Improved

• PR 11257  - Added the ability to wrap some PowerShell used for exploitation purposes with RC4 for obfuscation.

• PR 14831  - Updated the HttpClient mixin with with a new cookie jar implementation which correctly updates and merges the Set-Cookie header responses when using the send_request_cgi keep_cookies option.

• PR 15000  - Replaced the use of the which command with command -v, providing a more portable solution.

• PR 15014  - Added the ability to specify an individual private key as a string parameter for the auxiliary/scanner/ssh/ssh_login_pubkey module.

• PR 15087  - Improved the exploit/windows/local/microfocus_operations_privesc module so that it now supports both vulnerable Operations Bridge Manager installations and vulnerable Operations Bridge Reporter installations, with the new additional target being Operations Bridge Reporter.

• PR 15096  - Added shell session support to the post/windows/gather/checkvm module. This also notably added cross-platform support for getting a list of running processes using shell and Meterpreter sessions.

• PR 15110  - Added the necessary functionality to the Java Meterpreter for resolving hostnames over DNS, closing a feature gap that had been present with other Meterpreters.

• PR 15136  - Updated the exploit/multi/http/microfocus_ucmdb_unauth_deser module default Linux payload from cmd/unix/generic to cmd/unix/reverse_python.

• PR 15138  - Cleaned up the auxiliary/scanner/http/dell_idrac module code and added the last_attempted_at field to create_credential_login to prevent a crash. Also added documentation for the module.

Fixed

• Pro: We improved date parsing for Acunetix imports within Metasploit Framework.

• PR 14953  - Fixed python string formatting compatibility in auxiliary/scanner/http/rdp_web_login.

• PR 15050  - Fixed a crash in Metasploit’s console when the user tried to tab complete values, such as file paths, which were missing their final closing quote.

• PR 15081  - Updated the Microsoft SQL Server interesting data finder module to correctly handle the scenario where no interesting data is found. Previously, this would result in a module crash.

• PR 15094  - Fixed a bug in how certain Meterpreters would execute command issued through sessions -c, where some would use a subshell while others would not.

• PR 15111  - Fixed an issue in how some Meterpreter session types would inconsistently run commands issued through sessions -c.

• PR 15114  - Updated the auxiliary/scanner/redis/file_upload module to correctly handle Redis instances which require authenticated access.

• PR 15116  - Fixed a bug that would occur when importing newer Acunetix reports into the database due to a change in how the timestamp is formatted.

• PR 15120  - Fixed a regression within tools/modules/module_author.rb so that it runs without crashing.

• PR 15140  - Fixed msftidy_docs.rb so it doesn’t double warn on optional (and missing) Options headers.

Modules

• PR 11130  - New module post/multi/gather/unix_cached_ad_hashes retrieves cached AD credentials from two different solutions on UNIX (SSSD and VAS).

• PR 11130  - New module post/multi/gather/unix_kerberos_tickets retrieves cached Kerberos tickets from two different solutions on UNIX (SSSD and VAS).

• PR 14702  - New module auxiliary/gather/redis_extractor retrieves all data from a Redis instance (version 2.8.0 and above).

• PR 14947  - New module exploits/linux/misc/igel_command_injection exploits an unauthenticated command injection vulnerability in the Secure Terminal and Secure Shadow services in various versions of IGEL OS.

• PR 14977  - New module exploits/linux/http/apache_druid_js_rce targets Apache Druid versions prior to 0.20.1. An authenticated user can send a single request that both enables the execution of user-provided JavaScript code and executes the code on the server with the privileges of the user running the Apache Druid process. By default, Apache Druid does not require authentication.

• PR 15005  - New module exploits/linux/http/vmware_vrops_mgr_ssrf_rce exploits both a pre-auth SSRF and a post-auth file write via directory traversal to get code execution as the admin user on vulnerable VMware vRealize Operations Manager installs.

• PR 15021  - New module post/android/local/koffee leverages the CVE-2020-8539  vulnerability on certain Kia Motors head units. This vulnerability is also known as KOFFEE.

• PR 15030  - New module exploits/linux/http/gravcms_exec leverages an unauthenticated arbitrary YAML write/update vulnerability to get remote code execution on vulnerable GravCMS targets under the context of the web server user. This vulnerability is identified as CVE-2021-21425  and has been fixed in the admin component version 1.10.10, which was released with GravCMS version 1.7.9.

• PR 15086  - New module exploits/linux/ssh/microfocus_obr_shrboadmin provides an exploit for CVE-2020-11857 , which is a hardcoded SSH password in Micro Focus Operations Bridge Manager instances.

• PR 15090  - New module exploits/linux/http/microfocus_obr_cmd_injection adds an exploit for CVE-2021-22502 , which is an unauthenticated OS command injection vulnerability in the Micro Focus Operations Bridge Reporter.

• PR 15105  - New module exploits/multi/browser/chrome_cve_2021_21220_v8_insufficient_validation exploits CVE-2021-21220 , a Chrome V8 XOR typer OOB Access RCE that was found in the 2021 Pwn2Own competition by Dataflow Security’s Niklas Baumstark (@niklasb) and Bruno Keith (@bkth).Note that this module will require you to run Chrome without the sandbox enabled, as it does not come with a sandbox escape.

Offline Update

• https://updates.metasploit.com/packages/4e66f47b703bd43ea6fedc873b6bfbff3900f048.bin 

Metasploit Framework and Pro Installers

• https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version