Git a shell
The Malicious Git HTTP Server For CVE-2018-17456 module by timwr exploits a vulnerability in Git that can cause arbitrary code execution when a user clones a malicious repository using commands such as
git clone --recurse-submodules and
git submodule update. The vulnerability leverages an option-injection attack in Git submodules similar to CVE-2017-1000117. The
exploit/multi/http/git_submodule_url_exec module acts as a Git HTTP server creating a fake Git repository that will cause vulnerable Git clients (CVE-2018-17456), versions 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, 2.19.1 and lower, to execute the injected command when submodules are initialized. Collaborate on projects and get a shell!
Pedro Ribeiro both discovered the vulnerability and contributed the Cisco Prime Infrastructure Unauthenticated Remote Code Execution module for CVE-2018-15379. The
exploit/linux/http/cisco_prime_inf_rce module achieves unauthenticated remote code execution as root on the Cisco Prime Infrastructure (PI) appliance default installation using a file inclusion vulnerability and a privilege escalation vulnerability. The module was tested using Cisco PI versions 184.108.40.206.258 and 220.127.116.11.348, and Cisco PI versions under 3.4.1 and 3.3.1 Update 02 should be vulnerable. Software and appliances that automate management tasks while also helping one gain a foothold in a target environment are very helpful on engagements.
Exploit modules (3 new)
- Cisco Prime Infrastructure Unauthenticated Remote Code Execution by Pedro Ribeiro, which exploits CVE-2018-15379
- Malicious Git HTTP Server For CVE-2018-17456 by timwr, which exploits CVE-2018-17456
- Atlassian Jira Authenticated Upload Code Execution by Alexander Gonzalez(dubfr33)
Auxiliary and post modules (1 new)
- Office 365 User Enumeration by Oliver Morton (GrimHacker)
- PR #10951 fixes an issue with Python and Go support where internal Metasploit libraries could be overridden by external system libraries.
- PR #10945 fixes the
sessions --upcommand to only show services that are up.
- PR #10938 introduced a number of small
auxiliary/server/captureconsistency updates and module documentation.
As always, you can update to the latest Metasploit Framework with
msfupdate and you can get more details on the changes since the last blog post from GitHub:
To install fresh, check out the open-source-only Nightly Installers, or the binary installers, which also include the commercial editions. PLEASE NOTE that these installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the stable Metasploit 4 branch. If you'd like to try out the newer things going into Metasploit 5, that work is available in the master branch of the Metasploit Framework repo on GitHub.