Newsy.co

Metasploit Weekly Wrap-Up 02/14/2025

New module content (2)

Unauthenticated RCE in NetAlertX

Metasploit Weekly Wrap-Up 02/14/2025

Authors: Chebuya (Rhino Security Labs) and Takahiro Yokoyama
Type: Exploit
Pull request: #19868 contributed by Takahiro-Yoko
Path: linux/http/netalertx_rce_cve_2024_46506
AttackerKB reference: CVE-2024-46506

Description: A new module for an unauthenticated remote code execution bug in NetAlertX (CVE-2024-46506). An unauthenticated attacker can change the system configuration and then compel the application to run arbitrary system commands, leading to remote code execution.

mySCADA myPRO Manager Unauthenticated Command Injection (CVE-2024-47407)

Author: Michael Heinzl
Type: Exploit
Pull request: #19846 contributed by h4x-x0r
Path: windows/scada/mypro_mgr_cmd
AttackerKB reference: CVE-2024-47407

Description: A module for mySCADA myPRO Manager exploiting a command injection vulnerability (CVE-2024-47407) in the email parameter.

Enhancements and features (2)

  • #19851 from zeroSteiner - Updates the ad_cs_cert_template module to parse and display the flags field.
  • #19869 from adfoster-r7 - Removes the datastore_fallbacks feature flag and the corresponding code now that it is enabled by default.

Bugs fixed (3)

  • #19729 from sempervictus - Adds a fix for when an msfuser has established a shell session and wants to run a command on the target that also happens to be a built-in Metasploit command. Prior to this, it was not possible as MSF would intercept the command and run the built-in version. This was fixed by allowing the user to prepend built-ins with '.' to pass-through execution of the intended command (such as '.help' being executed as 'help') to the target.
  • #19842 from jheysel-r7 - When setting the JOHNPWFILE datastore option in a module that includes the Msf::Exploit::Remote::SMB::Server::HashCapture, NTLMv1 hashes were incorrectly being placed in the NTLMv2 hash file.
  • #19873 from adfoster-r7 - Remove report note calls from the ldap_esc_vulnerable_cert_finder as they were no longer needed and caused a side-effect crash in some codepaths.

Documentation

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

  • Pull Requests 6.4.48...6.4.49
  • Full diff 6.4.48...6.4.49

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro