Bugs Fixed
- PR 9243 - This fix resolves issues with Windows Meterpreter that prevented the 'transport list' and automatic reconnect function from working when used with reverse_http/s.
Enhancements and Features
- Pro: MS-2908 - The full module path is now shown in module search results.
- PR 8807 - An external module template for capture servers is now available.
- PR 8948 - Initial support for modifying HTTP headers with Meterpreter for use in domain fronting and other evasion applications has been added.
- PR 9000 - Named parameters have been added for all of the current array-index based options.
- PR 9201 - Tab completion has been added to the exploit, generate, and handler commands.
- PR 9225 - A new external module template has been added for Denial of Service modules.
- PR 9227 - A Denial-of-Service auxiliary module for slowloris (CVE 2007-6750) has been added to the framework.
- PR 9238 - Support for Windows .NET Server has been added to exploits/windows/local/ms10_015_kitrap0d.rb
New Exploits
- PR 9212 - The exploit/unix/http/pfsense_group_member_exec module has been added to the framework. It can get a shell on pfsense
- PR 9255 - The exploits/osx/local/root_no_password module has been added to the framework. It adds support for the recent OSX 10.13 (High Sierra) vulnerability that allows you to log in as root with a blank password (AKA the `iamroot` vulnerability).