Document ALL THE THINGS!
This release sees quite a bit of documentation added with a module doc from bcoles and four new module docs from newer docs contributor Yashvendra. Module docs can be viewed with
info -d and are extremely helpful for getting acquainted with a modules capabilities and limitations. We greatly value these contributions because, while not cool h4x0r features by themselves, each one means that fewer people have to read the code to understand how to effectively use all the 1337 stuff the rest of us write.
To that end, we are releasing a new way to add detailed documentation to the output of the
help command. Metasploit has well over 100 different commands in its various modes, and all that they tell you with the
help command is which flags they take with a short, often generic description for each. This can make some commands like
execute take a lot of trial and error to learn, let alone triaging bugs. The first subject of my focus was the
repeat command since there were no guides or documentation for it from any source except for another wrap-up, and I have more in the works.
You might ask, "Adam, do you think can you document all of Metasploit?" No, I do not, but I think we can together. We would love pull requests to help backfill the console documentation, so if you run across a command you don't know and want to try to figure out or want make sure you favorite is documented that other people can embrace the awesomeness, please send some sweet, sweet docs our way. Keep an eye on our wrap-ups to see what cool functionality we uncover and document!
Four out of five modules agree: Hacking is fun
Out of the five modules added this week, four (plus a mixin) were written by the amazing pedrib for the Nuuo CMS. These modules exploit various flaws from bruteforcing session tokens to SQL injection. These modules target a variety of versions from 2.3 all the way to 3.5.0. With some teamwork from bcoles and jrobles-r7 we now have some tasty coverage for another enterprise central management system.
The sum of a lot of little parts
Our fearless leader busterb got an itch over this last week looking at our high open PR count and got a lot of little things over the line that had stalled for one reason or another. There are a lot of good fixes and small features listed below from familiar and new faces, so be sure to update and check if your bug was fixed, especially if it was about
Exploit modules (3 new)
- Belkin Wemo UPnP Remote Code Execution by wvu and phikshun
- Nuuo Central Management Server Authenticated Arbitrary File Upload by Pedro Ribeiro, which exploits CVE-2018-17936
- Nuuo Central Management Authenticated SQL Server SQLi by Pedro Ribeiro, which exploits CVE-2018-18982
Auxiliary and post modules (2 new)
- Nuuo Central Management Server User Session Token Bruteforce by Pedro Ribeiro, which exploits CVE-2018-17888
- Nuuo Central Management Server Authenticated Arbitrary File Download by Pedro Ribeiro, which exploits CVE-2018-17934
- PR #11400 adds the ability for Metasploit payload generation to add a custom section header name for where to insert a generated payload in Windows executables. It also adds the ability to specify the pad-nops option from the generate command from within msfconsole. These option mimic those added to
- PR #11289 adds mixin for Nuuo NUCM protocol for their devices and management software.
- PR #11191 adds the
analyzecommand, an initial start on an idea of enabling Metasploit Framework to suggest modules based on host details stored in the database.
- PR #11184 adds initial Metasploit support for the Ruby 2.6 series.
- PR #11176 adds RHOSTS multiple-host targeting support to all auxiliary modules. Also correct a bug targeting a single host from an exploit module using the syntax IP/32.
- PR #11439 adds module documentation for
- PR #11438 adds module documentation for
- PR #11437 adds module documentation for
- PR #11436 adds module documentation for
- PR #11407 adds functionality to
help COMMANDto display extra reference help for various commands. The reference files are stored as markdown in the
documentation/cli/directory. Also add inaugural docs for
- PR #11404 adds module documentation for
- PR #11434 fixes a stack trace reported on the creds command when
- PR #11411 fixes an issue when printing script help with
-hwhen running Meterpreter scripts.
- PR #11401 fixes tab completion when setting RHOSTS with and without having RPORT already set.
- PR #11393 updates module option deregistration to work with both newer and older option names, allowing for backward compatibility with a module that wants to unregister 'RHOST' or 'RHOSTS'.
- PR #11392 optimizes the display of the msf5 console shell prompt to not compute things unnecessarily. Namely, it avoids computing
%Lwhich appears to be fairly expensive and possibly leads to crashes in some circumstances.
As always, you can update to the latest Metasploit Framework with
msfupdate and you can get more details on the changes since the last blog post from GitHub:
We recently-announced the release of Metasploit 5. You can get it by cloning the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial editions). PLEASE NOTE that the binary installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the Metasploit 4 branch for the time being. Migration is underway, so you can look forward to getting Metasploit 5 in the binary installers and in third-party software distributions soon.