Last updated at Fri, 09 Feb 2024 14:33:10 GMT
With 2019 almost wrapped up, we’ve been left wondering where the time went! It’s been a busy year for Metasploit, and we’re going out on a reptile-themed note this wrap-up...
Python gets compatible
With the clock quickly ticking down on Python 2 support, contributor xmunoz came through with some changes to help ensure most of Framework works with Python 3. While Python 3’s adoption rate was a bit slow since its release 11 years ago this month, it has clearly been the path forward. So we’re shedding the skin just in time for 2020!
Privesc beyond the reptilian brain
If you’re looking to escalate privileges on a target that has the Reptile Linux Kernel Module (LKM) rootkit installed, contributor bcoles has got you, fam. Using an existing session, this new module will upload a payload and execute via the reptile_cmd
utility on the target, which permits elevating privileges to root when passed the root
argument. On success, you’ll have a new session with root privileges! S-s-s-s-s-super!
New modules (1)
- Reptile Rootkit reptile_cmd Privilege Escalation by bcoles and f0rb1dd3n.
Enhancements and features
- PR #12524 from xmunoz updates most Python code in Metasploit Framework to be compatible with Python 3.
- PR #12754 from wvu-r7 adds the ForceExploit option to the exploit/bsd/finger/morris_fingerd_bof and exploit/unix/smtp/morris_sendmail_debug modules, enforcing an automatic check before exploitation unless ForceExploit is set.
- PR #12744 from bcoles updates the rds_priv_esc linux privesc to use newer metasploit libraries, and renames it so other rds exploits can be added without name collisions.
- PR #12707 from kenlacroix adds more module docs, mainly for windows post modules.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
We recently announced the release of Metasploit 5. You can get it by cloning
the Metasploit Framework repo (master branch). To install fresh without using git,
you can use the open-source-only Nightly Installers or the binary installers
(which also include the commercial editions).