Last updated at Sat, 20 Jan 2024 22:52:04 GMT
Long live copy and paste
Adam Galway enhanced the set PAYLOAD command to strip the /payload/, payload/, and / prefixes from a payload name in an effort to improve the user experience while configuring an exploit's payload. You can see the new behavior below!
msf5 exploit(windows/smb/ms17_010_eternalblue) > set payload /payload/windows/x64/meterpreter/reverse_tcp
payload => windows/x64/meterpreter/reverse_tcp
msf5 exploit(windows/smb/ms17_010_eternalblue) > set payload payload/windows/x64/meterpreter/reverse_tcp
payload => windows/x64/meterpreter/reverse_tcp
msf5 exploit(windows/smb/ms17_010_eternalblue) > set payload /windows/x64/meterpreter/reverse_tcp
payload => windows/x64/meterpreter/reverse_tcp
msf5 exploit(windows/smb/ms17_010_eternalblue) > set payload windows/x64/meterpreter/reverse_tcp
payload => windows/x64/meterpreter/reverse_tcp
msf5 exploit(windows/smb/ms17_010_eternalblue) >
Now, when copying and pasting payload names that may include a path-like prefix, your set PAYLOAD command will work intuitively.
RIP Larry Tesler, the inventor of cut, copy, and paste.
SSH in my Windows?
Yep, you read that right. Dean Welch added a Windows post module, post/windows/manage/sshkey_persistence, to maintain SSH key persistence on a Windows target with an SSH server installed, bringing parity to our existing SSH key persistence ability, post/linux/manage/sshkey_persistence.
New modules (3)
- Diamorphine Rootkit Signal Privilege Escalation by Brendan Coles and Victor Ramos Mello
- Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write by Matthew Aberegg, Michael Burkey, and Palaczynski Jakub, which exploits CVE-2015-7611
- SSH Key Persistence by Dean Welch
Enhancements and features
- PR #12830 by h00die updates the
post/windows/gather/enum_patchesmodule to gather all Windows patches. - PR #12932 by wvu changes the behavior of the
generatecommand inmsfconsoleto avoid showing a staged payload's stage by default. This addresses a common usability problem where, when generating a large payload, the output would scroll off the screen. - PR #12938 by Brendan Coles adds a check for CPU vulnerabilities to the
post/linux/gather/enum_systemmodule by gathering information from the/sys/devices/system/cpu/vulnerabilitiesdirectory. - PR #12946 by Adam Galway enhances the
set PAYLOADcommand to strip path-like prefixes from its value. - PR #12948 by Spencer McIntyre updates the Zsh completions for
msfconsoleandmsfvenom.
Bugs fixed
- PR #12448 by Green-m fixes the
cmd/unix/reverse_perl_sslandcmd/unix/reverse_php_sslpayloads to skip verifying the SSL certificate, which is required for the most recent versions of Perl and PHP. - PR #12724 by Francesco Soncina fixes issue #12723. The AMSI/SBL bypass used with the
web_deliverymodule for PowerShell does not work if prepended in the same response. This separates AMSI/SBL from the PowerShell stager. - PR #12892 by h00die sets a default username of
saforauxiliary/scanner/mssql/mssql_login, default username ofrootforauxiliary/scanner/mysql/mysql_login, and enables theBLANK_PASSWORDSoption by default for both modules, as the default users make use of a default blank password. - PR #12931 by Francesco Soncina fixes issue #12930 for the
post/osx/gather/password_prompt_spoofmodule on newer versions of OS X (Catalina and Mojave). - PR #12949 by Brent Cook fixes a number of module references to the old Rapid7 blog to point to the current one.
- PR #12961 by Adam Cammack fixes Expect functionality for Windows installs of Metasploit by vendoring the library.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).
