Stagers Where They'll Least Expect Them

Our own @wvu-r7 added a sneaky improvement to HTTP command stagers, allowing exploits (like our recent ghostscript_failed_restore) to write on-disk stagers to the location of your choosing. Rather than a suspicious file written to /tmp, why not write your file somewhere stealthier? Just in case someone is monitoring the /tmp folder of their crockpot.

Documentation and Usability Updates

The unsung heroes of the open-source community remain those who test, tweak, and document older code. A huge thanks to @Yashvendra who decided two weeks ago to show up and give some older modules some needed love! Following improvements from last week, we saw PR 11447 for documentation updates in several auxiliary/scanner/http modules, as well as PR 11455 for documentation updates to the auxiliary/scanner/telnet/telnet_login module. Yet another PR 11445 updates the winrm_cmd aux module to always log the command output. @Yashvendra is the hero we all need!

Google Summer of Code

We've enjoyed several years of working with contributors around the world through Google’s Summer of Code initiative. Unfortunately, we aren’t participating in 2019. But fear not—there are still tons of great ways to contribute to Metasploit. Need a hint on where to start? There's a handy list of ideas for Framework additions here. We always have more issues, PRs, and docs needs than we can handle alone, so help is welcome and encouraged. Feel free to discuss your ideas with us and others in the Metasploit Slack channel, too.

Improvements

  • PR 11446 by @jrobles-r7 adds support for msftidy to understand the new SideEffects, Stability, and Reliability attributes in modules, allowing these to supersede the single-dimensional 'rank' attribute.
  • PR 11461 by @jnqpblc adds a check to the auxiliary/scanner/http/manageengine_deviceexpert_traversal module.
  • PR 11485 by @wvu-r7 adds the vhost_uri keyword argument to the full_uri method in the HttpClient library, providing developers with a means to display the VHOST instead of the RHOST in the output returned by full_uri.
  • PR 11486 by @busterb fixes a issue running passive and non-scanner auxiliary modules that don't use the RHOSTS variable.
  • PR 11497 by @busterb fixes a validation bug when setting RHOSTS via file: in an auxiliary module.
  • PR 11493 by @busterb fixes a validation bug when setting RHOSTS via file: in an exploit module.

Get It

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

We recently-announced the release of Metasploit 5. You can get it by cloning the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial editions).