Rapid 7 - Metasploit weekly wrap-up

New module content (1)

Metabase Setup Token RCE

Metasploit weekly wrap-up

Authors: Maxwell Garrett, Shubham Shah, and h00die
Type: Exploit
Pull request: #18232 contributed by h00die
Path: exploits/linux/http/metabase_setup_token_rce
AttackerKB reference: CVE-2023-38646

Description: This adds a module for an unauthenticated RCE against Metabase. Metabase versions before 0.46.6.1 contain a bug where an unauthenticated user can retrieve a setup-token. With this, they can query an API endpoint to setup a new database, then inject an H2 connection string RCE.

Enhanced Modules (1)

Modules which have either been enhanced, or renamed:

  • #18264 from zeroSteiner - Updates the exploits/freebsd/http/citrix_formssso_target_rce module for CVE-2023-3519 to include two new targets, Citrix ADC (NetScaler) 12.1-65.25, and 12.1-64.17. This module now supports automatic targeting based on the Last-Modified header of the logon/fonts/citrix-fonts.css resource.

Enhancements and features (6)

  • #18191 from jvoisin - This adds support for detecting whether a Metasploit session is running in a Podman container and improves detection for sessions running in Docker, LXC, and WLS containers.
  • #18224 from rorymckinley - This adds the first iteration of specs for SSH Login scanner.
  • #18231 from ErikWynter - This adds index selection for the modules returned via the favorites (or show favorites) command.
  • #18244 from cgranleese-r7 - Adds tests to ensure the consistency of Metasploit payloads.
  • #18274 from wvu - Updates CVE-2020-14871 exploits/solaris/ssh/pam_username_bof docs.

Bugs fixed (2)

  • #18220 from dwelch-r7 - Adds additional error handling when loading Metasploit payloads to msfconsole's startup process to ensure missing payloads do not crash msfconsole.
  • #18260 from adfoster-r7 - This adds a fix to verify the EC2_ID module option is validated.

Documentation

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).



from Rapid7 Cybersecurity Blog https://blog.rapid7.com/2023/08/11/metasploit-weekly-wrapup-8/

Comments

Popular posts from this blog

Krebs - NY Charges First American Financial for Massive Data Leak

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"