Metasploit Recent Releases / Feb 17, 2021

Feb 17, 20214.19.0

Improved

  • Pro: We improved the stability of Pro Services when large datasets are in use.

  • PR 14154 - Updated all modules which previously used manual AutoCheck behavior to now leverage the AutoCheck mixin instead.

  • PR 14480 - Improved the handling of external modules when they're missing runtime dependencies and gives the user a more useful error. It will now return which runtime language the user is missing on their environment (this has been implemented for both Python and Go).

  • PR 14607 - Updated the Exchange ECP DLP Policy module exploit to leverage a new technique which bypasses the original patch. This new technique also works on unpatched versions.

  • PR 14669 - Improved error message feedback when using the auxiliary/analyze/crack_* modules. Examples include notifying the user that the database needs to be active and having JohnTheRipper Jumbo patch installed.

  • PR 14685 - Reduced the size of the linux/x64/shell_bind_tcp_random_port payload while maintaining the functionality.

  • PR 14708 - Added offsets to the exploit/osx/browser/safari_proxy_object_type_confusion exploit module for Mac OSX 10.13.1 and 10.13.2.

  • PR 14713 - Added documentation for the auxiliary/scanner/redis/redis_login module.

  • PR 14721 - Added a target for Debian 10 to the sudo exploit (CVE-2021-3156, a.k.a. Baron Samedit).

  • PR 14728 - Improved lib/msf/core/module/reference.rb as well as associated tools and documentation to update old WPVDB links with the new WPVDB domain and to also ensure that the new URL format is properly checked in the respective tools.

Fixed

  • PR 14680 - Updated exploit/windows/winrm/winrm_script_exec to avoid printing nil when no command output is returned.

  • PR 14684 - Added formatted logging to external python modules.

  • PR 14690 - Fixed a NULL pointer bug in mettle payloads when reading UDP channels.

  • PR 14693 - Fixed a regression error introduced in Metasploit 6.0.27 which caused the vhost header to not be correctly set for http modules.

  • PR 14714 - Updated the sqlite gem in preparation for Ruby 3.0 support.

  • PR 14719 - Fixed pivoted connections so they are much less likely to close early when there is still data pending to be read or written.

  • PR 14720 - Fixed an issue in the lib/msf/core/exploit/remote/http_client.rb and lib/msf/core/opt_http_rhost_url.rb libraries where the VHOST datastore variable would be set incorrectly if a user used an /etc/hosts entry for resolving a hostname to an IP address.

Modules

  • PR 14578 - New auxiliary module auxiliary/scanner/http/wp_abandoned_cart_sqli retrieves Wordpress user names and password hashes by leveraging an unauthenticated SQL injection vulnerability within the WooCommerce Abandoned Cart plugin for versions below 5.8.2.

  • PR 14593 - New module post/windows/gather/enum_onedrive allows users to enumerate information relating to all of the sites (including teamsites) which OneDrive is configured to synchronize for a target host.

  • PR 14671 - New module exploits/multi/http/microfocus_obm_auth_rce leverages an insecure Java deserialization vulnerability in multiple Micro Focus products to achieve remote code execution as the root user (on Linux) or the SYSTEM user (on Windows). Initial authentication is required, but any low-privileged user can be used to successfully run this exploit.

  • PR 14715 - New module exploits/linux/local/sudo_baron_samedit exploits a recently disclosed heap-based buffer overflow in the sudo utility (CVE-2021-3156, a.k.a. Baron Samedit).

Offline Update

Metasploit Framework and Pro Installers