Metasploit Weekly Wrap-Up 05/23/2024

Infiltrate the Broadcast!

A new module from Chocapikk allows the user to perform remote code execution on vulnerable versions of streaming platform AVideo (12.4 - 14.2). The multi/http/avideo_wwbnindex_unauth_rce module leverages CVE-2024-31819, a vulnerability to PHP Filter Chaining, to gain unauthenticated and unprivileged access, earning it an attacker value of High on AttackerKB.

New module content (8)

Chaos RAT XSS to RCE

Authors: chebuya and h00die
Type: Exploit
Pull request: #19104 contributed by h00die
Path: linux/http/chaos_rat_xss_to_rce
AttackerKB reference: CVE-2024-30850

Description: Adds an exploit for HAOS v5.0.8, which contains a remote command execution vulnerability which
can be triggered through one of three routes: credentials, JWT token from an agent, an agent executable can be provided, or the JWT token can be extracted.

AVideo WWBNIndex Plugin Unauthenticated RCE

Author: Valentin Lobstein
Type: Exploit
Pull request: #19071 contributed by Chocapikk
Path: multi/http/avideo_wwbnindex_unauth_rce
AttackerKB reference: CVE-2024-31819

Description: Adds a module for CVE-2024-31819 which exploits an LFI in AVideo which uses PHP Filter Chaining to turn the LFI into unauthenticated RCE.

NorthStar C2 XSS to Agent RCE

Authors: chebuya and h00die
Type: Exploit
Pull request: #19102 contributed by h00die
Path: windows/http/northstar_c2_xss_to_agent_rce
AttackerKB reference: CVE-2024-28741

Description: Adds an exploit for CVE-2024-28741 which exploits an XSS vulnerability in Northstar C2.

Adi IRC credential gatherer

Authors: Barwar Salim M, Daniel Hallsworth, Jacob Tierney, Kazuyoshi Maruta, and Z. Cliffe Schreuders
Type: Post
Pull request: #19169 contributed by The-Pink-Panther
Path: windows/gather/credentials/adi_irc

Description: This adds a gather module leveraging Packrat targeting Adi IRC client.

CarotDAV credential gatherer

Authors: Barwar Salim M, Daniel Hallsworth, Jacob Tierney, Kazuyoshi Maruta, and Z. Cliffe Schreuders
Type: Post
Pull request: #19173 contributed by The-Pink-Panther
Path: windows/gather/credentials/carotdav_ftp

Description: This adds a gather module leveraging Packrat targeting the CarotDAV FTP client.

Halloy IRC credential gatherer

Authors: Barwar Salim M, Daniel Hallsworth, Jacob Tierney, Kazuyoshi Maruta, and Z. Cliffe Schreuders
Type: Post
Pull request: #19165 contributed by The-Pink-Panther
Path: windows/gather/credentials/halloy_irc

Description: This adds a module leveraging Packrat to gather credentials against the Halloy IRC client.

Quassel IRC credential gatherer

Authors: Barwar Salim M, Daniel Hallsworth, Jacob Tierney, Kazuyoshi Maruta, and Z. Cliffe Schreuders
Type: Post
Pull request: #19166 contributed by The-Pink-Panther
Path: windows/gather/credentials/quassel_irc

Description: This adds a gather module leveraging Packrat targeting Quassel IRC client.

Sylpheed email credential gatherer

Authors: Barwar Salim M, Daniel Hallsworth, Jacob Tierney, Kazuyoshi Maruta, and Z. Cliffe Schreuders
Type: Post
Pull request: #19171 contributed by The-Pink-Panther
Path: windows/gather/credentials/sylpheed

Description: This adds a gather module leveraging Packrat targeting Sylpheed Email client.

Enhancements and features (1)

• #19189 from adfoster-r7 - Updates Metasploit framework’s default Ruby version to 3.1.5; newer Ruby versions are also supported.

Bugs fixed (4)

• #19002 from adfoster-r7 - Fixed persistent jobs not working when rebooting MSF console.
• #19170 from sjanusz-r7 - Fixes the smb_lookupsid module hanging with STATUS_PENDING when running against Samba targets.
• #19186 from dwelch-r7 - Fixes a bug were the show advanced command could show normal options.
• #19192 from adfoster-r7 - Fix crashing mipsel modules when running Ruby 3.3.0.

Documentation

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

• Pull Requests 6.4.9…6.4.10
• Full diff 6.4.9…6.4.10

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro

NEVER MISS AN EMERGING THREAT

Be the first to learn about the latest vulnerabilities and cybersecurity news.

Subscribe Now