Your workflow just got easier

Are you tired of copy/pasting module names from the search results before you can use them? Thanks to this enhancement (PR #11652) by Brent Cook, you can now run search with the -u flag to automatically use a module if there is only one result. Now you're one step closer to popping a shell!

A pair of new JSO modules

Metasploit published research a few weeks ago on Java Serialized Object exploitation. This week, we landed two of the modules mentioned in that report—PRs #11134 and #11136, both by Andrés Rodríguez. These two modules both exploit vulnerabilities in Oracle Weblogic Server that can lead to unauthenticated remote code execution.

New modules (5)

Enhancements and features

  • PR #11635 by Pearce Barry enhances msftidy to check for a missing Authors field in exploit, auxiliary, and post modules.
  • PR #11579 by Matteo Malvica adds expanded support and documentation for newer versions of Splunk to the exploit/multi/http/splunk_upload_app_exec module.

Bugs fixed

  • PR #11636 by bcoles fixes the version detection in the exploit/multi/postgres/postgres_createlang module, which adds stability to its check method.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

We recently announced the release of Metasploit 5. You can get it by cloning the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers, which also include the commercial editions).