Last updated at Thu, 25 Jan 2024 01:09:17 GMT
See something say something
Have an idea on how to expand on Metasploit Documentation on https://docs.metasploit.com/? Did you see a typo or some other error on the docs site? Thanks to adfoster-r7, submitting an update to the documentation is as easy as clicking the 'Edit this page on GitHub' link on the page you want to change. The new link will take you directly to the source in Metasploit's GitHub so you can quickly locate the Markdown and submit a PR.
New module content (3)
Mirage firewall for QubesOS 0.8.0-0.8.3 Denial of Service (DoS) Exploit
Author: Krzysztof Burghardt
Type: Auxiliary
Pull request: #17348 contributed by burghardt
AttackerKB reference: CVE-2022-46770
Description: This PR adds a module that performs a DoS attack on Mirage Firewall versions 0.8.0-0.8.3.
Wordpress Paid Membership Pro code Unauthenticated SQLi
Authors: Joshua Martinelle and h00die
Type: Auxiliary
Pull request: #17479 contributed by h00die
AttackerKB reference: CVE-2023-23488
Description: This adds an exploit module that leverages an unauthenticated SQLi against Wordpress plugin Paid Membership Pro. This vulnerability is identified as CVE-2023-23488 and affects versions prior to 2.9.8. This module retrieves Wordpress usernames and password hashes using Time-Based Blind SQL Injection technique.
Ivanti Cloud Services Appliance (CSA) Command Injection
Authors: Jakub Kramarz and h00die-gr3y
Type: Exploit
Pull request: #17449 contributed by h00die-gr3y
AttackerKB reference: CVE-2021-44529
Description: A new module has been added for CVE-2021-44529, an unauthenticated code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) before version 4.6.0-512. Successful exploitation requires sending a crafted cookie to the client endpoint at /client/index.php
to get command execution as the nobody
user.
Enhancements and features (5)
- #17343 from h00die - This makes performance improvements to the
windows/local/unquoted_service_path
module. - #17451 from h00die - This adds
netntlm
andnetntlmv2
hashes support toauxiliary/analyze/crack_windows
module. - #17466 from prabhatjoshi321 - This updates the
auxiliary/scanner/smb/smb_version
module to store additional service information in the database so it can be viewed later. - #17473 from adfoster-r7 - Updates the docs site to have an edit link at the bottom of each page which will take you to the corresponding markdown file on Github for editing.
- #17480 from h00die - A new alias has been added for payloads called
exploit
which will perform the same action asto_handler
, to help users familiar with exploit modules to use the same familiarexploit
method to open handlers when using payloads.
Bugs fixed (3)
- #17385 from smashery - This fixes the file write and file append methods to return the expected Boolean values rather than
nil
. - #17482 from adfoster-r7 - Fixes a connection issue with reverse_https stagers that are executed on Windows servers attempting to negotiate TLS1 when Metasploit was using OpenSSL3.
- #17491 from zeroSteiner - A bug has been fixed in the
lib/msf/core/exploit/remote/ldap.rb
library that handles LDAP communications for several modules to ensure that failures use the right namespace when throwing errors to prevent crashes.
Documentation
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).