This week's edition: Baron Samedit 'sudo' exploit module, OneDrive sync enumeration, and WP credential gathering via Abandoned Cart plugin.
Five new modules, and a reminder for the upcoming CTF
Give me your hash
This week, community contributor HynekPetrak [https://github.com/HynekPetrak]
added a new module [https://github.com/rapid7/metasploit-framework/pull/13906]
for dumping passwords and hashes stored as attributes in LDAP servers. It uses
an LDAP connection to retrieve data from an LDAP server and then harvests user
credentials in specific attributes. This module can be used against any kind of
LDAP server with either anonymous or authenticated bind. Particularly, it can be
This week's release includes a local privilege escalation exploit for VMware Fusion through 11.5.3 on OS X, as well as RCE on Apache Solr and DNN cookie deserialization.
Powershell Express Delivery
The web_delivery module
is often used to deliver a payload during post exploitation by quickly firing up
a local web server. Since it does not write anything on target’s disk, payloads
are less likely to be caught by anti-virus protections. However, since Microsoft
added Antimalware Scan Interface (AMSI)