Metasplot is the most widely used penetration testing framework in the world. It helps security teams to assess vulnerabilities, conduct security assessments and improve security awareness. Metasploit 6.2.0 now Available. It includes 138 new modules, 148 enhancements and features, enhancements and 156 bug fixes.
“For Metasploit, our continued focus is on adding support for modern attacks so that communities can highlight risks and check security controls for paths that attackers regularly use. Metasploit 6.2.0 continues this theme with SMBv3 server support, a new global capture plugin, and a number of modules that address vulnerabilities that are actively exploited in the wild today, ”Raj Samani, chief scientist at Rapid7, told HelpNet Security.
Every week, the Metasploit team publishes a Let’s finish With granular release notes for new Metasploit modules. Below is a list of some recent modules that pen testers are actively using (successfully).
VMware vCenter Server Unverified JNDI Injection RCE (via Log4Shell) By RageLtMan, Spencer McIntyre, jbaines-r7, and w3bd3vil, which exploits CVE-2021-44228: A vCenter-specific exploit uses Log4Shell vulnerabilities as root / system to achieve uncertified RCE. This exploit has been tested on both Windows and Linux.
F5 BIG-IP iControl RCE via REST authentication bypass By Heyder Andrade, James Horseman, Ron Bowes, and alt3kx, which exploits CVE-2022-1388: This module targets CVE-2022-1388, a vulnerability that affects F5 BIG-IP versions prior to 188.8.131.52. With a special request, an attacker can bypass iControl REST authentication and gain access to administrative functionality. It can be used to execute arbitrary commands as root users on systems affected by unauthorized attackers.
VMware Workspace One Access CVE-2022-22954 by wvu, Udhaya Prakash, and mr_me, which exploits CVE-2022-22954: This module exploits an unauthorized remote code execution error in the VMWare Workspace One Access installation; Weaknesses being widely used in the wild.
Zyxel Firewall ZTP Unverified command injection By jbaines-r7, which exploits CVE-2022-30525: This module targets CVE-2022-30525, an uncertified remote command injection vulnerability that affects Zyxel firewalls with Zero Touch Provisioning (ZTP) support. Successful exploits result in remote code execution resulting in no users. Rapid 7 researcher Jack Baines discovered this weakness.
Increase local privileges
CVE-2022-21999 Spoolful Watch By Oliver Lyak and Shelby Pace, who exploited CVE-2022-21999: a local privilege increase targeting Windows 10 or Server Build 18362 or earlier spool service.
Dirty pipe local privilege increase through CVE-2022-0847 By Max Kellermann and Timwr, who exploited CVE-2022-0847: a module targeting a privilege extension vulnerability in the Linux kernel, starting with version 5.8. The module takes advantage of the vulnerability of overwriting a SUID binary to get special benefits as a root user.
- Over the years, Metasploit has provided the ability to capture certificates under auxiliary / server / capture namespace with protocol-specific modules. Users can start and configure each of these modules individually, but as MSF 6.2.0, a new capture plugin can streamline this process for users. The Capture plugin currently launches 13 different services (17 including the SSL-enabled version) to the same listening IP address with the remote interface via MeterPrater.
- Metasploit 6.2.0 includes a new standalone tool for creating an SMB server that allows read-only access to existing operating directories. This new SMB server functionality supports SMB v1 / 2/3, as well as encryption for SMB v3.
- Windows / smb / smb_relay has been updated so that users can now relay to SMB versions 2 and 3. In addition, the module can now select multiple targets to ensure that Metasploit rotates intelligently so that it does not lose incoming connections.
- Metasploit has added features to libraries that provide listening services (such as HTTP, FTP, LDAP, etc.) that allow them to be tied to a clear IP address and port combination that is usually independent of the SRVHOST option.