I Read the News Today, Oh Boy
As we near the end of the year we must express appreciation for the Metasploit community as a whole. Each contribution is valuable, be it an exploit for the latest vulnerability, documentation, spelling corrections, or anything in between. Together we shape the future of Metasploit. The Metasploit community really surprised us this time around, as the latest release brings five new exploit and two new auxiliary modules.
Hey! You! Get Off of My Cloud
Zenofex contributed a module to exploit Western Digital's MyCloud PR4100 2.30.172 NAS devices (CVE-2017-17560). The Western Digital MyCloud web administration HTTP service provides multi-part upload functionality that is kind enough to allow unauthenticated uploads. The module exploits this vulnerability by uploading a PHP shell onto the device to obtain arbitrary code execution as root. The cloud is just someone else's computer, and MyCloud is my new shell.
Am I Rich Enough
On October 9th, 2017 Etienne Stalmans and Saif El-Sherei published their research in a blog post on Macro-less Code Exec in MSWord. The information was used by realoriginal, who contributed a module that abuses the Dynamic Data Exchange (DDE) protocol feature in the Microsoft formula field code. The module creates a Microsoft Office Rich Text Format (RTF) document that once opened will endow its creator with Meterpreter sessions and the richness of command execution without macros or memory corruption.
Come Together, Right Now
The 2017 Metasploitable3 Community CTF has come to a close. Thanks to everyone in the community that participated as well as all the Metasploit mods: Brent Cook, Brendan Watters, Sam Huckins, and of course, Wei Chen and James Barnett who took time out of their schedules to make it run smoothly. Listen to a quick rundown by James Barnett in the Metasploit Demo Meeting 12-12-2017 on our YouTube channel. Then, head over to the Congrats to the 2017 Community CTF Winners blog post to see the winners, statistics, and links to some of the participant's walk-throughs.
Exploit modules (5 new)
- Western Digital MyCloud multi_uploadify File Upload Vulnerability by Zenofex exploits CVE-2017-17560
- Clickjacking Vulnerability In CSRF Error Page pfSense by Yorick Koster
- Microsoft Office DDE Payload Delivery by mumbai
- Dup Scout Enterprise Login Buffer Overflow by Chris Higgins and sickness
- Advantech WebAccess Webvrpcs Service Opcode 80061 Stack Buffer Overflow by mr_me exploits ZDI-17-938
Auxiliary and post modules (2 new)
- ua-parser-js npm module ReDoS by Ryan Knell and Nick Starke
- WS-Discovery Information Discovery by Brendan Coles
As always, you can update to the latest Metasploit Framework with
and you can get more details on the changes since the last blog post from