Improved
- PR 14234 - Updated
Vagrantfile
to support vmware_desktop. - PR 14252 - Improved the
post/windows/gather/credentials/avira_password
module to save captured credentials into Metasploit's credential database, and updated corresponding credential libraries to allow users to export Raw-MD5u hashes (which Avira uses to store its passwords). Module documentation was also added. - PR 14270 - Updated
multiple_encode_payload
with additional console logging to handle the scenario of an encoder module being incorrectly entered or not existing. - PR 14282 - Improved the Metasploit module loading logic to provide more accurate error messages when external modules fail to load, such as when an external module is not marked as executable.
- PR 14297 - Updated the
auxiliary/scanner/http/zabbix_login
module and libraries to support Zabbix versions 3.x, 4.x, and 5.x, allowing it to target recent Zabbix releases up-to-and-including the latest Zabbix 5.2 LTS release. Module documentation was also added for this module.
Fixed
- PR 14222 - Replaced calls of
URI.encode()
toRex::Text.uri_encode()
in theexploits/multi/http/php_fpm_rce
module to avoid depreciation warnings. - PR 14225 - Updated rescue clauses to handle
SSLError
in HTTP scanner check_setup() methods. - PR 14250 - Fixed an issue in the DNS enumeration library that was causing zone transfer (AXFR) results to be displayed with a leading and trailing bracket.
- PR 14313 - Fixed the
exploits/windows/smb/ms17_010_psexec
andexploits/windows/smb/psexec
modules to avoid quietly ignoring invalid encoders by ensuring that SERVICE_STUB_ENCODER is validated. - PR 14323 - Cleaned up and fixed
exploit/dns/enumeration
library logic to ensure that, when conducting AXFR domain transfers, if the NS option is set to specify a name server, that the name server will be used when attempting to perform the zone transfer. - PR 14326 - Fixed a bug within
store_loot
logic whereby certain datatypes could not be stored properly and would result in a stack trace. With this fix, any datatypes can now be persisted as loot (this also fixes an edge-case were arrays weren't being stored in the remote database service in the same way that they were being stored to local loot files). - PR 14350 - Added a missing
nasm
dependency in Dockerfile to ensure thattools/exploit/nasm_shell.rb
will now work as expected.
Modules
- PR 14280 - New module
auxiliary/gather/mikrotik_winbox_fileread
targets MikroTik RouterOS versions which allow unauthenticated remote attackers to read arbitrary files through a directory traversal (CVE-2018-14847) via the WinBox interface (typically port 8291). - PR 14319 - New module
auxiliary/scanner/http/wp_loginizer_log_sqli
exploits an unauthenticated SQL injection (CVE-2020-27615) in Loginizer WordPress plugin versions before 1.6.4 and extracts user's credentials as stored in the database (hashes). Note that exploitation requires Wordpress 5.4 (or newer) or 5.5 (or newer).