Last updated at Tue, 16 Jan 2024 01:33:50 GMT

With the Northeast U.S. getting hit with back-to-back nor’easters this week, it’s probably a good idea to head back inside and wait it out until spring arrives. So toss another log on the fire, grab a hot drink, raise a toast to all the folks making Metasploit awesome, and catch up on the latest!

Pictured: the author endlessly complaining about the weather...

It Goes to 11

While amplification attacks are nothing new, the memcached amplification attack vector (reffered to as “memcrashed”) which came to light last week is notable for its staggering 1:50000 amplification capability. Couple that with the many publicly-accessible vulnerable memcached instances out there, and we had the perfect recipe for the distributed denial-of-service attacks which followed, like the one targeting GitHub. Thanks to work by Marek Majkowski, xistence, and Jon Hart, Metasploit now has a new memcached_amp scanner module which can help identify your memcached instances vulnerable to amplification. Additionally, Jon Hart provided a second memcached scanning module for gathering version information of memcached instances over the same exposed UDP port that plays a role in the memcrashed amplification attacks. Hopefully we’ll see the number of vulnerable memcached instances out there continue to decline.

Or to 50KB per byte…!

Grinds My Netgears

If you like magic packets and root-level shell sessions, we’ve got a new module right up your alley. Targeting a number of vulnerable NETGEAR devices, the new netgear_telnetenable module from Paul Gebheim, insanid, and wvu will pop a shell prompt with root-level access on vulnerable targets. This is actually an older known “feature” of these devices, and with the proliferation of NETGEAR devices around, you might find this module useful!

“Insecure devices really grinds my gears!”

School of Hard ‘Nox

OMG, OSGi! As it turns out, the OSGi framework console provided in vulnerable versions of Eclipse Equinox allows for remote code execution. And the new osgi_console_exec module from Quentin Kaiser will take you there! With fork in hand, you’ll be running your code in no time...

Pictured: Google search result when you badly typo “Equinox”...

New Modules

Exploit modules (2 new)

Auxiliary and post modules (3 new)

Improvements

Get it

As always, you can update to the latest Metasploit Framework with msfupdate, and you can get more details on the changes since the last blog post from GitHub:

To install fresh, check out the open-source-only Nightly Installers, or the binary installers which also include the commercial editions. PLEASE NOTE that these installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the stable Metasploit 4 branch. If you'd like to try out the newer things going into Metasploit 5, that work is available in the master branch of the Metasploit Framework repo on GitHub.