Backups that Cause Problems

hypn0s contributed a module that exploits Snap Creek’s Duplicator plugin for WordPress. Duplicator is a plugin that eases the backup and migration of WordPress installations. For versions 1.2.40 and below, Duplicator leaves behind a number of sensitive files, including one that gives access to controlling the WordPress restoration process. Sending a POST request to the now accessible installer page leads to writing directly to the wp-config file, which when requested, can lead to remote code execution.

Labels and Shells

modpr0be both discovered a vulnerability and contributed a module that exploits a stack-based buffer overflow in CyberLink LabelPrint software v2.5 and below. The module generates an lpp file containing shellcode in the track tag and arbitrary data for the others. Opening the file with the CyberLink LabelPrint software results in command execution. This module has been successfully tested on Windows 7, 8.1, and 10.

New Modules

Exploit modules (3 new)

Auxiliary and post modules (1 new)

Improvements

  • averagesecurityguy introduced a new option to auxiliary modules, CreateSession, in order to opt out of session creation when testing credentials.

  • dgarvit added some functionality to the show plugins command that will display both the currently loaded plugins and plugins currently available.

  • busterb updated Mettle payloads with various bug fixes and compatibility improvements, including some contributions from timwr.

  • bcoles introduced some improvements to the linux/gather/enum_configs module that prevents the storage of empty configuration files as loot. Additionally, bcoles added the kernel_config method that returns details on the current kernel configuration and added checks to the post/linux/gather/enum_protections module.

  • clee-r7 made fixes to Go modules that produced corrupt output.

  • jmartin-r7 added a service mapping feature that links imported scan data to the associated vulnerable service port.

  • mrjefftang added support for the ext_server_unhook extension that removes runtime hooks applied by AV.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

To install fresh, check out the open-source-only Nightly Installers, or the binary installers which also include the commercial editions. PLEASE NOTE that these installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the stable Metasploit 4 branch. If you'd like to try outthe newer things going into Metasploit 5, that work is available in the master branch of the Metasploit Framework repo on GitHub.