Skip to content Skip to footer

Metasploit Weekly Wrap-Up 01/12/24

New module content (1)

Author: Pasquale ‘sid' FiorilloType: PostPull request: #18604 contributed by siddoloPath: /gather/credentials/winbox_settings

Description: This pull request introduces a new post module to extract the Mikrotik Winbox credentials, which are saved in the settings.cfg.viw file when the “Keep Password” option is selected in Winbox.

Enhancements and features (7)

#18515 from errorxyz – This PR adds a Java target for the ManageEngine ServiceDesk Plus exploit -2022-47966 using the payload mentioned in this blogpost and deletes the log file that records the error due to the exploit to make it more stealthy.
#18672 from h00die – Fix spelling mistakes in 's library folder.
#18673 from h00die – Fix spelling mistakes in 's scripts folder.
#18674 from h00die – Fix spelling mistakes in 's plugins folder.
#18675 from h00die – Fix spelling mistakes in 's tools folder.
#18679 from h00die – Fix spelling mistakes in 's auxiliary modules.
#18691 from zeroSteiner console now requires an installed version of apktool greater than or equal to v2.9.2.

Bugs fixed (5)

#18656 from dwelch-r7 – Enforces all modules to be loaded as part of reload_all when the defer_module_loads feature is enabled.
#18666 from zeroSteiner – Fixes a crash when running the save command to save 's configuration.
#18667 from zeroSteiner – Re-adds the #sysinfo instance method for sessions.
#18669 from sjanusz-r7 – Updates the favorites command to no longer output an empty message when a chosen module does not have custom datastore values available.
#18690 from sjanusz-r7 – Ensures that a target's default payload is correctly chosen when selecting a module from the search command.

Documentation

You can find the latest documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdateand you can get more details on the changes since the last blog post fromGitHub:

Pull Requests 6.3.50…6.3.51
Full diff 6.3.50…6.3.51

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.To install fresh without using git, you can use the open-source-only Nightly Installers or thecommercial edition Metasploit Pro

 

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

I know kung-fuNeo

Deitasoft © 2024. All Rights Reserved.