Grant WillcoxRAPID7BLOG:4E905ECC65C55AB81AB6DBB5684A6182Metasploit Weekly Wrap-Up
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
SAMR Auxiliary Module
A new SAMR auxiliary module has been added that allows users to add, lookup, and delete computer accounts from an AD domain. This should be useful for pentesters on engagements who need to create an AD account to gain an initial foothold into the domain for lateral movement attacks, or who need to use this functionality as an attack primitive.
Note when using this module that there is a standard number of computers a user can add, so be wary that you may get STATUS_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED error messages if you try to run this repeatedly. It should also be noted that whilst a standard user can create a computer account, you will need additional privileges to delete that account.
A Pesky Table Bug Gets Squashed
A well known bug in Rex-Tables when trying to render tables which contain unsupported characters has now been fixed in Rex-Text 0.2.38, which has now been pulled into the framework. This should solve a number of issues that have been reported over the last year such as <https://github.com/rapid7/metasploit-framework/issues/15833>, <https://github.com/rapid7/metasploit-framework/issues/14955>, and <https://github.com/rapid7/metasploit-framework/issues/15044>. It should also help improve experiences with some of the new LDAP work we have been working on lately, so that users should have a smoother experience once that releases.
PHP Mailer Argument Injection Module Improvements
As a final point of note, community contributor erikbomb has improved the PHP Mailer Argument Injection exploit targeting CVE-2016-10033 and CVE-2016-10045 to now support changing the name of the fields for the name, email, and message objects. This should allow this exploit to work under additional scenarios where these settings may need to be altered for the exploit to successfully run. Much thanks to erikbomb for these enhancements!
New module content (1)
- SAMR Computer Management by JaGoTu and Spencer McIntyre - This adds an auxiliary module that can be used to add, lookup, and delete computer accounts from an active directory domain. The computer account can offer a sort of foothold into the domain for lateral movements or as a common attack primitive.
Enhancements and features (1)
- #16721 from erikbomb - This updates the PHP Mailer Argument Injection exploit to allow setting the names of certain fields via advanced options. These configuration options then allow the exploit to work in additional scenarios.
Bugs fixed (2)
- #16722 from bcoles - Fixes module metadata for stability and reliability.
- #16729 from gwillcox-r7 - Fixes a crash in Metasploitβs console when trying to render tables which contain unsupported characters.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P