Last updated at Fri, 29 Nov 2024 18:15:01 GMT
New module content (4)
Acronis Cyber Protect/Backup machine info disclosure
Authors: Sandro Tolksdorf of usd AG. and h00die-gr3y h00die.gr3y@gmail.com
Type: Auxiliary
Pull request: #19582 contributed by h00die-gr3y
Path: gather/acronis_cyber_protect_machine_info_disclosure
AttackerKB reference: CVE-2022-3405
Description: Adds an auxiliary module which exploits Sensitive information disclosure due to an improper authentication vulnerability in Acronis Cyber Protect 15 before build 29486 and Acronis Cyber Backup 12.5 before build 16545.
Strapi CMS Unauthenticated Password Reset
Authors: WackyH4cker and h00die
Type: Auxiliary
Pull request: #19654 contributed by h00die
Path: scanner/http/strapi_3_password_reset
AttackerKB reference: CVE-2019-18818
Description: Adds a module that lets you leverage the mishandling of a password reset request for Strapi CMS version 3.0.0-beta.17.4, which results in the ability to change the password of the admin user.
ProjectSend r1295 - r1605 Unauthenticated Remote Code Execution
Authors: Florent Sicchio, Hugo Clout, and ostrichgolf
Type: Exploit
Pull request: #19531 contributed by ostrichgolf
Path: linux/http/projectsend_unauth_rce
Description: Adds a new exploit module targeting ProjectSend versions r1335 through r1605. The module exploits an improper authorization vulnerability, allowing unauthenticated RCE by manipulating the application's configuration settings.
CUPS IPP Attributes LAN Remote Code Execution
Authors: David Batley, RageLtMan rageltman@sempervictus, Rick de Jager, Ryan Emmons, Simone Margaritelli, and Spencer McIntyre
Type: Exploit
Pull request: #19630 contributed by remmons-r7
Path: multi/misc/cups_ipp_remote_code_execution
AttackerKB reference: CVE-2024-47176
Description: This adds an exploit for CUPS, where a remote attacker can advertise a malicious printing service that when used will execute a command on the printing client.
Enhancements and features (2)
- #19651 from smashery - This updates the
smb_versionmodule to detect the host OS version when SMB 1 is disabled. - #19678 from smashery - This adds a new LDAP query to enumerate computer accounts that were created with the "pre-Windows 2000 computer" option which might mean they weak passwords.
Bugs fixed (0)
None
Documentation
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro
