automatic module_metadata_base.json update

jenkins-metasploit · jenkins-metasploit · commit a3498db126a0 · 2025-10-01T06:48:16.000Z
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -837,7 +837,7 @@
       "Spencer McIntyre",
       "jheysel-r7"
     ],
-    "description": "This module exploits Active Directory Certificate Services (AD CS) template misconfigurations, specifically\n          ESC9, ESC10, and ESC16, by updating an LDAP object and requesting a certificate on behalf of a target user.\n          The module leverages the auxiliary/admin/ldap/ldap_object_attribute module to update the LDAP object and the\n          admin/ldap/shadow_credentials module to add shadow credentials for the target user. It then uses the\n          admin/kerberos/get_ticket module to retrieve the NTLM hash of the target user and requests a certificate via\n          MS-ICPR. The resulting certificate can be used for various operations, such as authentication.\n\n          The module ensures that any changes made by the ldap_object_attribute or shadow_credentials module are\n          reverted after execution to maintain system integrity.",
+    "description": "This module exploits Active Directory Certificate Services (AD CS) template misconfigurations, specifically\n          ESC9, ESC10, and ESC16, by updating an LDAP object and requesting a certificate on behalf of a target user.\n          The module leverages the auxiliary/admin/ldap/ldap_object_attribute module to update the LDAP object and the\n          admin/ldap/shadow_credentials module to add shadow credentials for the target user if the target password is\n          not provided. It then uses the admin/kerberos/get_ticket module to retrieve the NTLM hash of the target user\n          and requests a certificate via MS-ICPR. The resulting certificate can be used for various operations, such as\n          authentication.\n\n          The module ensures that any changes made by the ldap_object_attribute or shadow_credentials module are\n          reverted after execution to maintain system integrity.",
     "references": [
       "URL-https://github.com/GhostPack/Certify",
       "URL-https://github.com/ly4k/Certipy",
@@ -856,7 +856,7 @@
       "microsoft-ds"
     ],
     "targets": null,
-    "mod_time": "2025-07-30 15:28:56 +0000",
+    "mod_time": "2025-09-25 13:35:41 +0000",
     "path": "/modules/auxiliary/admin/dcerpc/esc_update_ldap_object.rb",
     "is_install_path": true,
     "ref_name": "admin/dcerpc/esc_update_ldap_object",
@@ -18678,6 +18678,130 @@
     "needs_cleanup": false,
     "actions": []
   },
+  "auxiliary_fileformat/datablock_padding_lnk": {
+    "name": "Windows Shortcut (LNK) Padding",
+    "fullname": "auxiliary/fileformat/datablock_padding_lnk",
+    "aliases": [],
+    "rank": 300,
+    "disclosure_date": "2025-07-19",
+    "type": "auxiliary",
+    "author": [
+      "Nafiez"
+    ],
+    "description": "This module generates Windows LNK (shortcut) file that can execute\n          arbitrary commands. The LNK file uses environment variables and execute\n          its arguments from COMMAND_LINE_ARGUMENTS with extra juicy whitespace\n          character padding bytes and concatenates the actual payload.",
+    "references": [
+      "ZDI-25-148",
+      "URL-https://zeifan.my/Windows-LNK/",
+      "URL-https://gist.github.com/nafiez/1236cc4c808a489e60e2927e0407c8d1",
+      "URL-https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html"
+    ],
+    "platform": "Windows",
+    "arch": "",
+    "rport": null,
+    "autofilter_ports": [],
+    "autofilter_services": [],
+    "targets": null,
+    "mod_time": "2025-09-29 10:12:50 +0000",
+    "path": "/modules/auxiliary/fileformat/datablock_padding_lnk.rb",
+    "is_install_path": true,
+    "ref_name": "fileformat/datablock_padding_lnk",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false,
+    "actions": []
+  },
+  "auxiliary_fileformat/environment_variable_datablock_leak": {
+    "name": "Right-Click Execution - Windows LNK File Special UNC Path NTLM Leak",
+    "fullname": "auxiliary/fileformat/environment_variable_datablock_leak",
+    "aliases": [],
+    "rank": 300,
+    "disclosure_date": "2025-05-06",
+    "type": "auxiliary",
+    "author": [
+      "Nafiez"
+    ],
