Keep your eyes peeled for another Metasploit CTF

We hosted our third Annual(ish) Metasploit CTF back in January of this year. All 1,000 slots were booked within days of announcing the competition. Because of the resounding success, we'll be hosting the fourth Annual(ish) Metasploit CTF by year’s end. Keep an eye out for an announcement with more details in the next few weeks.

Gathering ProxyUsername and ProxyPassword

PuTTY, for those of you who live solely on a command line, is a popular SSH and Telnet GUI client built for Windows and Unix systems. Metasploit contributor HuskyHacks, working in a team with Brian Saunders and Aaron Hobdy, added an enhancement to the post/windows/gather/enum_putty_saved_sessions.rb module. This enhancement now allows the capturing of two additional registry keys:

  • HKCU\Software\SimonTatham\PuTTY\Sessions\[Username]\ProxyUsername and
  • HKCU\Software\SimonTatham\PuTTY\Sessions\[Username]\ProxyPassword

This is a great new feature because we are able to capture two additional fields for saved PuTTY sessions, the plaintext values of ProxyUsername and ProxyPassword.

Service stub encoder validation

A bug fix added by our very own adfoster-r7 improves the user experience of the m17_010_psexec and psexec modules by ensuring invalid encoders are no longer silently ignored. From now on SERVICE_STUB_ENCODER is validated before running the module.

Enhancements and features

Bugs fixed

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial edition).