2020 was certainly an interesting year. There were quite a few newsworthy events and some fantastic exploit content released. Let’s take a look at what 2020 meant for Metasploit.
Some quick statistics for Metasploit’s year.
The Metasploit team released version 6.0 of the framework over the summer. This major change brought quite a few improvements on two fronts: the Meterpreter transport protocol and SMBv3 support for client connections. Both of these offered transport encryption for common operations performed by Metasploit, providing better security for the users. Additionally, to showcase the SMBv3 support, Metasploit added a new module to perform agentless dumping of SAM hashes and LSA secrets (including cached creds) from remote Windows targets. The technique employed by this module has become very popular due to its reliability, and the native integration into the Metasploit Framework makes it easily accessible for users with all the related benefits like database and pivoting support.
There were not one but two open CTFs hosted by the Metasploit team in 2020. These events invited the community to solve challenges in a fun and competitive environment. The most recent event included 1,903 users registered across 874 teams.
Metasploit added its first exploits for the popular SharePoint platform since 2010. Four exploit modules were added, three leverage XML injection flaws while the fourth targets a server side include. These exploits leverage .NET deserialization to execute operating system commands, avoiding any kind of memory corruption and making exploitation relatively reliable. The .NET deserialization gadgets leveraged by these modules were also new in 2020. This functionality came in the form of a new library that even includes a command line tool for generating gadget chains for researchers.
Over the course of the year, there were some interesting patterns that were observable. In general, there seemed to have been an increase in vulnerabilities that were disclosed and related to an insufficient remediation for a previous vulnerability. These so-called patch bypasses seem to be indicative of the increasing complexity of vulnerabilities and their respective solutions. Additionally, there were multiple exploits added to Metasploit that leveraged vulnerable file system operations to obtain code execution on Windows. These LPEs used a combination of techniques that are becoming increasingly common including op-locks and junctions. Metasploit is working on better support for these primitives to facilitate exploitation of vulnerabilities that use them.
With all that the project accomplished in 2020, the team looks forward to what 2021 will hold. New features are being discussed, and as always, the module pipeline continues to flow. Our sincere gratitude goes to all the members of the community that contributed to the project this year.
Get the latest stories, expertise, and news about security today.
Subscribe