+    "description": "This module creates a malicious Windows shortcut (LNK) file that\n          specifies a special UNC path in EnvironmentVariableDataBlock of Shell Link (.LNK)\n          that can trigger an authentication attempt to a remote server. This can be used\n          to harvest NTLM authentication credentials.\n\n          When a victim right-click the generated LNK file, it will attempt to connect to the\n          the specified UNC path, resulting in an SMB connection that can be captured\n          to harvest credentials.",
+    "references": [
+      "URL-https://zeifan.my/Right-Click-LNK/"
+    ],
+    "platform": "Windows",
+    "arch": "",
+    "rport": null,
+    "autofilter_ports": [],
+    "autofilter_services": [],
+    "targets": null,
+    "mod_time": "2025-09-29 11:37:42 +0000",
+    "path": "/modules/auxiliary/fileformat/environment_variable_datablock_leak.rb",
+    "is_install_path": true,
+    "ref_name": "fileformat/environment_variable_datablock_leak",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "screen-effects"
+      ],
+      "Reliability": []
+    },
+    "session_types": false,
+    "needs_cleanup": false,
+    "actions": []
+  },
+  "auxiliary_fileformat/icon_environment_datablock_leak": {
+    "name": "IconEnvironmentDataBlock - Windows LNK File Special UNC Path NTLM Leak",
+    "fullname": "auxiliary/fileformat/icon_environment_datablock_leak",
+    "aliases": [],
+    "rank": 300,
+    "disclosure_date": "2025-05-16",
+    "type": "auxiliary",
+    "author": [
+      "Nafiez"
+    ],
+    "description": "This module creates a malicious Windows shortcut (LNK) file that\n          specifies a special UNC path in IconEnvironmentDataBlock of Shell Link (.LNK)\n          that can trigger an authentication attempt to a remote server. This can be used\n          to harvest NTLM authentication credentials.\n\n          When a victim browse to the location of the LNK file, it will attempt to\n          connect to the the specified UNC path, resulting in an SMB connection that\n          can be captured to harvest credentials.",
+    "references": [
+      "URL-https://zeifan.my/Right-Click-LNK/"
+    ],
+    "platform": "Windows",
+    "arch": "",
+    "rport": null,
+    "autofilter_ports": [],
+    "autofilter_services": [],
+    "targets": null,
+    "mod_time": "2025-09-29 11:37:42 +0000",
+    "path": "/modules/auxiliary/fileformat/icon_environment_datablock_leak.rb",
+    "is_install_path": true,
+    "ref_name": "fileformat/icon_environment_datablock_leak",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ],
+      "Reliability": []
+    },
+    "session_types": false,
+    "needs_cleanup": false,
+    "actions": []
+  },
   "auxiliary_fileformat/maldoc_in_pdf_polyglot": {
     "name": "Maldoc in PDF Polyglot converter",
     "fullname": "auxiliary/fileformat/maldoc_in_pdf_polyglot",
@@ -18799,6 +18923,44 @@
     "needs_cleanup": false,
     "actions": []
   },
+  "auxiliary_fileformat/specialfolder_leak": {
+    "name": "SpecialFolderDatablock - Windows LNK File Special UNC Path NTLM Leak",
+    "fullname": "auxiliary/fileformat/specialfolder_leak",
+    "aliases": [],
+    "rank": 300,
+    "disclosure_date": "2025-05-10",
+    "type": "auxiliary",
+    "author": [
+      "Nafiez"
+    ],
+    "description": "This module creates a malicious Windows shortcut (LNK) file that\n          specifies a special UNC path in SpecialFolderDatablock of Shell Link (.LNK)\n          that can trigger an authentication attempt to a remote server. This can be used\n          to harvest NTLM authentication credentials.\n\n          When a victim browse to the location of the LNK file, it will attempt to\n          connect to the the specified UNC path, resulting in an SMB connection that\n          can be captured to harvest credentials.",
+    "references": [],
+    "platform": "Windows",
+    "arch": "",
+    "rport": null,
+    "autofilter_ports": [],
+    "autofilter_services": [],
+    "targets": null,
+    "mod_time": "2025-09-29 11:33:33 +0000",
+    "path": "/modules/auxiliary/fileformat/specialfolder_leak.rb",
+    "is_install_path": true,
+    "ref_name": "fileformat/specialfolder_leak",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false,
+    "actions": []
+  },
   "auxiliary_fileformat/word_unc_injector": {
     "name": "Microsoft Word UNC Path Injector",
     "fullname": "auxiliary/fileformat/word_unc_injector",
