Repeat contributor Erik Wynter and our own wvu-r7 each submitted modules exploiting web applications which allow attackers to upload files to arbitrary locations, including where the web application would interpret them as code! The first targets HorizontCMS, exploiting CVE-2020-27387, and was merged by cdelafuente-r7. The second targets Oracle WebLogic Server’s administration console, exploiting CVE-2020-14750, and was landed by smcintyre-r7, who had the unenviable job of testing Oracle software on Windows.
A number of smaller fixes that add up to large quality of life improvements also made it in this week. Notable ones include PR #14361 by chmod750 for adding a SharePoint cookie when you have one instead of trying to re-authenticate, several reliability improvements to the SecureCRT password gatherer in PR #14341 by gwillcox-r7, and option handling fixes for default targets in PR #14359 by adfoster-r7. Thanks y’all!
We’re happy to announce another #Metasploit community CTF coming your way December 4! We developed this year’s game to be accessible to beginners who want to connect with the community. Teams of all sizes are encouraged—registration opens 11/30. Read the full details in our blog post.
COOKIE
option to the exploit/windows/http/sharepoint_ssi_viewstate
module that is primarily useful when SharePoint is authenticated through a web form.jobs -v
, and persistence of jobs with jobs -P
, would crash when auxiliary jobs are present.RHOST_HTTP_URL
was used in conjunction with the check command. The RHOST_HTTP_URL
option can be enabled with the command features set RHOST_HTTP_URL true
.ms17_010_eternalblue
to validate that the target is x64. For instance, targeting a 32-bit system will now provide a failure message of This exploit module only support x64 (64-bit) targets
..
characterAs always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).