Improved
Pro: We improved the stability of Pro Services when large datasets are in use.
PR 14154 - Updated all modules which previously used manual
AutoCheck
behavior to now leverage theAutoCheck
mixin instead.PR 14480 - Improved the handling of external modules when they're missing runtime dependencies and gives the user a more useful error. It will now return which runtime language the user is missing on their environment (this has been implemented for both Python and Go).
PR 14607 - Updated the Exchange ECP DLP Policy module exploit to leverage a new technique which bypasses the original patch. This new technique also works on unpatched versions.
PR 14669 - Improved error message feedback when using the
auxiliary/analyze/crack_*
modules. Examples include notifying the user that the database needs to be active and having JohnTheRipper Jumbo patch installed.PR 14685 - Reduced the size of the
linux/x64/shell_bind_tcp_random_port
payload while maintaining the functionality.PR 14708 - Added offsets to the
exploit/osx/browser/safari_proxy_object_type_confusion
exploit module for Mac OSX 10.13.1 and 10.13.2.PR 14713 - Added documentation for the
auxiliary/scanner/redis/redis_login
module.PR 14721 - Added a target for Debian 10 to the sudo exploit (CVE-2021-3156, a.k.a. Baron Samedit).
PR 14728 - Improved
lib/msf/core/module/reference.rb
as well as associated tools and documentation to update old WPVDB links with the new WPVDB domain and to also ensure that the new URL format is properly checked in the respective tools.
Fixed
PR 14680 - Updated
exploit/windows/winrm/winrm_script_exec
to avoid printingnil
when no command output is returned.PR 14684 - Added formatted logging to external python modules.
PR 14690 - Fixed a NULL pointer bug in mettle payloads when reading UDP channels.
PR 14693 - Fixed a regression error introduced in Metasploit 6.0.27 which caused the vhost header to not be correctly set for http modules.
PR 14714 - Updated the sqlite gem in preparation for Ruby 3.0 support.
PR 14719 - Fixed pivoted connections so they are much less likely to close early when there is still data pending to be read or written.
PR 14720 - Fixed an issue in the
lib/msf/core/exploit/remote/http_client.rb
andlib/msf/core/opt_http_rhost_url.rb
libraries where theVHOST
datastore variable would be set incorrectly if a user used an/etc/hosts
entry for resolving a hostname to an IP address.
Modules
PR 14578 - New auxiliary module
auxiliary/scanner/http/wp_abandoned_cart_sqli
retrieves Wordpress user names and password hashes by leveraging an unauthenticated SQL injection vulnerability within the WooCommerce Abandoned Cart plugin for versions below 5.8.2.PR 14593 - New module
post/windows/gather/enum_onedrive
allows users to enumerate information relating to all of the sites (including teamsites) which OneDrive is configured to synchronize for a target host.PR 14671 - New module
exploits/multi/http/microfocus_obm_auth_rce
leverages an insecure Java deserialization vulnerability in multiple Micro Focus products to achieve remote code execution as the root user (on Linux) or the SYSTEM user (on Windows). Initial authentication is required, but any low-privileged user can be used to successfully run this exploit.PR 14715 - New module
exploits/linux/local/sudo_baron_samedit
exploits a recently disclosed heap-based buffer overflow in the sudo utility (CVE-2021-3156, a.k.a. Baron Samedit).