Improved

• PR 14383  - Added two new sample Python modules to provide a template/example for module creators and showcase how users can create external Python exploit and auxiliary modules.

• PR 14432  - Updated the kiwi.rb and priv/password.rb Meterpreter libraries with a new report_creds() function, ensuring that credentials dumped via Kiwi or the hashdump command are now appropriately captured in the creds database.This allows users to replay them later on or attempt to crack them and obtain the plaintext password.

• PR 14583  - Added the ability for Framework to detect when a given nmap scan requires sudo privileges.In such situations, Framework will now re-run nmap with sudo, prompting the user in the typical way.

• PR 14621  - Reduced the size of the linux/x64/shell_bind_tcp_random_port payload while maintaining the functionality.

• PR 14630  - Added hardcoded credentials found in Zyxel devices to the unix creds files (CVE-2020-29583 ).

• PR 14651  - Updated msftidy to verify that all modules have a module description.

• PR 14664  - Updated auxiliary/scanner/ssh/ssh_enumusers so that error messages which arise when a user doesn’t exist on the target system, or whom can’t connect remotely, are now only displayed if the VERBOSE flag is set.

Fixed

• Pro: We fixed an issue with missing images in HTML reports generated by Metasploit Pro on Windows installations. Images in those reports will now display properly.

• PR 14597  - Updated the modules/auxiliary/gather/external_ip module to provide a valid default VHOST setting.

• PR 14609  - Fixed an issue in the lib/msf/core/exploit/remote/http_client.rb and lib/msf/core/opt_http_rhost_url.rb libraries where the VHOST datastore variable would be set incorrectly if a user used an /etc/hosts entry for resolving a hostname to an IP address.

• PR 14632  - Fixed a compatibility issue in module exploits/unix/smtp/opensmtpd_mail_from_rce where it was failing to function when the target host’s shell uses a strictly POSIX compatible read utility (as is the case in Ubuntu).

• PR 14635  - Fixed an issue with the lib/rex/ui/text/shell.rb library to ensure usage of the %T character in the set Prompt format string does correctly show full timestamp information at the prompt.

• PR 14647  - Fixed a recent regression with the run command where attempts to use tab completion would result in a crash of Framework.

• PR 14650  - Fixed a crash in local_exploit_suggester when attempting to store RHOST information in the database.

• PR 14657  - Updated Metasploit’s docker build process to download pip from an alternative Github download source now that python2 support will no longer be available after January, 2021.

Modules

• PR 14414  - New module exploits/windows/local/cve_2020_1337_printerdemon provides a local exploit to leverage an arbitrary file write vulnerability in the Spooler service on Windows for achieving code execution as NT AUTHORITY\SYSTEM. This is a bypass of the patch for CVE-2020-1048  and is identified as CVE-2020-1337 .

• PR 14541  - New module post/windows/gather/forensics/fanny_bmp_check performs a Registry check on Windows targets to identify the presence of DementiaWheel/fanny.bmp malware.

• PR 14618  - New module exploits/multi/fileformat/archive_tar_arb_file_write takes advantage of an Archive_Tar < 1.4.11 deserialization vulnerability to write an arbitrary file containing user controlled content to disk (CVE-2020-28949 ).

• PR 14627  - New module exploits/windows/http/prtg_authenticated_rce provides a command injection exploit targeting PRTG Network Monitor product vulnerability CVE-2018-9276 .

• PR 14645  - New exploit module exploits/linux/http/mobileiron_mdm_hessian_rce targets CVE-2020-15505 , an unauthenticated RCE in MobileIron. The vulnerability is due to the deserialization of user data in an API endpoint that can be accessed through an ACL bypass.

• PR 14654  - New exploit module exploits/multi/http/microfocus_ucmdb_unauth_deser combines two vulnerabilities in the Micro Focus UCMDB application to achieve RCE. The first vulnerability is a set of hardcoded credentials, which are used to authenticate and access the second vulnerability which is insecure deserialization of user-controlled data. These vulnerabilities are identified as CVE-2020-11853  and CVE-2020-11854 .

Offline Update

• https://updates.metasploit.com/packages/d63ddd37ff267e94630bca599dbc5f9d75d028a1.bin 

Metasploit Framework and Pro Installers

• https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version