Metasploit 6.2 version released with new updates – The world’s most used penetration testing framework.
By using Metasploit, the security teams can do more than just verify vulnerabilities, manage assessments, and improve security awareness: it allows defenders to always remain one step (or two steps) ahead.
- New global network capture plugin,
- SMB 1/2/3 server support,
- User-contributable docs,
- Support for debugging Meterpreter sessions,
- Local exploit suggester improvements, and more updates!
Metasploit penetration testing v6.2.0 has been released, marking another milestone that includes new modules, features, improvements, and bug fixes. Since Metasploit 6.1.0 (August 2021) until the latest Metasploit 6.2.0 release we’ve added:
- 138 new modules
- 148 enhancements and features
- 156 bug fixes
Each week, the Metasploit team publishes a Metasploit wrap-up with granular release notes for new Metasploit modules. Below is a list of some recent modules that pen testers have told us they are actively using on engagements (with success).
- VMware vCenter Server Unauthenticated JNDI Injection RCE (via Log4Shell) by RageLtMan, Spencer McIntyre, jbaines-r7, and w3bd3vil, which exploits CVE-2021-44228: A vCenter-specific exploit leveraging the Log4Shell vulnerability to achieve unauthenticated RCE as root / SYSTEM. This exploit has been tested on both Windows and Linux targets.
- F5 BIG-IP iControl RCE via REST Authentication Bypass by Heyder Andrade, James Horseman, Ron Bowes, and alt3kx, which exploits CVE-2022-1388: This module targets CVE-2022-1388, a vulnerability impacting F5 BIG-IP versions prior to 220.127.116.11. By making a special request, an attacker can bypass iControl REST authentication and gain access to administrative functionality. This can be used by unauthenticated attackers to execute arbitrary commands as the root user on affected systems.
- VMware Workspace ONE Access CVE-2022-22954 by wvu, Udhaya Prakash, and mr_me, which exploits CVE-2022-22954: This module exploits an unauthenticated remote code execution flaw in VMWare Workspace ONE Access installations; the vulnerability is being used broadly in the wild.
- Zyxel Firewall ZTP Unauthenticated Command Injection by jbaines-r7, which exploits CVE-2022-30525: This module targets CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support. Successful exploitation results in remote code execution as the nobody user. The vulnerability was discovered by Rapid7 researcher Jake Baines.
Local Privilege Escalation
- CVE-2022-21999 SpoolFool Privesc by Oliver Lyak and Shelby Pace, which exploits CVE-2022-21999: A local privilege escalation targeting the spool service on Windows 10 or Server builds 18362 or earlier.
- Dirty Pipe Local Privilege Escalation via CVE-2022-0847 by Max Kellermann and timwr, which exploits CVE-2022-0847: A module targeting a privilege escalation vulnerability in the Linux kernel starting with version 5.8. The module leverages the vulnerability to overwrite a SUID binary in order to gain privileges as the root user.
Also See – Metasploit Commands Cheatsheet
SMB v3 server support
This work builds upon the SMB v3 client support added in Metasploit 6.0.
Metasploit 6.2.0 contains a new standalone tool for spawning an SMB server that allows read-only access to the current working directory. This new SMB server functionality supports SMB v1/2/3, as well as encryption support for SMB v3.
Improved pivoting / NATed services support
Metasploit has added features to libraries that provide listening services (like HTTP, FTP, LDAP, etc) to allow them to be bound to an explicit IP address and port combination that is independent of what is typically the SRVHOST option. This is particularly useful for modules that may be used in scenarios where the target needs to connect to Metasploit through either a NAT or port-forward configuration. The use of this feature mimics the existing functionality that’s provided by the reverse_tcp and reverse_http(s) payload stagers.
Debugging Meterpreter sessions
There are now two ways to debug Meterpreter sessions:
- Log all networking requests and responses between msfconsole and Meterpreter, i.e. TLV packets.
- Generate a custom Meterpreter debug build with extra logging present.
Existing Metasploit Framework users can update to the latest release of Metasploit Framework via the msfupdate command.
Download Metasploit Penetration Testing Framework.