Shared RubySMB Service Improvements
This week’s updates include improvements to Metasploit Framework’s SMB server implementation: the SMB server can now be reused across various SMB modules, which are now able to register their own unique shares and files. SMB modules can also now be executed concurrently. Currently, there are 15 SMB modules in Metasploit Framework that utilize this feature.
New module content (2)
Mirth Connect Deserialization RCE
Authors: Naveen Sunkavally, Spencer McIntyre, and r00t
Type: Exploit
Pull request: #18755 contributed by zeroSteiner
Path: multi/http/mirth_connect_cve_2023_43208
Description: This PR adds an exploit module for Mirth Connect. Versions < 4.4.1 are vulnerable to CVE-2023-43208 and CVE-2023-37679, where the former is a patch bypass for the latter. In both cases, an attacker can execute an OS command in the context of the target service using a specially crafted HTTP request and Java deserialization gadget. A technical analysis of CVE-2023-37679 is available in AttackerKB.
Puppet Config Gather
Author: h00die
Type: Post
Pull request: #18628 contributed by h00die
Path: linux/gather/puppet
Description: This PR adds a post gather module to get Puppet configs and other sensitive files.
Enhancements and features (2)
#18680 from zeroSteiner - This adds a service compatible with Rex::ServiceManager for SMB that can ..
Support the originator by clicking the read the rest link below.
