Last updated at Thu, 25 Jan 2024 01:08:35 GMT

Have you built out that awesome media room?

If your guilty pleasures include using a mobile device to make your home entertainment system WOW your guests, you might be using Unified Remote. I hope you are extra cautious about what devices you let on that WiFi network. A prolific community member h00die added a module this week that uses a recently published vulnerability from H4RK3NZ0 to leverage an unprotected configuration page exposed on the media service, combined with just a little bit of protocol info the module makes that media server a prime target for pranks and other less friendly activities by guests on the network.

Finding the needles in that Linux memory stack

Brought to you by the combined efforts of many members of the Metasploit Community, Linux meterpeter payloads now offer a new way to hunt down passwords in memory on all those delicious Linux sessions you gather with Metasploit. The new post/linux/gather/mimipenguin module hunts down clear text passwords in Linux memory based on MimiPenguin.

We all love to share code with the public

A new module this week makes sharing public code risky business if you are using a bitbucket server to host that repository. Checkout out the nitty gritty in our blog post from earlier this week.

Metasploit plays well with others

Last week’s update brought with it an awesome way to utilize Metasploit with payload generated by Sliver that even ranked a call out in their latest release notes. Great to see the community promoting these updates for more people to learn about and utilize.

New module content (4)

Enhancements and features (6)

  • #16940 from adfoster-r7 - Rewrites Metasploit's datastore to fix multiple bugs and edge cases. The unset command will now consistently unset previously set datastore values, so that default values are used once again. Explicitly clearing a datastore value can be done with the set --clear OptionName command. Modules that require protocol specific option names such as SMBUser/FTPUser/BIND_DN/etc can now be consistently set with just username/password/domain options, i.e. set username Administrator instead of set SMBUser Administrator. This rewrite is currently behind a feature flag which can be enabled with features set datastore_fallbacks true.
  • #17002 from bcoles - The lib/msf/core/post/windows/accounts.rb, lib/msf/core/post/windows/ldap.rb, and lib/msf/core/post/windows/wmic.rb libraries have been updated to replace calls to load_extapi with ExtAPI compatibility checks which will check if the session supports ExtAPI, since if the sessions supports ExtAPI, it should already be loaded.
  • #17003 from bcoles - enum_patches has had its code updated to output the patches enumerated as a table and store the results long term in a CSV file. Additionally, a check has been added to see if the current session supports the required Meterpreter extension compatibility prior to trying to run the module. Finally, the code and documentation have been cleaned up and modernized.
  • #17015 from jmartin-r7 - Updates auxiliary/scanner/http/http_login to report login success when the http status code is in the range 200,201,300-308. This functionality is user-configurable with set HttpSuccessCodes 200.
  • #17049 from bcoles - Adds Notes module meta information and replaces custom get_members method with get_members_from_group from the Post API.
  • #17051 from bcoles - Adds module documentation, notes for module meta information, and improves module error handling.

Bugs fixed (3)

  • #17023 from zeroSteiner - The post/windows/manage/rollback_defender_signatures module has been updated to work on WoW64 sessions, and has had its code updated so that the default action is now a valid option.
  • #17036 from zeroSteiner - Fixes a bug where the sessions command would show the connection as coming from losthost 127.0.0.1, instead of the correct peer host address for reverse_http Meterpreter sessions.
  • #17052 from adfoster-r7 - Fixes an error in Metasploit-framework when the host machine has OpenSSL 3.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).