10/09/2020 | News release | Distributed by Public on 10/09/2020 13:46
This week includes a new module targeting the SAP Internet Graphics Server application, contributed by community member Vladimir Ivanov. This particular module covers two CVEs that are both XML External Entity (XXE) bugs that are remotely exploitable. The module comes fully featured with the ability to check for the presence of the vulnerabilities as well as two methods to leverage them. The first is a read action that allows users to read files from the remote server, while the second can be used to trigger a denial of service (DoS) condition.
The module documentation for the Zerologon (CVE-2020-1472) module has been updated with details of how to run the entire attack workflow through Metasploit. This specifically included leveraging the new auxiliary/gather/windows_secrets_dump which can recover the machine password to restore on the targeted Domain Controller and using the PSexec module to execute a payload. It's important to restore the machine account password to prevent services from breaking. Module documentation can be accessed from msfconsole by using the info -d command. The most recent Metasploit Demo meeting also covered this content, showing the newly documented workflow in action.
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).