Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rapid7blogZachary GoldmanRAPID7BLOG:02CFBC1E32B2191E625DD7C9F794DD22
HistoryMay 23, 2024 - 8:30 p.m.

Metasploit Weekly Wrap-Up 05/23/2024

2024-05-2320:30:25
Zachary Goldman
blog.rapid7.com
6
metasploit
avideo
remote code execution
php filter chaining
vulnerability
chaos rat
northstar c2
adi irc
carotdav
halloy irc
quassel irc

7.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.4%

JSON

Infiltrate the Broadcast!

Metasploit Weekly Wrap-Up 05/23/2024

A new module from Chocapikk allows the user to perform remote code execution on vulnerable versions of streaming platform AVideo (12.4 - 14.2). The multi/http/avideo_wwbnindex_unauth_rce module leverages CVE-2024-31819, a vulnerability to PHP Filter Chaining, to gain unauthenticated and unprivileged access, earning it an attacker value of High on AttackerKB.

New module content (8)

Chaos RAT XSS to RCE

Authors: chebuya and h00die
Type: Exploit
Pull request: #19104 contributed by h00die
Path: linux/http/chaos_rat_xss_to_rce
AttackerKB reference: CVE-2024-30850

Description: Adds an exploit for HAOS v5.0.8, which contains a remote command execution vulnerability which
can be triggered through one of three routes: credentials, JWT token from an agent, an agent executable can be provided, or the JWT token can be extracted.

AVideo WWBNIndex Plugin Unauthenticated RCE

Author: Valentin Lobstein
Type: Exploit
Pull request: #19071 contributed by Chocapikk
Path: multi/http/avideo_wwbnindex_unauth_rce
AttackerKB reference: CVE-2024-31819

Description: Adds a module for CVE-2024-31819 which exploits an LFI in AVideo which uses PHP Filter Chaining to turn the LFI into unauthenticated RCE.

NorthStar C2 XSS to Agent RCE

Authors: chebuya and h00die
Type: Exploit
Pull request: #19102 contributed by h00die
Path: windows/http/northstar_c2_xss_to_agent_rce
AttackerKB reference: CVE-2024-28741

Description: Adds an exploit for CVE-2024-28741 which exploits an XSS vulnerability in Northstar C2.

Adi IRC credential gatherer

Authors: Barwar Salim M, Daniel Hallsworth, Jacob Tierney, Kazuyoshi Maruta, and Z. Cliffe Schreuders
Type: Post
Pull request: #19169 contributed by The-Pink-Panther
Path: windows/gather/credentials/adi_irc

Description: This adds a gather module leveraging Packrat targeting Adi IRC client.

CarotDAV credential gatherer

Authors: Barwar Salim M, Daniel Hallsworth, Jacob Tierney, Kazuyoshi Maruta, and Z. Cliffe Schreuders
Type: Post
Pull request: #19173 contributed by The-Pink-Panther
Path: windows/gather/credentials/carotdav_ftp

Description: This adds a gather module leveraging Packrat targeting the CarotDAV FTP client.

Halloy IRC credential gatherer

Authors: Barwar Salim M, Daniel Hallsworth, Jacob Tierney, Kazuyoshi Maruta, and Z. Cliffe Schreuders
Type: Post
Pull request: #19165 contributed by The-Pink-Panther
Path: windows/gather/credentials/halloy_irc

Description: This adds a module leveraging Packrat to gather credentials against the Halloy IRC client.

Quassel IRC credential gatherer

Authors: Barwar Salim M, Daniel Hallsworth, Jacob Tierney, Kazuyoshi Maruta, and Z. Cliffe Schreuders
Type: Post
Pull request: #19166 contributed by The-Pink-Panther
Path: windows/gather/credentials/quassel_irc

Description: This adds a gather module leveraging Packrat targeting Quassel IRC client.

Sylpheed email credential gatherer

Authors: Barwar Salim M, Daniel Hallsworth, Jacob Tierney, Kazuyoshi Maruta, and Z. Cliffe Schreuders
Type: Post
Pull request: #19171 contributed by The-Pink-Panther
Path: windows/gather/credentials/sylpheed

Description: This adds a gather module leveraging Packrat targeting Sylpheed Email client.

Enhancements and features (1)

  • #19189 from adfoster-r7 - Updates Metasploit framework’s default Ruby version to 3.1.5; newer Ruby versions are also supported.

Bugs fixed (4)

  • #19002 from adfoster-r7 - Fixed persistent jobs not working when rebooting MSF console.
  • #19170 from sjanusz-r7 - Fixes the smb_lookupsid module hanging with STATUS_PENDING when running against Samba targets.
  • #19186 from dwelch-r7 - Fixes a bug were the show advanced command could show normal options.
  • #19192 from adfoster-r7 - Fix crashing mipsel modules when running Ruby 3.3.0.

Documentation

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro

NEVER MISS AN EMERGING THREAT

Be the first to learn about the latest vulnerabilities and cybersecurity news.

Subscribe Now

Related

cvelist 3
nvd 3
metasploit 3
packetstorm 5
githubexploit 4
cve 3
github 1
zdt 3
veracode 1
osv 3
cvelist
cvelist
CVE-2024-31819
2024-04-10 00:00:00
CVE-2024-28741
2024-04-06 00:00:00
CVE-2024-30850
2024-04-12 00:00:00
nvd
nvd
CVE-2024-28741
2024-04-06 19:15:07
CVE-2024-31819
2024-04-10 20:15:08
CVE-2024-30850
2024-04-12 06:15:06
metasploit
metasploit
NorthStar C2 XSS to Agent RCE
2024-04-24 20:54:02
AVideo WWBNIndex Plugin Unauthenticated RCE
2024-04-09 20:09:10
Chaos RAT XSS to RCE
2024-04-24 20:51:58
packetstorm
packetstorm
NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution
2024-03-12 00:00:00
NorthStar C2 Cross Site Scripting / Code Execution
2024-05-22 00:00:00
AVideo WWBNIndex Plugin Unauthenticated Remote Code Execution
2024-05-22 00:00:00
githubexploit
githubexploit
Exploit for CVE-2024-30850
2024-04-05 21:35:04
Exploit for CVE-2024-31819
2024-06-09 08:48:21
Exploit for CVE-2024-31819
2024-03-27 14:41:10
cve
cve
CVE-2024-30850
2024-04-12 06:15:06
CVE-2024-28741
2024-04-06 19:15:07
CVE-2024-31819
2024-04-10 20:15:08
github
github
tiagorlampert CHAOS vulnerable to command injections
2024-04-12 06:33:24
zdt
zdt
NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution Exploit
2024-03-12 00:00:00
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution Exploit
2024-05-22 00:00:00
CHAOS RAT 5.0.1 Remote Command Execution Exploit
2024-04-11 00:00:00
veracode
veracode
Code Injection
2024-04-15 06:08:03
osv
osv
tiagorlampert CHAOS vulnerable to arbitrary code execution
2024-05-07 15:30:37
tiagorlampert CHAOS vulnerable to command injections
2024-04-12 06:33:24
Arbitrary code execution in github.com/tiagorlampert/CHAOS
2024-05-09 16:51:38

7.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.4%

JSON
Related for RAPID7BLOG:02CFBC1E32B2191E625DD7C9F794DD22
cvelist3nvd3metasploit3packetstorm5githubexploit4cve3github1zdt3veracode1osv3