands over and over? There's a new
repeat command by acammack-r7 that allows users to automate the repetition of a
;-separated list of commands. This supports a
-t flag that can be used to specify the duration in seconds that the command should run, or a
-n flag for number of iterations.
Exploit modules (2 new)
- Solaris 'EXTREMEPARR' dtappgather Privilege Escalation by Brendan Coles, Hacker Fantastic, and Shadow Brokers, which exploits CVE-2017-3622
- Microsoft Windows ALPC Task Scheduler Local Privilege Elevation by Jacob Robles, SandboxEscaper, asoto-r7, and bwatters-r7, which exploits CVE-2018-8440
Auxiliary and post modules (2 new)
- FrontPage .pwd File Credential Dump by Aditya K Sood and Stephen Haywood
- Solaris srsexec Arbitrary File Reader by h00die and iDefense, which exploits CVE-2007-2617
- There is a new
LEAK_COUNToption for the Heartbleed scanner by wvu, which allows users to specify the number of memory leaks to attempt.
- The iOS Safari DoS module has had its documentation improved and output expanded, thanks to timwr.
hash_dumpis now working properly in macOS versions up to High Sierra, courtesy of ssh3ll.
- MySQL Windows binaries have been updated, which fixes a crash of the MySQL UDF shared library. Thanks to h00die for the fix, and to Seth Jackson for reporting the issue!
As always, you can update to the latest Metasploit Framework with
msfupdate and you can get more details on the changes since the last blog post from GitHub:
To install fresh, check out the open-source-only Nightly Installers, or the binary installers which also include the commercial editions. PLEASE NOTE that these installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the stable Metasploit 4 branch. If you'd like to try out the newer things going into Metasploit 5, that work is available in the master branch of the Metasploit Framework repo on GitHub.