Last updated at Thu, 11 Jan 2024 19:11:28 GMT

This is a pretty modest update, since it's the first after our successful 4.2 release last week. Now that 4.2 is out the door, we've been picking up on core framework development, and of course, have a few new modules shipping out.

Meterpreter Updates

James "egyp7" Lee and community contributor mm__ have been banging on the POSIX side of Meterpreter development this week, and have a couple of significant enhancements to Linux Meterpreter. The most significant change is switching to netlink sockets for discovering network interfaces -- previously, Meterpreter used libpcap, which had a couple of downsides. The first is that libpcap doesn't show interfaces that you cannot sniff on. This, in turn, leads to an even bigger issue: you can't sniff at all unless you're root on most machines, so normal users usually don't see any interfaces at all. During the transition, mm__ also added support for listing IPv6 addresses, and egyp7 is working on having Windows meterpreter doing the same thing soon.

Since egyp7 is back to full-time framework development work (he's been away during a penetration testing stint), expect to see more advances in core framework functionality in the coming weeks.

New Modules

While the module count this week isn't quite as impressive as some of the giant piles of exploits we've pushed out in the past, it's interesting to note that of the five new modules we're shipping this week, each one addresses a different exploitation vector.

  • lantronix_telnet_version parses out the banner infomation for a Lantronix Telnet Service (by TheLightCosine), making for a classic information disclosure -- why bother with fancy fingerprinting techniques when the service will just tell attackers exactly what version it is?
  • orbit_download_failed_bof exploits CVE-2008-1602, a file format vulnerability in Orbit Downloader (by Juan Vazquez). By enticing a user to open an Orbit Downloader "metalink" formatted file, the attacker can trigger an access violation and seize the execution path.
  • hp_data_protector_cmd_exec exploits CVE-2011-0923, which is a remote unauthenticated command exec vulnerability in HP's Data Protector product (by wireghoul and c4an).
  • java_ws_vmargs exploits CVE-2012-0500, which is another command execution vuln; this time, on the client, via a specially-crafted JNLP file (by jduck). Note that this exploit uses a crafty WebDAV vector to get the goods to the victim, which is pretty cool. Watch your egress rules!
  • trendmicro_cmdprocessor_addtask : Exploits CVE-2011-5001, a remote stack buffer overflow in TrendMicro's Control Manager. It's always fun to exploit buffer overflows in security software.

Availability

If you're new to Metasploit, you can get started by downloading Metasploit for Linux or Windows. If you're already tracking the bleeding-edge of Metasploit development, then these modules are but an msfupdate command away. For readers who prefer the packaged updates for Metasploit Community and Metasploit Pro, you'll be able to install the new hotness today when you check for updates through the Software Updates menu under Administration.

For additional details on what's changed and what's current, please see Jonathan Cran's most excellent release notes.