Last updated at Thu, 25 Jan 2024 00:38:43 GMT

I like to MOVEit, MOVEit, We like to MOVEit!

Party hard just like it's Mardi Gras! bwatters-r7 delivered the dance moves this week with a masterful performance. The windows/http/moveit_cve_2023_34362 module is available for all your party needs, taking advantage of CVE-2023-34362, this module gets into the MOVEit database and nets shells to help you "Keep on jumpin' off the floor"!

New module content (1)

MOVEit SQL Injection vulnerability

Authors: bwatters-r7, rbowes-r7, and sfewer-r7
Type: Exploit
Pull request: #18100 contributed by bwatters-r7
AttackerKB reference: CVE-2023-34362

Description: Adds a new module targeting the MOVEit Transfer web application that allows an unauthenticated attacker to gain access to MOVEit Transfer’s database.

Enhancements and features (7)

  • #18078 from zeroSteiner - This adds support to the auxiliary/admin/dcerpc/icpr_cert module to issue certificates for an explicit SID by specifying it within the NTDS_CA_SECURITY_EXT. This addition ensures that ESC1 will remain exploitable when issuing certificates with an SID becomes a requirement.
  • #18117 from smashery - This adds Windows 10 revision number extraction to the Windows version Post API.
  • #18118 from smashery - This PR updates the User Agent strings for June 2023.
  • #18119 from adfoster-r7 - This adds support for only running user specified test names in modules loaded by running loadpath test/modules.
  • #18126 from adfoster-r7 - This PR adds additional logging to the test/file module. This module is useful for developers contributing enhancements or new functionality to Meterpreter and other payloads. It is available after running loadpath test/modules.
  • #18127 from adfoster-r7 - This PR adds additional test/railgun_reverse_lookup tests for macOS and Linux.

Bugs fixed (5)

  • #17576 from gwillcox-r7 - This fixes a bug where adding and deleting tags to multiple hosts was not functioning correctly.
  • #18049 from cgranleese-r7 - This PR updates Jenkins modules to work with newer versions. Previously they fell over with a CSRF failure and gave a false negative result.
  • #18094 from zeroSteiner - Fixes an edgecase with windows/meterpreter/reverse_tcp where there was a small chance of an invalid stager being created.
  • #18104 from adfoster-r7 - This PR fixes an issue that falsely caused empty file reads on Meterpreter.
  • #18124 from adfoster-r7 - Fixes the broken test/extapi module. The module was facing issues returning clipboard data that pertained to the session being tested, this issue has been resolved. This module is useful for developers contributing enhancements or new functionality to Meterpreter and other payloads. It is available after running loadpath test/modules.
  • #18132 from jmartin-r7 - This PR reverts the changes from #17942 which was an improvement to AMSI bypass on new versions of windows. PR #17942 broke psexec and this PR reverts that issue.

Documentation

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).