This week, let's talk about post-modules, since we have two new fun ones to discuss.
Windows PowerShell is a scripting language and shell for Windows platforms, used primarily by system administrators. While untrusted scripts are not allowed to run by default, many users will be tempted to set their execution environments to be pretty permissive. This, in turn, can provide a rich (and almost completely overlooked) post-exploitation playground.
To that end, this update features a PowerShell module post-exploit download and executor (exec_powershell), two PowerShell encoders, a post-module mixin, and a directory to stash sample PowerShell scripts in (under /scripts).
Thanks tons to Boris "RageLtMan" Lukashev for taking the lead on making sure this all works -- he, Spencer McIntyre, and the original research from Nicholas Nam on the subject made this all possible.
For more on PowerShell's features for post-exploitation, see Matthew Graeber's excellent Exploit Monday blog post.
On a slightly sillier note, this release also has sinn3r's surprisingly hilarious "OSX Text to Speech Utility." This module allows attackers to creep out their post-exploitation victims by whispering messages to them (or use any number of other stock OSX voices). While it's mostly for fun, I can see how this module can be part of a counter-phishing training payload -- people may be less likely to click on suspicious links next time if you end up giving them a good talking to via their iPod earbuds.
In addition to the post-exploitation modules mentioned above, we have those, we have six new modules this month. In no particular order, we've got:
- Active Collab "chat module" by mr_me exploits OSVDB-81966.
- Squiggle 1.7 SVG Browser Java Code Executionby sinn3r and Juan Vazquez exploits OSVDB-81965.
- HP StorageWorks P4000 Virtual SAN Appliance Command Execution by sinn3r and Nicolas Gregoire exploits EDB-18893.
- Foxit Reader 3.0 Open Execute Action Stack Based Buffer Overflow by bannedit exploits CVE-2009-0837.
- Oracle Weblogic Apache Connector POST Request Buffer Overflow by Juan Vazquez exploits CVE-2008-3257.
- FlexNet License Server Manager lmgrd Buffer Overflow by sinn3r and Juan Vazquez exploits ZDI-12-052.
If you're new to Metasploit, you can get started by downloading Metasploit for Linux or Windows. If you're already tracking the bleeding-edge of Metasploit development, then these modules are but an msfupdate command away. For readers who prefer the packaged updates for Metasploit Community and Metasploit Pro, you'll be able to install the new hotness today when you check for updates through the Software Updates menu under Administration.
For additional details on what's changed and what's current, please see the most excellent release notes.