This week’s release sees multiple improvements and corrections, some years in the making! We fixed an interesting bug in the initial handshake with meterpreter that caused some payload callbacks to fail, improved error and information reporting in other modules, and then @h00die ran spellcheck!
New (and Improved!) Modules (2 New):
After three years, @wvu’s tnftp aux module grew up to become a strong, well-rounded exploit module, dropping shells and turning heads around the local subnet; check it out in exploit/unix/http/tnftp_savefile.
Our powerhouse @h00die dropped another module on us with a Wordpress RCE targeting the wp-mobile-detector plugin.
Last week, Sam teased you with the idea of printer support. This week, we’re getting closer. While we would like to say no printers were harmed in the making of that payload, that would be a lie. We are hopeful our printer guinea pig will pull through!
Metasploit Sans Frontiers!
It turns out that printer did not die without cause. While modifying the POSIX meterpreter (AKA Mettle) to work on a printer, jacob-baines solved an issue we had with x64 mettle payloads that caused our relatively small payloads to balloon to more than four times the expected size. It turns out that elf2bin aligns the segments on a fairly large page size. By shrinking our targeted page size, we can shrink the payload size greatly. Given Mettle’s already (sort of) svelte 3MB size, that certainly is much ado about nothing. After tweaking that setting mettle is down to 800K and feeling much slimmer and ready to visit an IoT device near you. Upload it to a router, switch, printer, or powerstrip today! To learn more about the change, see this week’s demo on our youtube channel.
Stick to the Script:
@zeroSteiner has made our lives easier and our time safer by adding inline Ruby support (and ERB) through resource scripts at the meterpreter prompt, and @wvu struck again unifying the post module and script schism with a single flag. Both scripts and post modules can now run with the sessions -s directive. Thanks, @zeroSteiner!
In preparation for Metasploit 5, we have created a new Metasploit 4 stable branch. Our plan is to enable faster integration of features and design changes for 5.x with new workflows and possibly breaking changes on master.
Our bleeding edge users will be able to follow along with us on the 5.x incubation journey in the Metasploit github master branch, while maintaining existing workflows by providing easy access to the 4.x experience. Stay tuned for more details as this effort progresses.
As always, you can update to the latest Metasploit Framework by simply updating to the latest version provided by BlackArch Linux, Kali Linux, Metasploit Pro, or by using the handy msfupdate command available in the Nightly Installers.
You can get more details on the changes since the last wrapup here at:
To install fresh, you can use the:
Want a fresh wrapup in your RSS feed every week? You're in luck.