2022 Annual Metasploit Wrap-Up

2022 Annual Metasploit Wrap-Up

It's been another gangbusters year for Metasploit, and the holidays are a time to give thanks to all the people that help make our load a little bit lighter. So, while this end-of-year wrap-up is a highlight reel of the headline features and extensions that landed in Metasploit-land in 2022, we also want to express our gratitude and appreciation for our stellar community of contributors, maintainers, and users. The Metasploit team merged 824 pull requests across Metasploit-related projects in 2022, more than 650 of which were incorporated into the main metasploit-framework repository. If you fixed a typo, linked a new reference, or cleaned up some code spaghetti, thank you!


Active Directory Certificate Services attacks


For years now, penetration testers and attackers have emphasized Active Directory as a particularly juicy and valuable attack surface area. In 2021, we saw fresh attack research that outlined new techniques for targeting Active Directory Certificate Services, or AD CS, including multiple configuration flaws that can be leveraged to escalate permissions from a domain user to a privileged account. In response to requests from our user community, Metasploit released two modules in the second half of 2022 that support AD CS attack techniques:


auxiliary/gather/ldap_esc_vulnerable_cert_finder can be used by an authenticated AD user to enumerate Certificate Authorities (CAs) and find vulnerable certificate templates.
auxiliary/admin/dcerpc/icpr_cert allows users to issue certificates from AD CS with a few options that are used for exploiting some escalation (ESC) scenarios. Currently only escalation technique 1 (ESC1) can be exploited with the available options, but support for more techniques is planned.

Linux credential extraction with Mimipenguin


Metasploit expanded our post-exploitation capabilities for extracting plaintext ..

Support the originator by clicking the read the rest link below.