Git a shell

The Malicious Git HTTP Server For CVE-2018-17456 module by timwr exploits a vulnerability in Git that can cause arbitrary code execution when a user clones a malicious repository using commands such as git clone --recurse-submodules and git submodule update. The vulnerability leverages an option-injection attack in Git submodules similar to CVE-2017-1000117. The exploit/multi/http/git_submodule_url_exec module acts as a Git HTTP server creating a fake Git repository that will cause vulnerable Git clients (CVE-2018-17456), versions 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, 2.19.1 and lower, to execute the injected command when submodules are initialized. Collaborate on projects and get a shell!

Prime exploit

Pedro Ribeiro both discovered the vulnerability and contributed the Cisco Prime Infrastructure Unauthenticated Remote Code Execution module for CVE-2018-15379. The exploit/linux/http/cisco_prime_inf_rce module achieves unauthenticated remote code execution as root on the Cisco Prime Infrastructure (PI) appliance default installation using a file inclusion vulnerability and a privilege escalation vulnerability. The module was tested using Cisco PI versions 3.2.0.0.258 and 3.4.0.0.348, and Cisco PI versions under 3.4.1 and 3.3.1 Update 02 should be vulnerable. Software and appliances that automate management tasks while also helping one gain a foothold in a target environment are very helpful on engagements.

New Modules

Exploit modules (3 new)

Auxiliary and post modules (1 new)

Improvements

  • PR #10951 fixes an issue with Python and Go support where internal Metasploit libraries could be overridden by external system libraries.
  • PR #10945 fixes the sessions --up command to only show services that are up.
  • PR #10938 introduced a number of small auxiliary/server/capture consistency updates and module documentation.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

To install fresh, check out the open-source-only Nightly Installers, or the binary installers, which also include the commercial editions. PLEASE NOTE that these installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the stable Metasploit 4 branch. If you'd like to try out the newer things going into Metasploit 5, that work is available in the master branch of the Metasploit Framework repo on GitHub.