Skip navigation
All Places > Metasploit > Blog > 2015 > November
2015
egypt

Weekly Metasploit Wrapup

Posted by egypt Employee Nov 20, 2015

Python extension for Windows Meterpreter

 

Meterpreter offers some pretty powerful post-exploitation capabilities, from filesystem manipulation to direct Windows API calls with railgun, and everything in between.

 

One thing that's been missing for a long time is on-victim scripting. With this update comes an experimental Python extension to remedy that. It's still in its infancy, so expect some kinks to be worked out over the next few weeks, but it is functional. OJ's excellent Pull Request offers some insights into how it works and where it's going.

 

New Modules

 

This update also includes a few PHP code execution exploits, including one for the very popular vBulletin, a cheeky one for a cute backdoor used by Chinese attackers according to the great analysis by FireEye, and one for Up.Time.

 

Up.Time, the tale of a bad patch

 

In late 2013, we published an exploit module by Denis Andzakovic targetting Up.Time, an IT infrastructure monitoring tool. As part of the initial advisory, the researcher quoted the vendor saying

As a policy to protect our customers, we do not discuss any vulnerabilities with outside companies.

Which apparently includes the person reporting the vulnerability.

 

And indeed, there doesn't seem to be any public discussion of this vuln (or any others for that matter) from the vendor, not even a mention of when a patch was available. It turns out that, whenever that patch came out, it didn't actually fix the vulnerability and thanks to contributors Ewerson Guimaraes and Gjoko Krstic, we now have an exploit that targets the latest Up.Time versions 7.4 and 7.5.

 

Exploit modules

 

Auxiliary and post modules

 

 

Get it

 

As always, all the changes since the last wrapup can be had with a simple msfupdate and the full diff is available on github: 4.11.5-2015110801...4.11.5-2015111801

egypt

Weekly Metasploit Wrapup

Posted by egypt Employee Nov 6, 2015

One of the greatest things about Metasploit is that it supports lots of different protocols and technologies that you would otherwise need a huge menagerie of tools to be able to talk to, an ever-expanding bubble of interoperability that you didn't have to write. Due to some great ongoing work by Bigendian Smalls, the bubble is getting even bigger, now encompassing shell sessions on mainframes. You can see the beginnings in #6013 and #6067

 

New Modules

This update also comes with a fun privilege escalation exploit for OSX where an environment variable ends up on a commandline. I love these kinds of bugs because people have been screwing up environment variables since the invention of shells.

 

As always, you can see all the changes since the last wrapup on github: 4.11.4-2015102801...4.11.5-2015103001

 

Exploit modules

 

Auxiliary and post modules

Filter Blog

By date: By tag: