Last updated at Wed, 17 Jan 2024 01:51:52 GMT
Command and Control with DOUBLEPULSAR
We now have a DOUBLEPULSAR exploit module thanks to some amazing work by our own wvu, Jacob Robles, and some significant contributions from the wider community. The module allows you to check for the DOUBLEPULSAR implant, disable it, or even load your own payloads as well; it really deserves its own blog post…
Cisco/Juniper config importers
A bit of a quality of life addition here from h00die.
We've had the ability to pull and store these configs for some time now, but the new modules
make it easy to store the config files if you find them as a flat file. No more need to get a session and use a post module to dump them in the DB.
New modules (3)
- DOUBLEPULSAR Payload Execution and Neutralization by wvu, Equation Group, Jacob Robles, Luke Jennings, Shadow Brokers, and zerosum0x0, which exploits CVE-2017-0148
- Cisco Configuration Importer by h00die
- Juniper Configuration Importer by h00die
Enhancements and features
PR 12387 puts us on to ruby 2.6.5, which comes with some security updates. You can find the specifics here.
Bugs fixed
PR 12377 by wvu fixes a bug in the stack_adjustment exploit module method that generates an error when a module specifies the Arch metadata as a single string constant rather than an array.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
We recently announced the release of Metasploit 5. You can get it by cloning
the Metasploit Framework repo (master branch). To install fresh without using git,
you can use the open-source-only Nightly Installers or the binary installers
(which also include the commercial editions).