Last updated at Thu, 19 Dec 2019 21:58:48 GMT
It’s beginning to look a lot like HaXmas, everywhere you go! We have a great selection of gift-wrapped modules this holiday season, sure to have you entertained from one to eight nights, depending on your preference! On a personal note, we here at the Metasploit workshop would like to welcome our newest elf, Spencer McIntyre. Spencer has been a long-time contributor to the project, and we’re thrilled to have him on the team!
In the spirit of giving, space-r7 has provided you the opportunity to give the gift of an XML payload to a deserving Rest API endpoint on OpenMRS, an open-source medical record software system.
Phra got even more personal this year, allowing you to inject a gift of shellcode directly into the memory of a running process in Windows. Teamed with donut, you could spend the entire holiday season in the giving spirit!
If you are looking to feel this spirit on a more permanent basis, look no further than Michael Long’s Bash Profile Persistence Module.
If you are looking to level up this holiday season, try bundling a few CVE’s to stuff containers and elevate with the Comahawk escalation module for Windows, written by tychos_moose.
And finally, possibly the most giving of all, Kenneth LaCroix has channeled his inner Ruby-Nosed-Reindeer to guide us with documentation!
New modules
- Bash Profile Persistence by Michael Long
- OpenMRS Java Deserialization RCE by Nicolas Serra, Shelby Pace, and mpgn, which exploits CVE-2018-19276
- Microsoft UPnP Local Privilege Elevation Vulnerability by NCC Group, bwatters-r7, and hoangprod, which exploits CVE-2019-1405
- Windows Manage Memory Shellcode Injection Module by phra
Enhancements and features
- PR #12740, Remove method call side-effects by jmartin-r7
- PR #12677, Better error when JtR not adequate by pbarry-r7
- PR #12738, add support for Mdm::Module::Ref objects when linking refs to vulns by jmartin-r7
- PR #12702, has_check? for modules by adamgalway-r7
- PR #12517, replace CheckScanner mixin with CheckModule, which works with anything by wvu-r7
- PR #12727, netfilter_priv_esc_ipv4 improvements by bcoles
- PR #12486, Small changes to the host_header_injection aux module by mcantoni
Bugs fixed
- PR #12714, fix encrypted_shell warning by space-r7
- PR #12742, bsd/vax/shell_reverse_tcp style fix by wvu-r7
- PR #12737, further improvements to CheckModule mixin by wvu-r7
- PR #12711, return correct values for credential proxy methods by jmartin-r7
Get it
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
We recently announced the release of Metasploit 5. You can get it by cloning
the Metasploit Framework repo (master branch). To install fresh without using git,
you can use the open-source-only Nightly Installers or the binary installers
(which also include the commercial editions).
