The last couple of weeks in the infosec world have appeared busier, and buzzier, than most others. It seems almost futile to pry everyone away from the current drama--that being the bombshell revelation that intelligence agencies collect intelligence--long enough to have them read our dev blog. Regardless, we've been busy ourselves. And if you're the least bit like me, you could probably use a quick respite from the cacophony. Keeping up with all the noise is enough to make anyone feel like Ricky:
This is Ricky. Don't be like Ricky.
Features and Fixes
There are few things worse than getting a Meterpreter session on a host, only to find yourself unable to download large files that you might be interested in because your connection is spotty. Unfortunately, download timeouts in such sessions have been a reality for as long as Meterpreter has been around. Thankfully, a recent patch by Pearce Barry goes a long way to alleviate said issues by providing more fault tolerance to adverse network conditions. I personally tested this on over 1GB of data across a network link with 20% packet loss, and while it felt like I was using CompuServe once again, it delivered the goods.
A Requiem for Meterpreter Scripts
We obliterated what we believe to be the last vestige of Meterpreter scripts in framework. In their time, an exploit module may have used
migrate -f to automatically migrate the session to another process on the target. This is now handled by 'post/windows/manage/priv_migrate', and has been for some time. The old migrate -f argument set in
InitialAutoRunScript was pointed at this new module; however, there's been a few hiccups over the last few weeks. That's been corrected, and all should now be right with Windows process migration. Note: This doesn't mean that your personal custom scripts will stop working. Scripts are still a handy way to bust out a prototype to get stuff done quickly without needing to care about the reliability requirements of a post module.
In other assorted bugfix news, Brendan Watters resolved an issue that occurred when sorting tables from auxiliary modules when the results contained both IPv4 and IPv6 addresses. We also updated Metasploit to use the latest Nexpose client libraries, so it's now able to validate that it's communicating with a trusted Nexpose instance via preconfigured SSL certificates.
One final item in this release was the addition of a basic Dockerfile and Docker Compose configuration. With support for Docker, you can now isolate your Metasploit instances, and it allows you to both quickly and easily setup new testing and development environments. Plans are in the works to publish the container to hub.docker.com, and users will be able to deploy new installations of Metasploit Framework just as easily as they would other applications using Docker.
Exploit modules (5 new)
- MVPower DVR Shell Unauthenticated Command Execution by Andrew Tierney (Pen Test Partners), Brendan Coles, and Paul Davies (UHF-Satcom)
- Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution by Mehmet Ince
- Ektron 8.5, 8.7, 9.0 XSLT Transform Remote Code Execution by catatonicprime exploits CVE-CVE-2015-0923
Auxiliary and post modules (2 new)
- Binom3 Web Management Login Scanner, Config and Password File Dump by Karn Ganeshen
- Kodi 17.0 Local File Inclusion Vulnerability by Eric Flokstra, and jvoisin exploits CVE-CVE-2017-5982
As always, you can update to the latest Metasploit Framework with
msfupdate and you can get more details on the changes since the last blog post from GitHub:
That's all for now. Stay tuned, as we have several interesting projects in the works that should be debuting in the coming weeks.