Last updated at Tue, 16 Jan 2024 02:02:07 GMT
Keep on Bluekeepin’ on
TomSellers added a new option to the increasingly useful Bluekeep Scanner module that allows execution of a DoS attack when running the module. This adds a new level of effectiveness in proving the severity of this vulnerability.
As part of this update, TomSellers moved and refactored a lot of the RDP specific framework code into a new mixin. Not only did this provide a lot of cleanup, but it also makes it much easier to utilize this code in future modules that take advantage of RDP. Please feel free to utilize this work when crafting your next RDP-utilizing module.
Tika look at this
Community member h00die has added a module for exploiting an RCE vulnerability in the Apache Tika OCR functionality. This simple, yet effective, module takes advantage of unprotected system commands that are executed when Apache Tika executes its OCR endpoint by passing in the commands you want to execute in the body of the request. If you find a vulnerable version of this software on an engagement you could easily “Tika mas-ALL-a their boxes over”. See David Yesland's write-up on exploiting the vulnerability here.
New modules (2)
- Apache Tika Header Command Injection by David Yesland, Tim Allison, and h00die, which exploits CVE-2018-1335
- Xymon Daemon Gather Information by Markus Krell and bcoles, which exploits CVE-2016-2055
Enhancements and features
PR #12158 by acammack-r7 - Blacklist pingback payloads for exploits utilizing the on_new_session callback to perform post-exploitation cleanup.
PR #12159 by bwatters-r7 - Add EXITFUNC support to pingback payloads.
PR #12170 by TomSellers - Add a denial of service action to the existing BlueKeep (CVE-2019-0708) scanner module auxiliary/scanner/rdp/cve_2019_0708_bluekeep.
PR #12171 by TomSellers - Move code from the BlueKeep (CVE-2019-0708) scanner into an Msf::Exploit::Remote::RDP mixin for consolidation and reuse.
Bugs fixed
PR #12152 by wvu-r7 - Fix an EOFError while scanning for the BlueKeep vulnerability.
PR #12175 by green-m - Fix a NoMethodError crash in the exploit/linux/http/hadoop_unauth_exec module.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
We recently announced the release of Metasploit 5. You can get it by cloning
the Metasploit Framework repo (master branch). To install fresh without using git,
you can use the open-source-only Nightly Installers or the binary installers
(which also include the commercial editions).
