Metasploit Weekly Wrap-Up

Post Syndicated from Erran Carey original https://blog.rapid7.com/2022/06/24/metasploit-weekly-wrap-up-163/

Add Windows target support for the Confluence OGNL injection module

Metasploit Weekly Wrap-Up

Improve the exploit/multi/http/atlassian_confluence_namespace_ognl_injection module to support Windows server targets.

EfsPotato – 6th getsystem technique

This adds the EfsPotato technique to the getsystem command in meterpreter. The new technique leverages the EFSRPC API to elevate a user if they have SeImpersonatePrivilege permissions enabled.

New module content (1)

  • #16676 from cdelafuente-r7 – Adds a new getsystem technique that leverages the EFSRPC API to elevate a user with the SeImpersonatePrivilege permission to NT AUTHORITY\SYSTEM. This technique is often referred to as "EfsPotato". It also improves the post module to use ACTIONS instead of the datastore TECHNIQUE for a simpler user interface when using info or show actions for this module, allowing a user to determine which techniques were available from inside msfconsole.

Enhancements and features (2)

  • #16650 from red0xff – This PR implements the method #read_from_file for PostgreSQL and MSSQL, and fixes the MySQL implementation. It also updates the test module to better handle multiline data returned from SQL queries.
  • #16692 from noraj – Updates various links to https://docs.metasploit.com

Bugs fixed (2)

  • #16597 from zeroSteiner – This fixes an issue with the encrypted shell payload stage that prevented it from being used with the new Powershell command adapter. In addition to this, a number of payload modules have been updated to include an opts hash as a parameter for compatibility.
  • #16680 from zeroSteiner – This PR adds support for Windows targets to the atlassian_confluence_namespace_ognl_injection module and fixes an issue where the check method would fail to properly identify that Windows targets were even vulnerable due to how the command was being executed.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).