Last updated at Tue, 16 Jan 2024 01:43:34 GMT


Tomorrow brings the fall equinox, and that means (as we are almost contractually obligated to say at this point) winter is coming. The days are getting shorter, the nights longer, and you can get your required dose of caffeine with pumpkin flavor, if that’s your preference.

It has been very busy summer at Metasploit, between moving offices, hiring new faces, eternally bluing, and gathering modules for the long winter ahead. It seems fitting that in this last wrapup of summer, we feature a Solaris exploit and credential gathering just before winter.

Solaris Local Privilege Escalation

Some exploits drive a pen test, while others are just getting old enough to drive. The Solaris libnspr NSPR_LOG_FILE Privilege Escalation may be nearing its teenage years, but we do not doubt for a moment that there’s still a chance of finding a vulnerable Solaris machine tucked away somewhere in your target network. (It might even be hidden behind some drywall).

SQL Credential Capture

Our very own @space-r7 added a module to grab the hashed passwords from Pimcore databases. Some MD5 calculating required.

New Modules

Exploit modules (1 new)

Auxiliary and post modules (3 new)

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

To install fresh, check out the open-source-only Nightly Installers, or the binary installers, which also include the commercial editions. PLEASE NOTE that these installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the stable Metasploit 4 branch. If you'd like to try out the newer things going into Metasploit 5, that work is available in the master branch of the Metasploit Framework repo on GitHub.