Original Post from Rapid7
Author: Dean Welch
Don’t leave the sandbox
Chrome has gotten some attention this week with 2 modules coming in from timwr. The two modules target different CVEs but they both support multiple versions and any of your standard platforms (macOS, Linux or Windows). Unfortunately there is no sandbox escape…yet.
We have a lot of fantastic productivity enhancements this week from adfoster-r7 which we love to see:
- First up, you no longer need to worry about fat fingering those commands and waiting for what I’m sure felt like an eternity, as we’ve cut the wait time in half!
- Next up, for any aspiring module developers, you can now run
rubocop -aon all your new modules and it will automagically fix all (most) of your formatting woes!
- And last but certainly not least there’s a nice new addition when you start up the console, a random handy dandy tip! There were some features we realised not everyone was aware of that we found super helpful when using Framework so now we have a way to share that with everyone (Hint try the new
tipcommand as well).
Share your attacker knowledge!
Do you have opinions on vulns? Want to learn others’ opinions about vulns? Our new AttackerKB (Attacker Knowledge Base) web app has got you covered! We’re currently in Beta with AttackerKB, where you can read about vulns, opinions and analysis around them, and provide your own analysis and thoughts, too! You can get the deets on AttackerKB (and request Beta access) here!
New modules (4)
- Nagios XI Authenticated Remote Command Execution by Erik Wynter and Jak Gibb, which exploits CVE-2019-15949
- Google Chrome 72 and 73 Array.map exploit by István Kurucsai, dmxcsnsbh, and timwr, which exploits CVE-2019-5825
- Google Chrome 67, 68 and 69 Object.create exploit by saelo and timwr, which exploits CVE-2018-17463
- PHPStudy Backdoor Remote Code execution by Airevan and Dimensional
Enhancements and features
PR #12990 from adfoster-r7 adds new rubocop format rules to make it possible to to use its auto-fixer function (enabled with rubocop -a) to automatically format modules in a consistent fashion. Future iterations of these rules will be used to enable automatic code suggestions in PRs as well.
PR #13042 from t0-n1 fixes a bug in the exchange_ecp_viewstate (CVE-2020-0688) module to properly use the VHOST value. This allows Metasploit to exploit targets where IIS has a Host Name specified in the Bindings section of the web application’s configuration.
As always, you can update to the latest Metasploit Framework with
msfupdate and you can get more details on the changes since the last blog post from GitHub:
If you are a
git user, you can clone the Metasploit Framework repo (master branch) for the latest.To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial edition).
Go to Source
Author: Dean Welch