Metasploit Recent Releases / Oct 26, 2020

Oct 26, 20204.19.0

New

  • Pro: As an improvement around viewing Web App vulnerabilities, we updated the workspace analysis view to offer a Web Vulnerabilities view for all hosts in the workspace.

Improved

  • Pro: We updated Metasploit services to use Ruby 2.7.2.
  • Pro: As improvements around viewing Web App vulnerabilities, we moved the Web Vulnerabilities table to a separate tab and renamed the Vulnerabilities tab to be Disclosed Vulnerabilities.
  • Pro: As an improvement around viewing Web App vulnerabilities, we updated the project dashboard view to clearly reflect total vulnerabilities.
  • PR 14240 - Added tab completion for specifying inline options when using the run command. For example, within Metasploit's console typing run and then hitting the tab key twice will now show all available option names. Incomplete option names and values can also be also suggested, for example run LHOST= and then hitting the tab key twice will show all available LHOST values.
  • PR 14258 - Improved module code and added module docs for a number of Windows post modules.
  • PR 14289 - Added extended version checks for SharePoint and Exchange servers as used by the exploit modules for CVE-2020-16875 and CVE-2020-16952.
  • PR 14311 - Added support for gathering ProxyUsername and ProxyPassword keys to the post/windows/gather/enum_putty_saved_sessions module.

Fixed

  • Pro: We fixed the ability to manually run local exploit modules from the modules search page.
  • Pro: We fixed a hang when uploading a user-provided file during custom campaign setup. Files should now upload normally.
  • Pro: We fixed and improved the replaying of sessions which were opened via modules that have had new options added since the last session was opened. Instead of being left blank, the default values of any new options will be correctly populated and the user informed of the changes.
  • Pro: We fixed the proof results view of application scanning to allow scrolling when the text length exceeds the available horizontal width.
  • Pro: We fixed the command shell window for interacting with shell sessions to properly display the results/output of commands again.
  • Pro: We updated the PCI-DSS report contents to match the v3.2.1 spec.
  • Pro: We fixed PCI and FISMA report generation to use proper XML sanitization to gracefully support more character values.
  • PR 14235 - Fixed a bug in the modules/post/windows/gather/smart_hashdump module incorrectly assuming that RID 1001 was a special service account that one could not dump hashes from. The module should now only skip RID 501, or the Guest account, which is not password protected.
  • PR 14279 - Fixed a bug in the exploit/linux/local/bpf_sign_extension_priv_esc module with the cred uid field to make it the correct size, ensuring data will be correctly interpreted.
  • PR 14288 - Fixed CVE-2020-7384, a client-side command injection issue with msfvenom's handling of a malicious APK template, which was discovered, reported, and fixed by Justin Steven.
  • PR 14290 - Fixed an issue with the exploit/windows/smb/ms17_010_eternalblue module that was preventing sessions from being obtained successfully.]
  • PR 14300 - Fixed CVE-2020-7385, a security issue whereby a user who has run the exploit/linux/misc/drb_remote_codeexec module becomes vulnerable to it themselves, which was discovered and reported by Jeff Dileo.
  • PR 14303 - Fixed an error via the RPC interface where the compatible sessions endpoint would not handle local exploit modules.
  • PR 14305 - Fixed some broken links in the CONTRIBUTORS.md file, they now point to the correct URL.

Modules

  • PR 13817 - New module exploit/windows/local/cve_2019_1458_wizardopium can be used standalone local exploit CVE-2019-1458 (aka WizardOpium) to achieve LPE on vulnerable Windows targets or as a sandbox escape option with exploit/multi/browser/chrome_object_create.
  • PR 14229 - New module exploits/windows/http/telerik_rau_deserialization targets Telerik UI for ASP.NET AJAX, leveraging CVE-2017-11317 and CVE-2019-18935 to gain RCE against vulnerable targets.
  • PR 14265 - New module exploits/windows/http/sharepoint_ssi_viewstate gains authenticated RCE against SharePoint targets vulnerable to CVE-2020-16952.

Offline Update

Metasploit Framework and Pro Installers