Here in the northern hemisphere, fall is on the way: leaves changing, the air growing crisp and cool, and some hackers changing the flavor of their caffeine. This release features a new exploit module targeting Apache NiFi as well as a new and improved library to interact with it.
Authors: Matei "Mal" Badanoiu and h00die
Type: Exploit
Pull request: #18257 contributed by h00die
Path: exploits/linux/http/apache_nifi_h2_rce
AttackerKB reference: CVE-2023-34468
Description: This adds an exploit module for a Apache NiFi h2 remote code execution identified as CVE-2023-34468. Versions 0.0.2 through 1.21.0 are vulnerable and allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. This also adds a library with helper functions for modules targeting this product.
Modules which have either been enhanced, or renamed:
Authors: Silas Cutler and h00die
Type: Auxiliary
Pull request: #18310 contributed by h00die
Path: auxiliary/gather/elasticsearch_enum
Description: This updates the Elasticsearch auxiliary module. It has been renamed to elastic_enum
, accepts credentials and will store data to disk that is pulled from the target.
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).