nDepth Employee Contributions to Open Source Security Software, January 2025 EditionnDepth Employee Contributions to Open Source Security Software, January 2025 Edition
nDepth Security > Security > Team > nDepth Employee Contributions to Open Source Security Software, January 2025 Edition

nDepth Employee Contributions to Open Source Security Software, January 2025 Edition

Added: February 26, 2025

METASPLOIT PROJECT

The Metasploit Project, owned by Rapid 7, is a computer security program which is the world’s most used penetration testing framework. This Free and Open Source Software (FOSS) is used by nearly all penetration testers, and is extremely common in training courses from SANS, EC-Council, and many others.

The Metasploit Project, being Open Source Software, flourishes from the contributions of the community. nDepth’s own Mike Cyr (h00die) is a frequent contributor to the project and has continued to spend their personal time conducting security research and providing enhancements to Metasploit for the benefit of the security community. This month, h00die contributed the following enhancements:

UBUNTU NEEDRESTART LOCAL PRIVILEGE ESCALATION

A vulnerability was discovered within Ubuntu’s needrestart program which allows a low privileged user to become root. Needrestart is a program which determines if any running programs need to be restarted to apply updated versions or libraries. CVE-2024-48990 documents the vulnerability which can be exploited by running a python program, allowing needrestart to scan it, triggering an attacker-controlled program in the python’s PYTHONPATH to execute with root permissions. h00dies module takes advantage of this vulnerability to allow for penetration testers to validate if this vulnerability exists on a system or not.

ENHANCE PROMETHEUS MODULE WITH PPROF DETECTION

The Prometheus scanner module was developed by h00die in September of 2023. This module was recently enhanced to check for the performance profiler (/debug/pprof URL). This URL is known for divulging information about the system which could be sensitive in nature. It’s also possible to send multiple requests to the performance profiler which may cause a denial of service. Penetration testers now can easily find if the performance profiler is enabled and recommend it to be disabled before a malicious attacker abuses it.

ENHANCE RUNC PRIVILEGE ESCALATION

The runc exploit module (CVE-2024-21626) was developed by h00die in February of 2024. Improvements were made to the module so it can exploit targets running Arch linux.

MISCELLANEOUS IMPROVEMENTS

Several other improvements were made to Metasploit by h00die including:

  • Move the Acronis Cyber Protect module into the HTTP folder where it should be
  • Replace a link in the MS SQL CLR Payload module to archive.org since the reference website no longer exists
  • Update wordpress plugins and themes
  • Update the wordpress module discovery program

To view this month’s contributions, check the following links: