A vulnerability within the Fortra GoAnywhere MFT has been discovered, allowing an unauthenticated attacker to create a new administrator account and potentially execute remote code. Specifically, this vulnerability affects GoAnywhere MFT versions 6.x from 6.0.1, as well as 7.x before 7.4.1. Exploiting this vulnerability would enable an attacker to upload a JSP payload and subsequently achieve remote code execution.

The Metasploit module has been crafted to exploit this vulnerability. The module itself is incredibly versatile, featuring various functionalities such as an automatic check and an auxiliary report that observes the stability, reliability, and side effects of the exploit.

Upon initialization, the module uses a series of targets and options to determine the best approach for exploitation. It checks for the presence of the unauthenticated REST API endpoint and extracts the version number to confirm the presence of the vulnerability. Upon successful confirmation, the module is capable of creating a new administrator account and storing the required credentials.

Additionally, the module effectively targets the appropriate operating system and product installation directory, making use of the about.xhtml page to gather essential information required for the exploit. The presence of a JSP payload is crucial in this process, as the module is designed to upload this payload to a specific directory within the target system. The exploit also automatically creates and stores the JSP payload, ensuring that it is deleted after generating a session.

Although the automatic targeting and payload upload processes are carefully handled by the module, it is important to note that it is not feasible to delete the user account created as a part of the exploit. This limitation is due to restrictions within the web interface or REST API.

Furthermore, the module provides functionalities to manage and store credentials, logging pertinent information and encrypting data to ensure secure storage. This helps in maintaining a record of the exploitation activities and their outcomes, adding a layer of accountability and traceability within the exploit environment.

Overall, the Metasploit module for the Fortra GoAnywhere MFT Unauthenticated Remote Code Execution vulnerability is a comprehensive and sophisticated tool for identifying, exploiting, and managing the intricacies of this security flaw. It provides convenience and a high degree of automation, making it an effective solution for security professionals in detecting and addressing vulnerabilities within the GoAnywhere MFT software.

Source link