Executive Summary

This vulnerability is a command injection flaw in the function console.run_module_with_output() in the pymetasploit3 library up to version 1.0.6.

Attackers can inject newline characters into module options such as RHOSTS, which breaks the intended command structure.

This allows the Metasploit console to execute additional unintended commands, potentially leading to arbitrary command execution and manipulation of Metasploit sessions.

Useful 0 Not Useful 0

Impact Analysis

Exploitation of this vulnerability can lead to arbitrary command execution within the Metasploit console environment.

An attacker could manipulate Metasploit sessions, potentially gaining unauthorized control or causing unintended actions.

This could compromise the security and integrity of penetration testing operations or any automated tasks relying on pymetasploit3.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves command injection through the pymetasploit3 library's run_module_with_output() method, allowing injection of newline characters into module options like RHOSTS. Detection involves monitoring for unexpected or suspicious command executions within Metasploit sessions or RPC interactions.

Using pymetasploit3, you can list active sessions and consoles to check for unusual activity. For example, you can list sessions with the command: client.sessions.list

You can also monitor commands run via the console or RPC interface by inspecting console outputs or logs.

• List available exploits: client.modules.exploits
• Load an exploit module: exploit = client.modules.use('exploit', 'module_name')
• Check or set RHOSTS option carefully to detect injection attempts: exploit['RHOSTS']
• Run modules with output and monitor for unexpected command execution: client.consoles.console(cid).run_module_with_output(exploit, payload='payload')

Additionally, monitoring network traffic for unusual RPC calls on ports 55552 or 55553 (default msgrpc and msfrpcd ports) may help detect exploitation attempts.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include avoiding use of vulnerable pymetasploit3 versions (up to 1.0.6) until a patched version is available.

Restrict access to Metasploit RPC interfaces (msfrpcd on port 55553 and msgrpc plugin on port 55552) by firewall rules or network segmentation to prevent unauthorized use.

Carefully validate and sanitize all inputs to module options such as RHOSTS to prevent injection of newline or other special characters.

Monitor Metasploit sessions and console outputs for signs of unexpected command execution or manipulation.

Consider disabling or limiting use of the run_module_with_output() method or similar functionality that allows command injection until a fix is applied.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows attackers to execute arbitrary commands and manipulate Metasploit sessions, which could lead to unauthorized access and control over systems.

Such unauthorized access and potential data manipulation could result in violations of data protection and security requirements mandated by standards like GDPR and HIPAA, which require safeguarding sensitive data and ensuring system integrity.

Therefore, exploitation of this vulnerability could negatively impact compliance with these regulations by exposing systems to unauthorized control and potential data breaches.

Useful 0 Not Useful 0