wvu-r7 added an exploit module that targets SaltStack’s Salt software. Specifically, the module exploits both an authentication bypass (CVE-2020-25592) and a command injection vulnerability (CVE-2020-16846) in SaltStack’s REST API to get code execution as root
through Salt’s SSH client on infected versions. You can read more about the vulns on AttackerKB.
justinsteven both discovered a vulnerability (CVE-2020-7384) in and added an exploit module for Metasploit’s msfvenom
utility. msfvenom
allows users to use custom apk templates to inject a payload into; however, msfvenom
does not sanitize certain fields, such as the Owner
field, that get passed into a Open3.popen3()
call. Because of this, an unsuspecting user of msfvenom
might use a malicious template and subsequently give an attacker a shell on the user’s computer. This issue has been fixed in Metasploit’s 6.0.12
release and Metasploit Pro’s 4.19.0
release.
ide0x90 added an exploit module that targets various versions of a popular Wordpress plugin, Wordpress File Manager
. The vulnerability (CVE-2020-25213) is due to a leftover example file that enables unauthenticated execution of a set of commands. One of those commands is an upload
command, which makes uploading a php webshell and getting code execution effortless.
juushya added an auxiliary module that obtains useful information such as IPs of connected clients, server OS information and statistics, and log files from Apache Zookeeper instances.
AutoCheck
are always prepended as opposed to included in modules.auxiliary/scanner/http/drupal_views_user_enum
module.msfdb
command to show more readable and informative output to the user.post/windows/manage/execute_dotnet_assembly
module to be able to handle additional function signatures of the code that will be injected into.auxiliary/analyze/apply_pot
module caused by an out-of-date symbol name.msfconsole
’s generate
command caused by attempting to tab complete input with no results.auxiliary/scanner/smb/smb_login
module that reported false negatives for valid credentials when msfconsole
was started with bundle exec
preceding the command.As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial edition).