Last updated at Tue, 24 Sep 2024 19:29:44 GMT
New module content (3)
update-motd.d Persistence
Author: Julien Voisin
Type: Exploit
Pull request: #19454 contributed by jvoisin
Path: linux/local/motd_persistence
Description: This adds a post module to keep persistence on a Linux target by writing a motd bash script triggered with root
privileges every time a user logs into the system through SSH
.
Wordpress LiteSpeed Cache plugin cookie theft
Authors: Rafie Muhammad and jheysel-r7
Type: Exploit
Pull request: #19457 contributed by jheysel-r7
Path: multi/http/wp_litespeed_cookie_theft
AttackerKB reference: CVE-2024-44000
Description: This adds an exploit module for a WordPress Plugin called LiteSpeed
(CVE-2024-44000). On the vulnerable plugin, when the Debug Logs
are enabled, it is possible to leak authentication cookies of logged in users, the msf module will use the stolen cookies to upload and execute a plugin
able to spawn a meterpreter
session.
Windows Kernel Time of Check Time of Use LPE in AuthzBasepCopyoutInternalSecurityAttributes
Authors: jheysel-r7 and tykawaii98
Type: Exploit
Pull request: #19345 contributed by jheysel-r7
Path: windows/local/cve_2024_30088_authz_basep
AttackerKB reference: CVE-2024-30038
Description: This adds a Windows LPE post module that exploits CVE-2024-30088. Once the exploit is executed through a running meterpreter
session, it will open another one with NT AUTHORITY/SYSTEM
privileges.
Enhancements and features (3)
- #19414 from cdelafuente-r7 - Adds some missing constants for the Kerberos LoginScanner as defined in the documentation. This also defines the default
connection_timeout
value in#set_sane_defaults
as defined here. - #19443 from jvoisin - Removes some redundant code from
lib/msf/core/payload/php.rb
. - #19445 from jvoisin - Makes minor improvements of
lib/msf/core/payload/php.rb
.
Bugs fixed (1)
- #19449 from zeroSteiner - This fixes an issue in the exploit for CVE-2022-0995 where it would crash with an exception while printing a message regarding why it failed.
Documentation added (1)
- #19452 from zeroSteiner - This improves the Metasploit's documentation explaining how to setup a Meterpreter handler over Ngrok port-forwarding.
You can always find more documentation on our docsite at docs.metasploit.com.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro