You Compile Me
Our very own wchen-r7 added the ability to compile C code in metasploit, including (select) dependencies by creating a wrapper for metasm. Right now, support for
windows.h is the first salvo in custom compiling tools within the metasploit interface!
Hack all the things!
For a long time, people have asked us to support RHOSTS in exploits just like we do in AUX modules. We listened, and now framework exploits support RHOSTS! Set your exploit, your values, your IP range, and sit back with a warm cup of coffee and watch the shells come in! There is still a lot of work to be done to make it as user-friendly as possible, so if you are interested in helping, please do!
Tell us more!
Help us make metasploit awesomer: tell us what you think. The metasploit Framework 2018 survey is about to end, and we would like your input. Please go here and tell us what you think!
Will I Break Everything?
Some of you may have noticed that starting a few months ago, we added a few more tests that ran automatically when PRs were submitted. This was the result of some automated testing we developed, and we hope it helps reduce the regressions we face with such a fast-moving and expansive codebase. In addition to the unit testing provided by Travis, now PRs are sanity-checked by running a known-good session against a virtualized host. While most PRs would not affect this test, we have found some instances where added functionality in one location can break functionality elsewhere. The tests have been running for a few months, but now, the results are being made public to help submitters better debug regression bugs.
- bcook-r7 fixed a bug in post/osx/gather/enum_osx where bad data got passed into the cmd_exec method
- wvu-r7 was busy revisiting the reload_lib command to update it with extra functionality, fixing a bug where we tried to overly-cross-compile a java payload to an exe, fixed up our awk payloads, and made it so that you can specify targets by name (with tab completion, no less!) rather than index.
- acammack-r7 continues to add support for external modules and made it so that external modules (written in the language of your choice) can report credentials back to metasploit’s database.
Exploit modules (4 new)
- AF_PACKET packet_set_ring Privilege Escalation by Andrey Konovalov and Brendan Coles exploits CVE-CVE-2017-7308
- Libuser roothelper Privilege Escalation by Brendan Coles and Qualys exploits CVE-CVE-2015-3246
- Jenkins CLI HTTP Java Deserialization Vulnerability by Alisa Esage, Ivan, Matthias Kaiser, and YSOSerial exploits CVE-CVE-2016-9299
- Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution by Nixawk, icez, and xfer0 exploits CVE-CVE-2017-9791
Auxiliary and post modules (3 new)
- scanner/smb/impacket/dcomexec by zeroSteiner
- Displays wireless SSIDs and PSKs by Auxilus and timwr
As always, you can update to the latest Metasploit Framework with
and you can get more details on the changes since the last blog post from