A fun new module from timwr, taking advantage of a technique reported by Cedric Owens, is reminding everyone if there is no fence a gate will not deter us. The new module provides a quick wrapper for payloads that bypasses download origination and authorization requirements known as GateKeeper in MacOS 10.15+ to simply sidestep the gate when a user opens their gift.
Recent updates to how modules interact with cookies got a little more love baked in. This week agalway-r7 clarified the recipe a bit with documentation on various methods in the new API, and adfoster-r7 came around and swept up any crumbs modules might leave behind.
exploit/osx/browser/osx_gatekeeper_bypass
module that exploits a vulnerability in MacOS versions 10.15
to 11.3
inclusive. The module generates an app that is missing an Info.plist
file. When downloaded and executed by a user, the signed / notarization checks standard for downloaded files will be bypassed, granting code execution on the target.--connection-string
option. This option can be used to interact with docker PostgreSQL containerssession_notifier.rb
plugin has been updated to support Gotify, allowing users to be notified of new sessions via Gotify notifications.rejetto_hfs_exec
module has been updated to replace calls to the depreciated URI.encode
function with calls to the URI::encode_www_form_component
function. This prevents users from being shown depreciation warnings when running the module.lib/msf/core/post/common.rb
and lib/msf/ui/console/command_dispatcher/core.rb
libraries have been updated to properly support passing timeouts to session.sys.process.capture_output()
, allowing users to specify timeouts when executing commands on sessions. Previously these options would be ignored and a default timeout of 15 seconds would be used instead.swagger-blocks
dependency has been marked as a default dependency for all installs, preventing cases where if a user did not install the development
and tests
groups, they would be unable to start the web service.As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial edition).