Last updated at Fri, 03 Nov 2023 20:49:25 GMT
PTT for DCSync
This week, community member smashery made an improvement to the
windows_secrets_dump module to enable it to dump domain hashes using the DCSync method after having authenticated with a Kerberos ticket. Now, if a user has a valid Kerberos ticket for a privileged account, they can run the
windows_secrets_dump module with the
DOMAIN action and obtain the desired information. No password required. This is particularly useful in workflows involving the exploitation of AD/CS, using the ESC family of techniques.
New module content (2)
Citrix ADC (NetScaler) Bleed Scanner
Description: This adds a scanner module for exploiting CVE-2023-4966 which is a memory leak in Citrix ADC servers. This vulnerability allows a remote, unauthenticated attacker to leak memory by sending a very large HTTP Host header. The leaked memory is then scanned for session cookies which can be hijacked if found.
F5 BIG-IP TMUI AJP Smuggling RCE
Description: This module exploits a flaw in F5s BIG-IP Traffic Management User Interface (TMUI) that enables an external, unauthenticated attacker to create an administrative user. The attacker can then use the admin user to execute arbitrary code in the context of the root user.
Enhancements and features (3)
- #18386 from e-lliot - :
This adds the
lmkdircommand to Meterpreter, which creates a directory on the local host.
- #18441 from sjanusz-r7 - Adds at rest encryption to Meterpreter payloads on the Metasploit host machine's file system.
- #18419 from smashery - This updates the windows_secrets_dump module's DCSync technique (the DOMAIN action) to use Kerberos tickets for authentication. Users can now use Kerberos tickets for authentication with all actions in the module.
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with
and you can get more details on the changes since the last blog post from
If you are a
git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).