Metasploit Weekly Wrap-Up 03/22/2024

Last updated at Fri, 05 Apr 2024 20:44:34 GMT

New module content (1)

OpenNMS Horizon Authenticated RCE

Author: Erik Wynter
Type: Exploit
Pull request: #18618 contributed by ErikWynter
Path: linux/http/opennms_horizon_authenticated_rce
AttackerKB reference: CVE-2023-0872

Description: This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST. For versions 32.0.1 and lower, credentials are required for a user with ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges.

Enhancements and features (5)

• #18838 from SickMcNugget - This adds support for Debian and includes a number of fixes and improvements for the runc_cwd_priv_esc module. Prior to this fix, the module would incorrectly report some of the versions that the patch had been back ported to as vulnerable.
• #18841 from randomstr1ng - This PR updates the sap_icm_paths.txt wordlist with the newest entries.
• #18885 from errorxyz - Enhances the sessions command so that both Meterpreter and the top level Metasploit prompt support sessions -i -1.
• #18978 from dwelch-r7 - This PR updates several login modules to now display some messaging to the end of scans to tell the user how many credentials and/or sessions were successful.
• #18980 from zgoldman-r7 - Improves the help command wording when interacting with basic shells.

Bugs fixed (2)

• #18947 from molecula2788 - Fixes an issue with exploits/windows/local/wmi_persistence module when Powershell obfuscation was applied.
• #18974 from zeroSteiner - Fixes a typo in the help menu of the dns command.

Documentation added (1)

• #18965 from adfoster-r7 - This PR updates our README.md to remove a stale documentation link.

You can always find more documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

• Pull Requests 6.3.60...6.4.0
• Full diff 6.3.60...6.4.0

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro