Metasploit Weekly Wrap-Up

Post Syndicated from Christopher Granleese original https://blog.rapid7.com/2022/11/25/metasploit-weekly-wrap-up-185/

F5 Big-IP

Metasploit Weekly Wrap-Up

This week’s Metasploit release contains 2 new modules released as part of the Rapid7 F5 BIG-IP and iControl REST Vulnerabilities research article.

These discoveries were made by our very own Ron Bowes, who developed an exploit module for authenticated RCE against F5 devices running in appliance mode to achieve a Meterpreter session as the root user.

Ron Bowes has also developed an F5 Metasploit module exploiting CVE-2022-41622, a CSRF vulnerability in F5 Big-IP versions 17.0.0.1 and below – which leads to an arbitrary file overwrite as root. With this module, a user can choose to overwrite various system files to achieve a Meterpreter session as the root user.

For more information, see Rapid7’s blog post which detail the vulnerabilities.

DuckyScript support

Community contributor h00die contributed an enhancement to msfvenom. This adds the ducky-script-psh format to msfvenom:

msfvenom -p windows/meterpreter/reverse_tcp -f ducky-script-psh lhost=127.0.0.1 lport=444

This allows users to create payloads that are compatible with Bad USB devices such as the Flipper Zero.

New module content (3)

Enhancements and features (6)

  • #17145 from k0pak4 – This PR adds the ability to authenticate via hash and improves the error reporting when authentication fails.
  • #17279 from h00die – This adds the ducky-script-psh format to msfvenom so it can create payloads that are compatible with Bad USB devices such as the Flipper Zero.
  • #17283 from bcoles – Improves the linux/gather/enum_psk module, and adds documentation
  • #17284 from bcoles – Updates modules/post/linux/gather/enum_network and modules/post/linux/gather/tor_hiddenservices to extract hostname details in a similar fashion to other modules
  • #17285 from bcoles – Improves validation in linux/gather/tor_hiddenservices to ensure that the locate command is present before running the module
  • #17296 from jmartin-r7 – Adds clarification to the module documentation that links to external resources are not controlled by project maintainers. These external resources may no longer exist and are subject to malicious takeover in the future. These links should be reviewed accordingly.

Bugs fixed (1)

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).