There’s nothing quite like a pre-authenticated remote code execution vulnerability in a piece of enterprise software. This week, community contributor h00die-gr3y added a module that targets VMware NSX Manager using XStream. Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of root on the appliance. VMware saw this vulnerability as such a risk, and they decided to release patches for versions that were no longer supported, which goes to show the value that this module provides.
Using Gitea in your environment? You better git-to-patching. Community contributor krastanoel wrote an awesome module which exploits a remote code execution vulnerability in versions of Gitea before 1.16.7. The vulnerability identified as CVE-2022-30781 is due to the application running a git fetch
command in which an attacker can inject arbitrary commands resulting in code execution as the git
user.
This week Metasploit’s very own Spencer McIntyre went live on Twitch and went over writing Meterpreter features in Metasploit. Be sure to check out the recording and stay tuned for more fun and informative Metasploit streaming sessions.
access_mask
field of the Access Control Entry types being changed from the AccessMask type to an integer.incognito
plugin’s list_token
functionality. It also updates the Mimikatz code in Metasploit to pull in the latest changes.As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).