Improved
PR 14383 - Added two new sample Python modules to provide a template/example for module creators and showcase how users can create external Python exploit and auxiliary modules.
PR 14432 - Updated the
kiwi.rb
andpriv/password.rb
Meterpreter libraries with a newreport_creds()
function, ensuring that credentials dumped via Kiwi or thehashdump
command are now appropriately captured in thecreds
database.This allows users to replay them later on or attempt to crack them and obtain the plaintext password.PR 14583 - Added the ability for Framework to detect when a given
nmap
scan requires sudo privileges.In such situations, Framework will now re-runnmap
with sudo, prompting the user in the typical way.PR 14621 - Reduced the size of the
linux/x64/shell_bind_tcp_random_port
payload while maintaining the functionality.PR 14630 - Added hardcoded credentials found in Zyxel devices to the unix creds files (CVE-2020-29583).
PR 14651 - Updated
msftidy
to verify that all modules have a module description.PR 14664 - Updated
auxiliary/scanner/ssh/ssh_enumusers
so that error messages which arise when a user doesn't exist on the target system, or whom can't connect remotely, are now only displayed if theVERBOSE
flag is set.
Fixed
Pro: We fixed an issue with missing images in HTML reports generated by Metasploit Pro on Windows installations. Images in those reports will now display properly.
PR 14597 - Updated the
modules/auxiliary/gather/external_ip
module to provide a valid defaultVHOST
setting.PR 14609 - Fixed an issue in the
lib/msf/core/exploit/remote/http_client.rb
andlib/msf/core/opt_http_rhost_url.rb
libraries where theVHOST
datastore variable would be set incorrectly if a user used an/etc/hosts
entry for resolving a hostname to an IP address.PR 14632 - Fixed a compatibility issue in module
exploits/unix/smtp/opensmtpd_mail_from_rce
where it was failing to function when the target host's shell uses a strictly POSIX compatibleread
utility (as is the case in Ubuntu).PR 14635 - Fixed an issue with the
lib/rex/ui/text/shell.rb
library to ensure usage of the%T
character in theset Prompt
format string does correctly show full timestamp information at the prompt.PR 14647 - Fixed a recent regression with the
run
command where attempts to use tab completion would result in a crash of Framework.PR 14650 - Fixed a crash in
local_exploit_suggester
when attempting to store RHOST information in the database.PR 14657 - Updated Metasploit's docker build process to download
pip
from an alternative Github download source now that python2 support will no longer be available after January, 2021.
Modules
PR 14414 - New module
exploits/windows/local/cve_2020_1337_printerdemon
provides a local exploit to leverage an arbitrary file write vulnerability in the Spooler service on Windows for achieving code execution asNT AUTHORITY\SYSTEM
. This is a bypass of the patch for CVE-2020-1048 and is identified as CVE-2020-1337.PR 14541 - New module
post/windows/gather/forensics/fanny_bmp_check
performs a Registry check on Windows targets to identify the presence of DementiaWheel/fanny.bmp malware.PR 14618 - New module
exploits/multi/fileformat/archive_tar_arb_file_write
takes advantage of an Archive_Tar < 1.4.11 deserialization vulnerability to write an arbitrary file containing user controlled content to disk (CVE-2020-28949).PR 14627 - New module
exploits/windows/http/prtg_authenticated_rce
provides a command injection exploit targeting PRTG Network Monitor product vulnerability CVE-2018-9276.PR 14645 - New exploit module
exploits/linux/http/mobileiron_mdm_hessian_rce
targets CVE-2020-15505, an unauthenticated RCE in MobileIron. The vulnerability is due to the deserialization of user data in an API endpoint that can be accessed through an ACL bypass.PR 14654 - New exploit module
exploits/multi/http/microfocus_ucmdb_unauth_deser
combines two vulnerabilities in the Micro Focus UCMDB application to achieve RCE. The first vulnerability is a set of hardcoded credentials, which are used to authenticate and access the second vulnerability which is insecure deserialization of user-controlled data. These vulnerabilities are identified as CVE-2020-11853 and CVE-2020-11854.