Vegas: That's a Wrap
Well, another trek out to the Nevada desert is behind us. I actually love heading out there every year, since it gives me a chance to connect with a sizable chunk of the Metasploit contributor community in a corporeal way. That just fills me with warm fuzzies, so thanks to all of you who made the pilgrimage. You, the open source security research community, is what makes Vegas feel a lot homier than it ought to.
Speaking of community, now that we're past the Vegas Singularity (the first week of August, after which it is impossible for short attention span infosec people like me to plan anything), I can clearly see DerbyCon coming over the horizon. Last week, we got the happy news that Dave TheLightCosine Maloney, James egypt Lee, Brent Cook, and me, todb, will be holding the First Annual Metasploit Town Hall. Think of it an IRL AMA by and for the folks who have invested their hearts and heads into open source Framework. It should be pretty fun, and I expect to learn from you all where you'd like to see Metasploit go next. That's right, the tables are turned: YOU have homework to do before the conference this time. Hah!
Since the last blog post, we've added one new exploit, and four new auxiliary modules. In case you missed it, one of them is "Lester," the Local Exploit Suggester, by sinn3r and Mo s0cket_ Sadek. This module is kinda super useful as part of a quick engagement, in that it'll give some automated advice on picking out which of the dozens of local exploits might be useful in the current context. Since being a mere user, rather than root or LOCALSYSTEM, is an increasingly common circumstance, especially in client-side attacks, it can be a real time saver if you don't already have an encyclopedic knowledge of all of Metasploit's available privilege escalation exploits. Read more about it over here.
Also, we have an exploit for a video game first released in 1999, because hackers and sysadmins alike are a nostalgic bunch. I know if you planted some evil NetHack save file on my computer, you'd probably get fresh shells on me with alarming frequency. Turns out, Ubisoft published an updated, "HD" version of HoMM3 just this year, so you're much more likely to find this binary floating around your environment, again, because of nostalgia. I can't wait to see this come up in a pen-test report.
As always, feel free to check the diffs from the last blog checkpoint, over on GitHub.
- Heroes of Might and Magic III .h3m Map file Buffer Overflow by John AAkerblom and Pierre Lindblad
Auxiliary and post modules
- BIND TKEY Query Denial of Service by wvu, Jonathan Foote, and throwawayokejxqbbif exploits CVE-2015-5477
- Lansweeper Credential Collector by calderpwn, eq, and sghctoma
- Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy by Ramon de C Valle exploits CVE-2014-6593
- Multi Recon Local Exploit Suggester by sinn3r and Mo