Last updated at Thu, 25 Jan 2024 00:38:43 GMT
I like to MOVEit, MOVEit, We like to MOVEit!
Party hard just like it's Mardi Gras! bwatters-r7 delivered the dance moves this week with a masterful performance. The windows/http/moveit_cve_2023_34362
module is available for all your party needs, taking advantage of CVE-2023-34362, this module gets into the MOVEit
database and nets shells to help you "Keep on jumpin' off the floor"!
New module content (1)
MOVEit SQL Injection vulnerability
Authors: bwatters-r7, rbowes-r7, and sfewer-r7
Type: Exploit
Pull request: #18100 contributed by bwatters-r7
AttackerKB reference: CVE-2023-34362
Description: Adds a new module targeting the MOVEit Transfer web application that allows an unauthenticated attacker to gain access to MOVEit Transfer’s database.
Enhancements and features (7)
- #18078 from zeroSteiner - This adds support to the
auxiliary/admin/dcerpc/icpr_cert
module to issue certificates for an explicit SID by specifying it within theNTDS_CA_SECURITY_EXT
. This addition ensures that ESC1 will remain exploitable when issuing certificates with an SID becomes a requirement. - #18117 from smashery - This adds Windows 10 revision number extraction to the Windows version Post API.
- #18118 from smashery - This PR updates the User Agent strings for June 2023.
- #18119 from adfoster-r7 - This adds support for only running user specified test names in modules loaded by running
loadpath test/modules
. - #18126 from adfoster-r7 - This PR adds additional logging to the
test/file
module. This module is useful for developers contributing enhancements or new functionality to Meterpreter and other payloads. It is available after runningloadpath test/modules
. - #18127 from adfoster-r7 - This PR adds additional
test/railgun_reverse_lookup
tests for macOS and Linux.
Bugs fixed (5)
- #17576 from gwillcox-r7 - This fixes a bug where adding and deleting tags to multiple hosts was not functioning correctly.
- #18049 from cgranleese-r7 - This PR updates Jenkins modules to work with newer versions. Previously they fell over with a CSRF failure and gave a false negative result.
- #18094 from zeroSteiner - Fixes an edgecase with
windows/meterpreter/reverse_tcp
where there was a small chance of an invalid stager being created. - #18104 from adfoster-r7 - This PR fixes an issue that falsely caused empty file reads on Meterpreter.
- #18124 from adfoster-r7 - Fixes the broken
test/extapi
module. The module was facing issues returning clipboard data that pertained to the session being tested, this issue has been resolved. This module is useful for developers contributing enhancements or new functionality to Meterpreter and other payloads. It is available after runningloadpath test/modules
. - #18132 from jmartin-r7 - This PR reverts the changes from #17942 which was an improvement to AMSI bypass on new versions of windows. PR #17942 broke psexec and this PR reverts that issue.
Documentation
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).