Nov 09, 20204.19.0

Improved

  • PR 14234 - Updated Vagrantfile to support vmware_desktop.
  • PR 14252 - Improved the post/windows/gather/credentials/avira_password module to save captured credentials into Metasploit's credential database, and updated corresponding credential libraries to allow users to export Raw-MD5u hashes (which Avira uses to store its passwords). Module documentation was also added.
  • PR 14270 - Updated multiple_encode_payload with additional console logging to handle the scenario of an encoder module being incorrectly entered or not existing.
  • PR 14282 - Improved the Metasploit module loading logic to provide more accurate error messages when external modules fail to load, such as when an external module is not marked as executable.
  • PR 14297 - Updated the auxiliary/scanner/http/zabbix_login module and libraries to support Zabbix versions 3.x, 4.x, and 5.x, allowing it to target recent Zabbix releases up-to-and-including the latest Zabbix 5.2 LTS release. Module documentation was also added for this module.

Fixed

  • PR 14222 - Replaced calls of URI.encode() to Rex::Text.uri_encode() in the exploits/multi/http/php_fpm_rce module to avoid depreciation warnings.
  • PR 14225 - Updated rescue clauses to handle SSLError in HTTP scanner check_setup() methods.
  • PR 14250 - Fixed an issue in the DNS enumeration library that was causing zone transfer (AXFR) results to be displayed with a leading and trailing bracket.
  • PR 14313 - Fixed the exploits/windows/smb/ms17_010_psexec and exploits/windows/smb/psexec modules to avoid quietly ignoring invalid encoders by ensuring that SERVICE_STUB_ENCODER is validated.
  • PR 14323 - Cleaned up and fixed exploit/dns/enumeration library logic to ensure that, when conducting AXFR domain transfers, if the NS option is set to specify a name server, that the name server will be used when attempting to perform the zone transfer.
  • PR 14326 - Fixed a bug within store_loot logic whereby certain datatypes could not be stored properly and would result in a stack trace. With this fix, any datatypes can now be persisted as loot (this also fixes an edge-case were arrays weren't being stored in the remote database service in the same way that they were being stored to local loot files).
  • PR 14350 - Added a missing nasm dependency in Dockerfile to ensure that tools/exploit/nasm_shell.rb will now work as expected.

Modules

  • PR 14280 - New module auxiliary/gather/mikrotik_winbox_fileread targets MikroTik RouterOS versions which allow unauthenticated remote attackers to read arbitrary files through a directory traversal (CVE-2018-14847) via the WinBox interface (typically port 8291).
  • PR 14319 - New module auxiliary/scanner/http/wp_loginizer_log_sqli exploits an unauthenticated SQL injection (CVE-2020-27615) in Loginizer WordPress plugin versions before 1.6.4 and extracts user's credentials as stored in the database (hashes). Note that exploitation requires Wordpress 5.4 (or newer) or 5.5 (or newer).

Offline Update

Metasploit Framework and Pro Installers