With Hacker Summer Camp 2017 wrapped up and folks now recovering from it, why not grab a drink and read up on what’s new with Metasploit?
At least a few versions of open source firewall IPFire contain a post-auth RCE vulnerability, and we (well, you!) now have a module to help exploit that. Due to how an incoming Snort Oinkcode is processed via HTTP POST request, the IPFire software leaves itself open for shoving a payload in as the Oinkcode and having it executed. Like throwing water on an IPFire…
Synapse, a computer peripheral configuration application from popular peripheral device vendor Razer, contains an access control vulnerability in their rzpnk.sys driver. Exploiting this vuln allows privilege escalation, including reading and writing of other process’ memory and remote code execution. And there’s a new module for this. As of this writing, this vulnerability has not yet been patched (and considering Synapse will auto-install on peripheral connect–at least under Windows 10–there may be many susceptible targets out there!).
And we’ve landed a few new aux modules for your scanning pleasure: RDP and NNTP. While RDP is likely familiar to many readers, NNTP (Network News Transfer Protocol) might be less so. But you never know what a target might be running…
We’ve had some improvements to a couple of our Meterpreters to share.
Windows Meterpreter
macOS/OSX Meterpreter
Had a desire to follow what your sessions are up to via an RSS feed? If so, rejoice! There’s now a new framework plugin for doing exactly that thanks to @mubix.
In an effort to make framework’s HttpServer a bit less leaky, @dbfarrow added the ability to serve up a canned ‘plz no crawl/index my pagez’ robot.txt response for clients who request it. And, for those clients who do request it and honor it, that canned response should be enough to shoo them off from accessing files HttpServer is hosting…
Exploit modules (5 new)
Auxiliary and post modules (2 new)
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from GitHub:
To install fresh, check out the open-source-only Nightly Installers, or the binary installers which also include the commercial editions.