11/08/2019 | News release | Distributed by Public on 11/08/2019 14:11
Config R Us
Many versions of network management tool rConfig are vulnerable to unauthenticated command injection, and contributor bcoles added a new exploit module for targeting those versions. Present in v3.9.2 and prior, this vulnerability centers around the directory not being automatically cleaned up following software installation, leaving behind a PHP file that can be utilized to execute arbitrary commands as the web server user. Also serves as a friendly reminder that it's good to clean up after yourself...
RCE for SNMP
Targets running Net-SNMPd may be vulnerable to remote code execution, and, thanks to Steve Embling, we've got a new module for that. Relying on the service user having R/W access, this module supports protocol versions 1 and 2c and uses SNMP extension MIBs to enable remote code execution on the target. You might keep this one in mind next time you bump into NET-SNMPd…!
Keeping things in (Micro) Focus…
Contributor s7u55 swung by with a new privesc module targeting Data Protector software from Micro Focus (formerly HPE Software). Vulnerable versions of Data Protector allow this new module to exploit the trusted environment variable of the SUID binary , leading to privilege escalation. While this vulnerability was patched in version 10.40, many earlier versions of Data Protector may be vulnerable.
A penny for your thoughts...
We've got a fantastic new docs writer onboard, and she's helping us improve and expand Metasploit documentation. Which areas of Framework could be better documented? Which areas totally lack explanation or useful examples? Let us know here!
New modules (4)
Enhancements and features
As always, you can update to the latest Metasploit Framework with
and you can get more details on the changes since the last blog post from
We recently announced the release of Metasploit 5. You can get it by cloning
the Metasploit Framework repo (master branch). To install fresh without using git,
you can use the open-source-only Nightly Installers or the binary installers
(which also include the commercial editions).