Last updated at Tue, 16 Jan 2024 01:28:17 GMT
Food-related hijinks
This week, phra offers up a new potato dish to make privilege escalation in Windows just a bit tastier.
Also, our very own Aaron Soto finished preparing a nice bowl of yoserial that makes dynamic java objects just a bit easier to swallow.
New modules
Exploit modules (2 new)
- blueman set_dhcp_handler D-Bus Privilege Escalation by bcoles and Sebastian Krahmer, which exploits CVE-2015-8612
- Windows Net-NTLMv2 Reflection DCOM/RPC (Juicy) by FoxGloveSec, breenmachine, decoder, lupman, ohpe, and phra, which exploits CVE-2016-3225
Improvements
- PR #11125, by Aaron Soto, makes Java serialized objects more easily readable and adaptable by adding support for importing and generating dynamic objects from
ysoserial
(found here). - PR #11217, by Clément Notin, fixes two issues handling error conditions in the badpdf local exploit module.
- PR #11262, by Matthew Kienow, improves the interaction between the
thin
webservice and the rackup file inmsfdb
so that it is not tied to a specific framework directory location. - PR #11263, by h00die, standardizes the
KoreLogic
option in the JTR modules to be uppercase. - PR #11267, by Clément Notin, fixes a missing
RHOST
in the authentication message forexploit/windows/smb/ms17_010_psexec
.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate
, and you can get more details on the changes since the last blog post from GitHub:
We recently announced the release of Metasploit 5. You can get it by cloning the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial editions). PLEASE NOTE that the binary installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the Metasploit 4 branch for the time being. Migration is underway, so you can look forward to getting Metasploit 5 in the binary installers and in third-party software distributions soon.