Bugs Fixed
- Pro: MS-5982 - The "Create VPN Pivot" action on an existing session should no longer result in a "wrong number of arguments" error.
- Pro: MS-5807 - The Known Credentials Intrusion MetaModule should no longer fail with an RHOSTS option error.
Enhancements and Features
- PR 13271 - The
auxiliary/server/capture/smtpmodule has been updated to store captured credentials (login, plain, and cram-md5) ascredsin the database and store captured messageDATAasnotesin the database. A bug fix was also made to avoid hanging atRSET. - PR 13596 - A new SQL injection library was added to the Metasploit Framework, making it easier for module writers to exploit SQLi vulnerabilities. The library currently supports the MySQL database management system, and existing modules
exploits/linux/http/eyesofnetwork_autodiscovery_rceandauxiliary/sqli/openemr/openemr_sqli_dumphave been updated to take advantage of the new library capabilities. - PR 13626 - The
post/windows/gather/checkvmmodule has been updated to run faster while also reducing the size of the module. - PR 13750 - A number of auxiliary modules (includes ones in
/cisco,/juniper,/ubiquiti, and/brocadelocations) have been reorganized under a new folder:/networking. Related documentation was also updated, and the previous locations treated as 'deprecated' so that users attempting to use modules in the old location will be redirected to the new location. - PR 13759 - The
auxiliary/scanner/http/owa_loginmodule was updated to support a new advanced option namedBaselineAuthTime, allowing users to specify expected HTTP response times to better differentiate between valid and invalid credentials. - PR 13841 - The UNIX post mixin (
Msf::Post::Unix) was updated to centralize theis_root?method implemented locally by several modules, which themselves were also updated to use this new method. - PR 13848 - A new wordlist has been added as
data/wordlists/telnet_cdata_ftth_backdoor_userpass.txt, containing four backdoor admin credentials that were found to be hardcoded into the Telnet component of CDATA OLTs. This wordlist can be used in conjunction with theauxiliary/scanner/telnet/telnet_loginmodule to scan for vulnerable CDATA OLT devices on a network.
New Modules
- PR 13730 - New module
exploits/linux/http/pandora_fms_events_execwas added to exploit a post-authentication command injection vulnerability in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 (and perhaps older versions; CVE-2020-13851), allowing for execution of arbitrary commands. - PR 13741 - New module
exploits/windows/http/plex_unpickle_dict_rcewas added to exploit a post-authentication deserialization vulnerability in some versions of Plex media software for Windows platforms (CVE-2020-5741), allowing an attacker to execute arbitrary Python code on the target. - PR 13769 - New module
auxiliary/scanner/http/fortimail_login_bypass_detectionwas added for identifying FortiMail targets vulnerable to authentication bypass (CVE-2020-9294).