Solaris... so hot right now

In this release, Metasploit contributor bcoles strikes again with another brand new Solaris module (rsh_stack_clash_priv_esc) that exploits RSH (remote shell), specifically against version 11.1 and 11.3, which allows users to gain root privileges.

Other than the rsh_stack_clash_priv_esc module, bcoles also recently added a couple of other ones (that we released previously) such as extremeparr_dtappgather_priv_esc for directory traversal, and libnspr_nspr_log_file_priv_esc for arbitrary file write. If you have some of these systems on your network, don't forget to test them with these Metasploit modules. :-)

Better Struts2 Module

Struts is such a valuable target for penetration testers, it's always worth the time to improve these modules. Thanks to Aaron Soto and William Vu, the struts2_namespace_ognl module has been improved to cover more Tomcat server versions, various configurations, and better code quality.

New Modules

Improvements

  • PR #10824, add PTY option to Net::SSH::CommandStream
  • PR #10816, Add a bg alias for background command
  • PR #9642, support version 5 for GetGo Download Manager bof exploit
  • PR #10800, Add docs for auxiliary/scanner/snmp/ Cisco modules
  • PR #10797, Add docs for auxiliary/scanner/sip/options_tcp module
  • PR #10671, struts2_namespace_ognl updates
  • PR #10790, avoid printing multiple peers when more than one target

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

To install fresh, check out the open-source-only Nightly Installers, or the binary installers which also include the commercial editions. PLEASE NOTE that these installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the stable Metasploit 4 branch. If you'd like to try out the newer things going into Metasploit 5, that work is available in the master branch of the Metasploit Framework repo on GitHub.