Last week, a critical bug in sudo
came out and could potentially affect most of the Linux-based operating systems, since this tool is usually installed by default. This vulnerability is identified as CVE-2021-3156, but better known as "Baron Samedit", and is sitting there in the code since July 2011, ready to guide you to the underworld. It affects legacy versions from 1.8.2 to 1.8.31p2 and stable versions from 1.9.0 to 1.9.5p1. If you have not done it already, patch now!
This week, our own Spencer McIntyre added a new module that leverages this vulnerability to gain root privileges from any local user without using a password. This exploit is based on the blasty PoC. It requires specific offsets to succeed, and currently has targets for Ubuntu 20.04 and 18.0[1-4]. We would like to extend that target list, and help from our awesome community would be greatly appreciated!
Contributor @stufus added a very useful module that enumerates the Microsoft 365 Sharepoint/OneDrive endpoints on a target Windows system. This allows access to information related to sites that are being synchronised by the OneDrive application. This module will be very useful to get sensitive and extra information during a pentest engagement.
post/windows/gather/enum_onedrive.rb
, has been added which allows users to enumerate information relating to all of the sites (including teamsites) which OneDrive is configured to synchronize for a target host.auxiliary/scanner/redis/redis_login
module.exploit/windows/winrm/winrm_script_exec
printing nil
when no command output is returned.As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).