Rapid7 : Metasploit Wrap-up

Nagios XI post module

Nagios XI may store the credentials of the hosts it monitors, and with the new post module by Cale Smith, we're now able to extract the Nagios database content along with its SSH keys and dump them into the MSF database. With the addition of this new post module, we can conveniently increase the opportunities for lateral movement.

Environment-based API token authentication

Our own ekelly-rapid7 added an alternate method of authenticating the Metasploit JSON-RPC web service via API token stored in an environment variable, which will allow running the Metasploit JSON-RPC web service without a database attached! The JSON-RPC server will check the presence of an environment variable if the database is not enabled.

Docs!

Something that's not appreciated as much but the first thing we look at when exploring... Let's show some appreciation to weh and nsa this week for new documentation added for some of our auxiliary scanners. hkerma has also added a nifty tool to help us all manage the state of our docs!

New modules (1)

Enhancements and features

• PR #12420 by ekelly-rapid7 adds an alternate method of authenticating the Metasploit RPC web service using a preshared authentication set in an environment variable. This is useful for running the Metasploit RPC web service without a database attached.
• PR #12428 by acammack-r7 adds ability to add custom messages to default error and success messages so that a specific module can give tailored feedback when a predicted condition occurs.
• PR #12437 by weh adds docs for wp_dukapress_file_read aux scanner module.
• PR #12436 by weh adds docs for wordpress_scanner aux scanner module.
• PR #12435 by weh adds docs for wordpress_xmlrpc_login aux scanner module.
• PR #12418 by nsa adds docs for redis_server aux scanner module.
• PR #12367 by hkerma adds a new tool to help manage docs by identifying stray docs (need to be renamed), docs which need to be created, and files which are in the wrong place. It does this in a markdown format, with links to the modules, to help keep automatic tabs on #12389.

Bugs fixed

• PR #12443 by zeroSteiner fixes an issue with the Python and payloads. Payload invocation worked, however the first stage was not being generated correctly, resulting in no session and an error being thrown from the Python interpreter. This PR fixes this issue by fixing cached sizes and URI sizes.
• PR #12366 by h00die fixes a error in the Atutor SQLi exploit module.

Get it

As always, you can update to the latest Metasploit Framework with
and you can get more details on the changes since the last blog post from
GitHub:

We recently announced the release of Metasploit 5. You can get it by cloning
the Metasploit Framework repo (master branch). To install fresh without using git,
you can use the open-source-only Nightly Installers or the binary installers
(which also include the commercial editions).