In this week’s Metasploit’s wrap-up, we are excited to share with the world our latest special: pingback payloads. Pingback payloads are a brand new, non-interactive payload type that allows users to confirm remote code execution on a target without loading a shell. It is stealthy and safe to use—something we are confident our penetration testing users will appreciate. Shout out to our developers Brendan, Brent, Shelby, and others for the excellent work! Read the full blog here.
Another pleasant surprise coming from our finest William Vu is the set-payload-by-index feature for
msfconsole. Similar to the
search command combining with
show payloads command now gives you a list of compatible payloads that are indexed, and then you can use the
set payload command by index. Less typing, isn’t that great?
On top of all the goodies, we also have three wicked modules that you may find interesting. The first is a remote code execution against Redis, a well known in-memory database that can be seen for large-scale websites. The second is a Windows evasion module using MSBUILD.exe to bypass OS features such as software restriction policies or Applocker. And finally, we have a post module for Sonic Pi that gives you arbitrary Ruby code execution. We figured playing music is more fun and cool for Sonic Pi, so that’s what we did for the module.
Finally, if you will be in Las Vegas for next weekend and want to work on Metasploit modules or integrations with the team, check out our Open Source Office Hours Friday and Sunday!
New modules (3)
- Redis Unauthenticated Code Execution by Green-m
- Applocker Evasion - MSBuild by Casey Smith and Nick Tyrer
- OS X Manage Sonic Pi by William Vu and Sam Aaron
Enhancements and features (5)
- Implement "set PAYLOAD" by index by William Vu
- Lock bcrypt to arm compatible version Jeffrey Martin
- Add Pingback Payloads by Brendan Watters and Brent Cook
- Update setting new .exe of Sophos AV by Gabriel Mioranza
- Add HttpRawHeaders (file) advanced option to HttpClient by William Vu
Bugs fixed (5)
- Accidentally removed include that is sort of imperative by Brendan Watters
- Fixing path or module's documentation by Hugo Kermabon
- Cast to_s in command_shell.rb by bcoles
- Catch EOFError in alphastor_devicemanager_exec.rb by bcoles
- Correct output printing bug from smb_enumshares by nounesh
As always, you can update to the latest Metasploit Framework with
msfupdate and you can get more details on the changes since the last blog post from GitHub:
We recently announced the release of Metasploit 5. You can get it by cloning the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial editions).