Metasploit Weekly Wrap-Up 01/31/25
Discription

image
ESC4 Detection This week, Metasploit’s jheysel-r7 updated the existing ldap_esc_vulnerable_cert_finder module to include detecting template objects that can be written to by the authenticated user. This means the module can now identify instances of ESC4 from the perspective of the account that the Metasploit operator provided the credentials for. Metasploit has been capable of exploiting ESC4 for some time, but required users to know which certificate templates they had write access to. This closes an important gap in Metasploit’s AD CS coverage and should help users identify additional attack vectors. See the Metasploit AD CS documentaiton for steps on how ESC4 can be exploited using Metasploit. New module content (1) Craft CMS Twig Template Injection RCE via FTP Templates Path Authors: AssetNote, Valentin Lobstein, and jheysel-r7 Type: Exploit Pull request: #19772 contributed by jheysel-r7 Path: linux/http/craftcms_ftp_template AttackerKB reference: CVE-2024-56145 Description: Adding new exploit module for Craft CMS, when the attacker can use malicious FTP server to gain remote code execution. This vulnerability requires PHP option register_argc_argv to be enabled. Enhanced Modules (1) Modules which have either been enhanced, or renamed: 19816 from jheysel-r7 – This adds support to the existing ldap_esc_vulnerable_cert_finder for identifying certificate templates that are vulnerable to ESC4 from the perspective of the authenticated user. Bugs fixed (6) 19826 from…Read More

Back to Main

Subscribe for the latest news: