Last updated at Wed, 17 Jan 2024 00:52:35 GMT
MSF 5 in the wild
We announced the release of Metasploit Framework 5.0 this week. It’s Metasploit’s first major version release since 2011, and it includes lots of good stuff the team has been working on for the past year-plus. It will be packaged and integrated into your favorite software distributions over the next few months; until then, you can get MSF 5 by checking out the 5.0.0 tag on Github.
Chrome cookies
The Chrome cookies post module by mangopdf uses Chrome's remote debugging to read all cookies from the default Chrome profile of the user. The module uses a --headless, or a hidden, Chrome with remote debugging enabled and opens an HTML file to make requests to the remote debugging service. The HTML requests the cookies and logs the output to a file, which is later retrieved by the module.
MailCleaner
mmetince submitted a module for an authenticated remote code execution vulnerability in MailCleaner Community Edition. As described in mmetince's advisory, a search request sent to MailCleaner's ManagetracingController triggers a SOAP service request that issues an operating system command. By sending a command in the domain parameter of the search request it is possible to execute operating system commands as root on the server.
New Modules
Exploit modules (3 new)
- Mailcleaner Remote Code Execution by Mehmet Ince, which exploits CVE-2018-20323
- Adobe ColdFusion CKEditor unrestricted file upload by Pete Freitag de Foundeo, Qazeer, and Vahagn vah_13 Vardanian, which exploits CVE-2018-15961
- Windows Persistent Service Installer by Green-m
Auxiliary and post modules (4 new)
- DoS Exploitation of Allen-Bradley's Legacy Protocol (PCCC) by José Diogo Monteiro, Luis Rosa, and Miguel Borges de Freitas, which exploits CVE-2017-7924
- Microsoft Windows Defender Evasive Executable by sinn3r
- Microsoft Windows Defender Evasive JS.Net and HTA by Shelby Pace and sinmygit
- Chrome Gather Cookies by mangopdf
Improvements
- PR #11199 updates the components list in the Joomla wordlist
- PR #11183 adds authentication to the
LoginServlet - PR #11187 fixes
LoginServletto meet API standards and documented functionality - PR #11163 adds
/api/v1/eventsendpoint for retrievingMdm::Eventdata from the API
Get it
As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:
We recently-announced the release of Metasploit 5. You can get it by cloning
the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers
(which also include the commercial editions). PLEASE NOTE that the binary installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the Metasploit 4 branch for the time being. Migration is underway, so you can look forward to getting Metasploit 5 in the binary installers and in third-party software distributions soon.
