Last updated at Fri, 31 May 2019 18:07:53 GMT
Last week, Metasploit contributors zerosum0x0 and JaGoTu added an unauthenticated scanner module for BlueKeep, aka CVE-2019-0708. The module checks for vulnerable hosts without crashing targets; zerosum0x0 has a write-up here on avoiding the DoS that has plagued so many of the other proof-of-concept BlueKeep scanners. See the PR for details, including the list of supported Windows target versions. Future additions and improvements to the module are likely.
A2K19: MSF community hackathon
What’s the collective noun for a group of hackers? Every few years, a cadre of Metasploit committers descends on Austin for a community hackathon. This year we’re hosting folks from Oz and Hong Kong in addition to friends from around the U.S. Keep an eye on hackathon happenings by watching the
a2k19 label on the Framework repo.
New modules (3)
- BlueKeep Microsoft Remote Desktop RCE Check by JaGoTu and zerosum0x0, which checks for CVE-2019-0708
- Oracle Application Testing Suite WebLogic Server Administration Console War Deployment by sinn3r and Steven Seeley
- Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal by sinn3r and Steven Seeley, which exploits CVE-2019-2557
Enhancements and features
- PR 11857 from bcoles adds a new cmd/unix/reverse_bash_udp payload.
- PR 11794 from arntsonl adds PostgreSQL 8.2+ support to the linux/postgres/postgres_payload exploit module.
- PR 11894 by wvu-r7 updated the admin/chromecast/chromecast_youtube auxiliary module to clearly reflect that it uses the older DIAL protocol.
- PR 11878 and PR 11879 from wvu-r7 add tab completion to the ‘analyze’ command.
- PR 11865 by jmartin-r7 updates the admin/http/allegro_rompager_auth_bypass auxiliary module to target more potentially vulnerable targets via a new ‘ForceAttempt’ advanced option.
- PR 11797 from bigendiansmalls ensures that cmd/mainframe/apf_privesc_jcl payload automatically removes itself from the target after executing.
- PR 11885 from iweizime ensures the linux/armle/shell_bind_tcp payload’s ARGV0 does get passed to the execve(2) call.
As always, you can update to the latest Metasploit Framework with
msfupdate and you can get more details on the changes since the last blog post from GitHub:
We recently announced the release of Metasploit 5. You can get it by cloning the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial editions).