Improved
PR 15011 - Enhanced the
analyze
command to show additional information about an identified exploit being immediately runnable, or if it requires additional credentials or options to be set before being ran.PR 15054 - Updated
msfdb
to work on additional platforms. Specifically Ubuntu throughpg_ctlcluster
, as well as an existing or remote databases with the new--connection-string
option. This option can be used to interact with docker PostgreSQL containers.PR 15125 - Updated the
session_notifier.rb
plugin to support Gotify, allowing users to be notified of new sessions via Gotify notifications.PR 15146 - Improved the exploit module for CVE-2021-3156 (Baron Samedit) by removing the dependency on GCC being present in the target environment and adding new targets for Ubuntu 16.04, Ubuntu 14.04, CentOS 7, CentOS 8 and Fedora 23-27.
PR 15165 - Added documentation for the new cookie jar implementation, which is available for http-based modules.
PR 15175 - Updated the
rejetto_hfs_exec
module to replace calls to the depreciatedURI.encode()
function with calls to theURI::encode_www_form_component()
function. This prevents users from being shown depreciation warnings when running the module.PR 15178 - Updated the
auxiliary/client/telegram/send_message
module to support sending documents as well as to send documents and/or messages to multiple chat IDs.PR 15202 - Updated the list of WordPress plugins and themes to allow users to discover more plugins and themes when running tools such as
auxiliary/scanner/http/wordpress_scanner
.PR 15210 - Updated documentation for
exploit/multi/http/gitlab_file_read_rce
to provide additional information on how to set GitLab up with an SSL certificate for encrypted communications, allowing users to easily test scenarios in which an encrypted GitLab connection might be needed.PR 15212 - Metasploit modules implemented in Python now explicitly require
python3
to be present on the system path. This ensures that python2 is no longer used unintentionally, which previously occurred on Kali systems.
Fixed
Pro: We fixed an issue where session replay involving the SSH login module may fail.
PR 15149 - Fixed an edge case were cookies left over from one module run could impact the next module run.
PR 15171 - Updated the
lib/msf/core/post/common.rb
andlib/msf/ui/console/command_dispatcher/core.rb
libraries to properly support passing timeouts tosession.sys.process.capture_output()
, allowing users to specify timeouts when executing commands on sessions. Previously these options would be ignored and a default timeout of 15 seconds would be used instead.PR 15179 - The
swagger-blocks
dependency has been marked as a default dependency for all installs, preventing cases where if a user did not install thedevelopment
andtests
groups, they would be unable to start the web service.PR 15196 - Fixed a bug in the
msfdb
script that prevented users from being able to run the script if they installed Metasploit into a location that contained spaces within its path.PR 15205 - Fixed a bug in the
exploit/multi/http/gitlab_file_read_rce
module to allow it to target vulnerable GitLab servers where TLS is enabled.PR 15213 - Fixed
msfdb
to use the passed in SSL key path (if provided) instead of the default one at~/.msf4/msf-ws-key.pem
, which may not exist if users have passed in a SSL key path as an option.
Modules
PR 15102 - New module
exploit/osx/browser/osx_gatekeeper_bypass
exploits a vulnerability in macOS versions10.15
to11.3
, inclusive. This module generates an app which is missing anInfo.plist
file. When downloaded and executed by a user, the signed / notarization checks standard for downloaded files will be bypassed, granting code execution on the target.PR 15113 - New module
post/multi/gather/saltstack_salt
gathers salt information, configs, etc..PR 15168 - New module
exploits/windows/local/tokenmagic
has been added to exploit TokenMagic, an exploitation technique affecting Windows 7 to Windows 10 build 17134 inclusive, that allows users to elevate their privileges toSYSTEM
. Affected systems can be exploited either via exploiting a DLL hijacking vulnerability affecting Windows 10 build 15063 up to build 17134 inclusive, or by creating a new service on the target system.PR 15185 - New module
exploits/unix/fileformat/exiftool_djvu_ant_perl_injection
exploits CVE-2021-22204, an arbitrary Perl injection vulnerability within the DjVu module of ExifTool 7.44 to 12.23 which allows for RCE when parsing a malicious file containing a crafted DjVu ANT (Annotation) section.PR 15186 - New module
exploits/windows/http/netmotion_mobility_mvcutil_deserialization
exploits CVE-2021-26914, which is a remotely exploitable vulnerability within NetMotion Mobility, whereby a crafted request can trigger a deserialization vulnerability resulting in code execution.PR 15190 - New module
exploits/windows/local/cve_2021_21551_dbutil_memmove
adds an exploit for CVE-2021-21551, which is an IOCTL that is provided by the DBUtil_2_3.sys driver distributed by Dell that can be abused to perform kernel-mode memory read and write operations.