Last updated at Fri, 02 Feb 2024 20:14:34 GMT
Shared RubySMB Service Improvements
This week’s updates include improvements to Metasploit Framework’s SMB server implementation: the SMB server can now be reused across various SMB modules, which are now able to register their own unique shares and files. SMB modules can also now be executed concurrently. Currently, there are 15 SMB modules in Metasploit Framework that utilize this feature.
New module content (2)
Mirth Connect Deserialization RCE
Description: This PR adds an exploit module for Mirth Connect. Versions < 4.4.1 are vulnerable to CVE-2023-43208 and CVE-2023-37679, where the former is a patch bypass for the latter. In both cases, an attacker can execute an OS command in the context of the target service using a specially crafted HTTP request and Java deserialization gadget. A technical analysis of CVE-2023-37679 is available in AttackerKB.
Puppet Config Gather
Description: This PR adds a post gather module to get Puppet configs and other sensitive files.
Enhancements and features (2)
- #18680 from zeroSteiner - This adds a service compatible with
Rex::ServiceManagerfor SMB that can be shared among modules.
- #18742 from sjanusz-r7 - Enhances the
post/multi/gather/memory_searchwith additional UX improvements such as outputting a list of matched processes that are being targeted, as well as improved error handling if the process architecture is not correct.
Bugs fixed (2)
- #18750 from adfoster-r7 - Updates the
to_handlercommand for payload modules to support option overrides. The
to_handlercommand is a convenient way of using
multi/handler, setting the payload, and setting datastore options.
- #18760 from adfoster-r7 - Fixes an issue where Metasploit fails to start when
resolv.confcannot be found.
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with
and you can get more details on the changes since the last blog post from
If you are a
git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro