Intelligence
mediumToolActive

Metasploit Framework Expansion: SMB-to-Meterpreter Upgrade and Peyara Remote Mouse RCE

Rapid7 published new Metasploit modules including an SMB-to-Meterpreter session upgrade utility and an unauthenticated RCE exploit for Peyara Remote Mouse 1.0.1. The additions expand post-exploitation capabilities and expose a legitimate remote control software to command execution attacks.

S
Sebastion

Affected

Peyara Remote Mouse 1.0.1Microsoft Windows (SMB systems)

Rapid7's Metasploit framework received three new modules this week, with two particularly notable additions. The SMB-to-Meterpreter upgrade module, contributed by Dean Welch, allows attackers who have established an SMB session to seamlessly transition to a full Meterpreter session using PsExec. This is a quality-of-life improvement for post-exploitation workflows, enabling operators to consolidate multiple session types under a single powerful agent framework. The module is invoked via windows/manage/smb_to_meterpreter or through the sessions -u <session_id> shorthand.

The second notable entry is an unauthenticated remote code execution exploit targeting Peyara Remote Mouse 1.0.1, a legitimate remote access tool. The vulnerability allows completely unauthenticated attackers to execute arbitrary code on systems running the affected version. This is significant because Peyara Remote Mouse is a consumer-grade remote control utility, and the absence of authentication requirements means any network-adjacent attacker can compromise it without credentials. The exploit module, authored by tmrswrr and merged via pull request #21491, is now available in the standard Metasploit distribution.

From a defensive perspective, organisations running Peyara Remote Mouse 1.0.1 should immediately upgrade to a patched version if one is available. Network segmentation policies should restrict access to remote control software to trusted networks only. More broadly, the continued publication of legitimate software exploits in Metasploit underscores why supply-chain security and third-party software management require active monitoring. Peyara Remote Mouse is not a widely deployed enterprise tool, but its inclusion in Metasploit signals that any software with remote access capabilities becomes a target once an unauthenticated vulnerability is discovered.

The SMB-to-Meterpreter functionality reflects an operational trend towards reducing friction in attack chains. By allowing seamless session upgrades, Metasploit contributors are acknowledging that real-world compromises often involve multiple pivot points and session types. This module makes those transitions frictionless, which is valuable context for defenders designing detection logic around Meterpreter spawning from unexpected parent processes. The combination of these modules illustrates the gap between what legitimate tools are designed for and what occurs when security assumptions (such as network isolation or authentication enforcement) fail in practice.

Sources