Jan Rude added a new module that gives users the ability to brute-force login for Linux Syncovery. This expands Frameworkβs capability to scan logins to Syncovery, a popular web GUI for backups.
Cydave, destr4ct, and jheysel-r7 contributed a new module that takes advantage of a vulnerable WordPress extension. This allows Framework users to take advantage of CVE-2022-0739, leveraging a UNION-based SQL injection to gather hashed passwords of WordPress users. For vulnerable versions, anyone who can access the BookingPress plugin page will also have access to all the credentials in the database, yikes! There are currently 3,000 active installs of the plugin, which isnβt a huge number by WordPress standardsβbut the ease of remote exploitation makes it a fun addition to the framework.
bookingpress_front_get_category_services
AJAX action.cis
group to escalate to root on certain versions of vCenter. A service file /usr/lib/vmware-vmon/java-wrapper-vmon
has improper permissions allowing cis
group members to write to it. Upon host reboot or vmware-vmon
service restart, a root shell is obtained.windows/gather/enum_proxy
to support non-Meterpreter sessions (shell, PowerShell).linux/http/zimbra_unrar_cve_2022_30333
and linux/http/zimbra_cpio_cve_2022_41352
Zimbra exploit modules, along with linux/local/zimbra_slapper_priv_esc
documentation. Particularly, this fixes an issue that prevented the exploit modules from working properly when the handler was prematurely shut down.module.execute
is invoked without a payload set. This mimics the functionality of msfconsole
.enlightenment_sys
in exploits/linux/local/ubuntu_enlightenment_mount_priv_esc
.As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial edition).