Take a moment from this week's barrage of vulnerabilities in seemingly everything to check out a video interview between two Metasploit greats, a new exploit module in GetSimple CMS, and a whole host of improvements.
A walk down Meterpreter Memory Lane
The Twitters are abuzz with an interview of (Matt 'Skape' Miller) AKA epakskape by OJ Reeves AKA TheColonial, two infosec greats with a vast knowledge of Metasploit and exploit development history. If you haven't seen it yet, the interview is absolutely worth the watch.
GetSimple made simple
First-time contributor truerandom (AKA Khalifazo, incite_team) submitted a module exploiting CVE-2019-11231, a combination of an arbitrary file upload exploit with an authentication bypass to trigger arbitrary PHP execution in the GetSimple Content Management System. The exploit works against version 3.3.15 and prior.
New modules (3)
- GetSimple CMS Unauthenticated RCE by truerandom, which exploits CVE-2019-11231
- Ubiquiti Unifi Controller Configuration Downloader from h00die adds a configuration downloader for Ubiquiti Unifi network controllers.
- "Super Small" Linux Command Shell, Bind TCP Random Port Inline Payload from Ekzorcist adds a new "super small" random bind payload.
New features (2)
- PR #11819 by wvu-r7 improves usability in module searching by allowing users to select a module by number
- PR #11820 by wvu-r7 improves output of module information without CVE references.
Bugs fixed (3)
- PR #11842 from pr4tik fixes an issue with double quotation marks within Powershell
- PR #11821 from our own busterb fixes an exception with payload size output when working with size-constrained payloads
- PR #11831 from PierrickV fixes a bad link to Microsoft documentation in MS09-053 (
As always, you can update to the latest Metasploit Framework with
msfupdate and you can get more details on the changes since the last blog post from GitHub:
Earlier this year, we announced the release of Metasploit 5. You can get it by cloning the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial editions).