An Especially Spooky Season for Moodle

This release has not one, two, or three, but FOUR authenticated Moodle exploit modules, or should I say moodules? H00die comes through again with not just modules, but also an artisanal, bespoke library to support further work. Two target the spell check functions in Moodle, one is a shell upload using administrative credentials, and one allows teachers to get ahead by declaring themselves administrators!

More Information on Forwarded Sessions and Jobs

To get through networks, sometimes red teamers need to connect sessions and forward traffic through a “red network” of hosts to gain access to a target of interest on an interior network. Smashery has added features to the sessions and jobs information reporting that reflects the status of a forwarded connection and which sessions it is using for its connection. This helps users keep track of an already tricky [or treaty] situation juggling sessions and forwarded connections.

New module content (4)

Enhancements and features

  • #15706 from smashery - The reverse shell handlers in Metasploit have been updated. When catching a shell via a route that goes through another existing session, Metasploit will now note which session the new session originated from. This helps users determine how shells were obtained when they use an existing session to acquire another session within a target's network. Additional information has been applied to job information which provides users with more clarity when looking at jobs.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).

[Modified] Image credit https://commons.wikimedia.org/wiki/File:Halloween_Jack-o'-lantern.jpg