Last updated at Tue, 05 Dec 2023 19:49:56 GMT

This week's update highlights Metasploit modules for embedded operating systems (as opposed to the usual client or server targets), so let's hop to it.

Security Camera Hackers

On Tuesday, guest blogger Justin Cacak of Gotham Digital Science talked about his module, cctv_dvr_login. The latest update for Metasploit has it now, so if you happen to run into some of these devices, you can show off all your Hollywood hacking skills by panning and zooming the security camera in the executive washroom. Definitely and eye-popper of an exploit, and we're happy to be able to share the techniques with the open source community. For more details on this nifty attack, see our blog post on this topic and the article about this Metasploit module in Wired magazine!

More SCADA, More Problems

In a related vein, this week's update also has a module for another embedded service, RuggedCom's telnet server. RuggedCom, as the name implies, makes network gear designed for harsh, outdoorsy conditions, so it's used almost exclusively in SCADA deployments. According to the researchers "JC CREW," if you know a RuggedCom device's MAC address, you can calculate the default password. Now, if you happen to be in the same broadcast domain as the device (usually the same LAN, but sometimes a little farther out), you can learn the MAC address just by talking Ethernet to the target device.

However, it's not like you have to go to the trouble to pick the MAC address out of packets from RuggedCom devices -- the vendor helpfully displays the local MAC in the telnet banner. What?

Community contributor Borja Merino put together a Metasploit module to do take advantage of this situation, telnet_ruggedcom. This module greps out the MAC address from the telnet banner, performs the password conversion magic, and stores it off into Metasploit's credential database for later use (say, with the telnet_login module).

Bugs in embedded systems like these have the added bonus for pen-testers in that they are often unpatched for months and years inside an organization. This is partly due to both vendor reluctance to patch, but moreso, because the affected devices are often in hard-to-reach locations, like railyards and oil fields.

New Modules

Other than those, we have added five new modules to our exploit database this month. In no particular order, we've got:

Availability

If you're new to Metasploit, you can get started by downloading Metasploit for Linux or Windows. If you're already tracking the bleeding-edge of Metasploit development, then these modules are but an msfupdate command away. For readers who prefer the packaged updates for Metasploit Community and Metasploit Pro, you'll be able to install the new hotness today when you check for updates through the Software Updates menu under Administration.

For additional details on what's changed and what's current, please see the most excellent release notes.