Spring cleanup
This week’s Metasploit updates focused on foundational improvements and expanded target reach. Key enhancements were made to the recently released Copy Fail exploit module, which now benefits from payload fixes in linux/x64/exec and linux/armle/exec. These changes expand its capability, enabling the use of the cmd/unix/python/meterpreter/reverse_tcp payload on x64 targets and introducing support for ARMLE Linux. Additionally, the exploit/multi/http/shiro_rememberme_v124_deserialize module has been improved to allow operators to adjust the deserialization chain, enabling exploitation of a broader set of targets. Finally, several critical utility modules, including the FTP anonymous scanner and other FTP modules, received general fixes and updates.
New module content (1)
Anonymous FTP Access Detection
Authors: Matteo Cantoni goony@nothink.org and g0tmi1k
Type: Auxiliary
Pull request: #21372 contributed by g0tmi1k
Path: scanner/ftp/ftp_anonymous
AttackerKB reference: CVE-1999-0497
Description: This updates the FTP anonymous scanner module. Key changes include moving the module to align with other generic FTP modules, adding and updating CVE references and documentation notes, and cleaning up the output to be more verbose. Additionally, the module now reports service and vulnerability data to the database and stores proof-of-exploitation info in the loot upon a successful run.
Enhanced Modules (2)
Modules which have either been enhanced, or renamed:
- #21410 from inkognitobo – This improves the exploit/multi/http/shiro_rememberme_v124_deserialize module by adding a JAVA_GADGET_CHAIN datastore option that allows the operator to adjust the chain used for deserialization. This enables the module to exploit additional targets.
- #21404 from zeroSteiner – This extends the support of Copy Fail to ARMLE Linux targets.
Enhancements and features (4)
- #21342 from adfoster-r7 – Defers the loading of some dependencies to improve console boot time.
- #21372 from g0tmi1k – This updates the FTP anonymous scanner module. Key changes include moving the module to align with other generic FTP modules, adding and updating CVE references and documentation notes, and cleaning up the output to be more verbose. Additionally, the module now reports service and vulnerability data to the database and stores proof-of-exploitation info in the loot upon a successful run.
- #21380 from g0tmi1k – Updates multiple FTP modules to now register FTP service information in the database when successfully connecting to an FTP service.
- #21418 from kx7m2qd – This improves the platform-agnostic library used to obtain the OS architecture with support for shell sessions on Linux, BSD and Mac OSX.
Bugs fixed (5)
- #21314 from g0tmi1k – Fixes a crash when running the scanner/http/trace module with the database enabled and a vulnerability was reported.
- #21411 from zeroSteiner – This fixes a bug in the linux/x64/exec payload that was caused by the CMD datastore option being placed in the assembly source without being escaped.
- #21413 from tart0ru5 – Fixes a logic error in the exploits/linux/http/projectsend_unauth_rce module that incorrectly checked if a new user has been created.
- #21421 from adfoster-r7 – This adds extra validation to report_vuln and delete_vuln in Msf::DBManager::Vuln to make sure required fields are present and avoid a crash.
- #21425 from g0tmi1k – Fixes a bug when parsing FTP server responses.
Documentation
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro
