9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.035 Low
EPSS
Percentile
91.6%
In addition to an RCE leveraging CVE-2024-5084 to gain RCE through a WordPress Hash form, this release features the addition of several new binary OSX stageless payloads with aarch64 support: Execute Command, Shell Bind TCP, and Shell Reverse TCP.
The new osx/aarch64/shell_bind_tcp
payload opens a listening port on the target machine, which allows the attacker to connect to this open port to spawn a command shell using the user provided command using the execve system call on Apple silicon laptops.
The new osx/aarch64/shell_reverse_tcp
payload that can connect back to the configured attackerβs RHOST
and RPORT
to spawn a command shell using the execve system call on Apple silicon laptops.
The new osx/aarch64/exec
payload can execute arbitrary user provided commands using the execve system call on Apple silicon laptops, for example:
msf6 payload(osx/aarch64/exec) > generate -f macho cmd="/bin/bash -c 'echo 123 && echo abc && whoami && echo π₯'" -o shell
[*] Writing 50072 bytes to shellβ¦
And executing:
$ chmod +x ./shell
$ ./shell
123
abc
user
π₯
Authors: Francesco Carlucci and Valentin Lobstein
Type: Exploit
Pull request: #19208 contributed by Chocapikk
Path: multi/http/wp_hash_form_rce
AttackerKB reference: CVE-2024-5084
Description: This adds an exploit module that leverages a vulnerability in the WordPress Hash Form β Drag & Drop Form Builder plugin (CVE-2024-5084) to achieve remote code execution. Versions up to and including 1.1.0 are vulnerable. This allows unauthenticated attackers to upload arbitrary files, including PHP scripts, due to missing file type validation in the file_upload_action
function.
Author: alanfoster
Type: Payload (Single)
Pull request: #18646 contributed by AlanFoster
Path: osx/aarch64/exec
Description: Add osx aarch64 exec payload.
Author: alanfoster
Type: Payload (Single)
Pull request: #18776 contributed by AlanFoster
Path: osx/aarch64/shell_bind_tcp
Description: Add osx aarch64 bind tcp payload.
Author: alanfoster
Type: Payload (Single)
Pull request: #18652 contributed by AlanFoster
Path: osx/aarch64/shell_reverse_tcp
Description: Add osx aarch64 shell reverse tcp payload.
None
show options
.updated_at
value to incorrectly be set to the created_at
value.You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro
Be the first to learn about the latest vulnerabilities and cybersecurity news.
Subscribe Now
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.035 Low
EPSS
Percentile
91.6%