BlueKeep is Here

The BlueKeep exploit module is now officially a part of Metasploit Framework. This module reached merged status thanks to lots of collaboration between Rapid7 and the MSF community members. The module requires some manual configuration per target, and targets include both virtualized and non-virtualized versions of Windows 7 and Windows Server 2008. For a full overview of the exploit’s development and notes on use and detection, see Brent Cook’s write-up here. Please exploit responsibly.

Brocade Device Modules

If you’re looking to exploit some Brocade ICX devices, h00die has you covered. A post module and an auxiliary module have been contributed to Framework by one of our community members, h00die. The modules gather files and useful information about the target device and store the data in MSF’s database.

ABRT Privilege Escalation

bcoles added an exploit module that attempts to escalate privileges on Red Hat Enterprise Linux versions with Automatic Bug Reporting Tool (ABRT) configured as the system’s crash handler. The vulnerability lies in the fact that the software uses a temporary directory that gives write access to local users. This enables a symlink attack that can result in root privileges.

New modules (5)

Enhancements and features

  • PR 12349 by OJ adds HTTP header and proxy options to the Windows and Python stageless Meterpreter payloads.
  • PR 12314 by cnotin adds support for using both the file:// and file: syntax with the RHOSTS option and documents the usage of both syntaxes.
  • PR 12295 by AstroZombieSG adds support for functions 2 and 4 in auxiliary/scanner/scada/modbusclient.rb.
  • PR 12258 by gkweb76 updates post/windows/gather/credentials/gpp.rb to return the Group Policy Object (GPO) name in its results.

Bugs fixed

  • PR 12353 by wvu-r7 limits the output of the BlueKeep scanner to vulnerable hosts by default.
  • PR 12354 by dwelch-r7 removes unnecessary TARGET options from auxiliary and post modules.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

We recently announced the release of Metasploit 5. You can get it by cloning the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial editions).