We just couldn't contain ourselves!

This week we've got two Kubernetes modules coming at you from adfoster-r7 and smcintyre-r7. First up is an enum module auxiliary/cloud/kubernetes/enum_kubernetes that'll extract a variety of information including the namespaces, pods, secrets, service token information, and the Kubernetes environment version! Next is an authenticated code execution module exploit/multi/kubernetes/exec (which shipped with a new websocket implementation, too, by the way) that will spin up a new pod with a Meterpreter payload for you provided you have the Kubernetes JWT token and access to the Kubernetes REST API. These modules can even be run through a compromised container that may be running on the Kubernetes cluster.

Atlassian Confluence WebWork OGNL Injection gets Windows support

You might remember Confluence Server CVE-2021-26084 making an appearance in a wrap-up last month, and it's back! Rapid7’s own wvu-r7 has updated his Confluence Server exploit to support Windows targets.

New module content (2)

  • Kubernetes Enumeration by Spencer McIntyre and Alan Foster - This adds a module for enumerating Kubernetes environments. It can be run via an established session within a Kubernetes environment or with an authentication token and target information. It will extract a variety of information including the namespaces, pods, secrets and version.
  • Kubernetes authenticated code execution by Spencer McIntyre and Alan Foster - Adds a new exploit/multi/kubernetes/exec module. It can be run via an established session within a Kubernetes environment or with an authentication token and target information. The module creates a new pod which will execute a Meterpreter payload to open a new session, as well as mounting the host's file system when possible.

Enhancements and features

  • #15732 from dwelch-r7 - Adds terminal size synchronisation for fully interactive shells against Linux environments with shell -it. This functionality is behind a feature flag and can be enabled with features set fully_interactive_shells true.
  • #15769 from wvu-r7 - Added Windows support to the Atlassian Confluence CVE-2021-26084 exploit.
  • #15773 from adfoster-r7 - Adds a collection of useful commands for configuring a local or remote Kubernetes environment to aid with testing and exploring Metasploit's Kubernetes modules and pivoting capabilities. The resource files include deploying two vulnerable applications, and populating secrets which can be extracted and stored as loot, as well as utility commands for creating admin and service account tokens.

Bugs fixed

  • #15760 from adfoster-r7 - Fixes an issue when attempting to store JSON loot, where the extension was always being set to bin instead of json.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).