Last updated at Fri, 27 Oct 2023 22:01:58 GMT
New module content (4)
Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control
Description: This adds an exploit for CVE-2023-22515, which is an authentication bypass within Atlassian Confluence that enables a remote attacker to create a new administrator account.
VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure
Authors: Harsh Jaiswal ( <Harsh Jaiswal (@rootxharsh)>, Rahul Maini ( <Rahul Maini (@iamnoooob)>, SinSinology, and h00die
Pull request: #18460 contributed by h00die
Description: This adds a new exploit module that leverages the fact that SSH keys on VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0.0 through 6.10.0 are not randomized on initialization. It tries all the default SSH keys until one succeeds and gains unauthorized remote access as the "support" (root) user.
Splunk "edit_user" Capability Privilege Escalation
Authors: Heyder Andrade, Mr Hack (try_to_hack) Santiago Lopez, and Redway Security <redwaysecurity.com>
Pull request: #18348 contributed by heyder
Description: This module exploits an authorization vulnerability in Splunk, targeting CVE-2023-32707, that allows a low privilege user with the capability
edit_user to take over the admin account and log in to upload a malicious app, achieving remote code execution.
Add a new user to the system
Description: This adds a post module that creates a new user on the target OS. It tries to use standard tools already available on the system, but it's also able to directly update the plaintext database files (
/etc/shadow). This module requires root privileges.
Enhancements and features (4)
- #18299 from zgoldman-r7 - Improves error messages for timeouts when interacting with a Meterpreter session. Previously an unclear error was printed. Now the user is notified how to increase the timeout limit.
- #18421 from smashery - This adds the capability to store the TGT ticket in the MSF kerberos cache when a successful Kerberos login is received by the
kerberos_loginbrute force module.
- #18466 from nfsec - Updates the Docker entrypoint script to use
grepwhen detecting user/group details.
- #18299 from h00die - This adds a
db_statscommand which gives the user information about how much data is in their database/workspace.
Bugs fixed (2)
- #18400 from dwelch-r7 - This fixes an issue when searching for a Kerberos ticket and passing in the workspace. The workspace is now correctly used to query the database.
- #18403 from cdelafuente-r7 - Fixes a potential bug with modules that register files to cleanup after a session opens. Previously modules could accidentally mutate registered file names to delete, causing the intended files to be left on the remote system still.
Documentation added (1)
- #18470 from zgoldman-r7 - Adds a new Wiki page for session management, detailing how to search for sessions and killing stale sessions.
You can always find more documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with
and you can get more details on the changes since the last blog post from
If you are a
git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).