CP
cyberpings
Tools & TutorialsMEDIUM

Metasploit - Enhanced NTLM Relaying Functionality Released

R7Rapid7 Blog
MetasploitCVE-2026-23767CVE-2025-12548CVE-2023-2868
🎯

Basically, Metasploit made it easier to test security by improving how it handles certain network connections.

Quick Summary

Metasploit's latest update enhances NTLM relaying capabilities, improving compatibility for security testing. This impacts various clients, making it easier to conduct security assessments. Users can update to benefit from these improvements.

What Happened

This week, Metasploit released an update that enhances its SMB NTLM relay server functionality. The update introduces new modules for relaying to HTTP, MSSQL, and LDAP, while still maintaining connections through SMB. Previously, clients had to manage SMB's STATUS_NETWORK_SESSION_EXPIRED error to relay authentication attempts to multiple targets. However, most clients, except for Windows' 'net use', struggled with this, limiting compatibility.

With the latest changes, when a single target is specified, Metasploit now forwards Net-NTLM messages immediately. This adjustment expands compatibility to a wider range of clients, including Linux's smbclient. Additionally, the RubySMB client has been updated to mimic the behavior of 'net use', allowing for successful relaying of authentication attempts across multiple targets.

New Module Content

The update also includes several new modules that address specific vulnerabilities. For instance, the ESC/POS Printer Command Injector exploits CVE-2026-23767, allowing attackers to send crafted commands to networked Epson-compatible printers. This vulnerability can lead to unauthorized printing commands being executed.

Another notable addition is an exploit for CVE-2025-12548, which affects the Eclipse Che machine-exec service. This vulnerability enables unauthenticated remote code execution via WebSocket connections, impacting Red Hat OpenShift DevSpaces environments. Lastly, the Barracuda ESG TAR Filename Command Injection exploits CVE-2023-2868, which allows attackers to execute commands through unsanitized TAR filenames in email attachments.

Enhancements and Bug Fixes

The update also brings enhancements to existing modules, including improvements to environment variable handling in post modules. Several bugs were fixed, such as issues preventing successful authentication relay from the Ruby SMB Client and smbclient. Other fixes addressed logging behaviors and compatibility with Mach-O binaries, ensuring smoother operation of the Metasploit Framework.

How to Get Started

To take advantage of these updates, users can update their Metasploit Framework using the msfupdate command. The latest documentation is available on the Metasploit docsite. Users can also access the full changes on GitHub, where they can find pull requests and diffs detailing the latest modifications. For those new to Metasploit, installing the open-source Nightly Installers or the commercial Metasploit Pro edition is recommended for the best experience.

🔒 Pro insight: The enhancements in NTLM relaying reflect a strategic shift towards broader compatibility, crucial for effective penetration testing across diverse environments.

Original article from

Rapid7 Blog · Spencer McIntyre

Read Full Article

Share

Related Pings

HIGHTools & Tutorials

Microsoft Defender - Protecting High-Value Assets Explained

Microsoft Defender is enhancing security for high-value assets like domain controllers and web servers. Learn how it detects and blocks threats in real-world scenarios. This proactive approach is crucial for maintaining organizational security.

Microsoft Security Blog·
MEDIUMTools & Tutorials

RoonCyber - Finalist for Best Application Security Solution

RoonCyber has been named a finalist for Best Application Security Solution at the SC Awards. Their innovative approach helps organizations secure applications, especially in AI workloads. This recognition highlights the growing importance of application security in today's tech landscape.

SC Media·
LOWTools & Tutorials

Tools - Using ASTs to Visualize Workflows Code

Cloudflare has introduced visual diagrams for Workflows, making it easier to understand complex code structures. This update enhances workflow management and visualization. Developers can now see how their code connects and executes, improving overall efficiency.

Cloudflare Blog·
MEDIUMTools & Tutorials

Windows 11 - Smart App Control Improvements Explained

Microsoft's KB5079391 update enhances Smart App Control in Windows 11, making it easier to manage. Users benefit from improved security and display reliability. This update is optional and can be installed through Windows Update.

BleepingComputer·
LOWTools & Tutorials

ISC Stormcast - Weekly Cybersecurity Insights

The ISC Stormcast for March 27, 2026, shares key cybersecurity insights. It's a must-listen for anyone interested in staying updated on the latest security trends. Tune in to enhance your knowledge and protect your systems.

SANS ISC Full Text·
MEDIUMTools & Tutorials

Tails 7.6 - New Automatic Tor Bridge Retrieval Added

Tails 7.6 is here with automatic Tor bridge retrieval and a new password manager. This update simplifies access on restricted networks and enhances credential management. Users can now connect to Tor more easily and securely.

Help Net Security·