Repeat contributor Erik Wynter and our own wvu-r7 each submitted modules exploiting web applications which allow attackers to upload files to arbitrary locations, including where the web application would interpret them as code! The first targets HorizontCMS, exploiting CVE-2020-27387, and was merged by cdelafuente-r7. The second targets Oracle WebLogic Server's administration console, exploiting CVE-2020-14750, and was landed by smcintyre-r7, who had the unenviable job of testing Oracle software on Windows.
A number of smaller fixes that add up to large quality of life improvements also made it in this week. Notable ones include PR #14361 by chmod750 for adding a SharePoint cookie when you have one instead of trying to re-authenticate, several reliability improvements to the SecureCRT password gatherer in PR #14341 by gwillcox-r7, and option handling fixes for default targets in PR #14359 by adfoster-r7. Thanks y'all!
We're happy to announce another #Metasploit community CTF coming your way December 4! We developed this year's game to be accessible to beginners who want to connect with the community. Teams of all sizes are encouraged—registration opens 11/30. Read the full details in our blog post.
COOKIEoption to the
exploit/windows/http/sharepoint_ssi_viewstatemodule that is primarily useful when SharePoint is authenticated through a web form.
jobs -v, and persistence of jobs with
jobs -P, would crash when auxiliary jobs are present.
RHOST_HTTP_URLwas used in conjunction with the check command. The
RHOST_HTTP_URLoption can be enabled with the command
features set RHOST_HTTP_URL true.
ms17_010_eternalblueto validate that the target is x64. For instance, targeting a 32-bit system will now provide a failure message of
This exploit module only support x64 (64-bit) targets.
As always, you can update to the latest Metasploit Framework with
and you can get more details on the changes since the last blog post from
If you are a
git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).