Metasploit Weekly Wrap-Up 08/09/2024

Black Hat & DEF CON

Hopefully folks were able to catch our Rapid7 researchers @zeroSteiner & Jack Heysel show off the Metasploit 6.4’s features, focusing on combinations that allow for new, streamlined attack workflows at Black Hat. If not they will also be demoing at DEF CON tomorrow in room W304!

New module content (1)

Calibre Python Code Injection (CVE-2024-6782)

Authors: Amos Ng and Michael Heinzl
Type: Exploit
Pull request: #19357 contributed by h4x-x0r
Path: multi/misc/calibre_exec
AttackerKB reference: CVE-2024-6782

Description: Adds a module targeting CVE-2024-6782, an unauthenticated Python code injection vulnerability in the Content Server component of Calibre v6.9.0 - v7.14.0. Once enabled (disabled by default), it will listen in its default configuration on all network interfaces on TCP port 8080 for incoming traffic. The injected payload will get executed in the same context under which Calibre is being executed.

Bugs fixed (1)

• #19355 from dledda-r7 - Fixes an issue where Meterpreter sessions would fail to migrate when MeterpreterDebugBuild is enabled.

Documentation

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

• Pull Requests 6.4.20…6.4.21
• Full diff 6.4.20…6.4.21

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro