Metasploit Recent Releases / May 25, 2021

May 25, 20214.19.1

Improved

  • PR 15011 - Enhanced the analyze command to show additional information about an identified exploit being immediately runnable, or if it requires additional credentials or options to be set before being ran.

  • PR 15054 - Updated msfdb to work on additional platforms. Specifically Ubuntu through pg_ctlcluster, as well as an existing or remote databases with the new --connection-string option. This option can be used to interact with docker PostgreSQL containers.

  • PR 15125 - Updated the session_notifier.rb plugin to support Gotify, allowing users to be notified of new sessions via Gotify notifications.

  • PR 15146 - Improved the exploit module for CVE-2021-3156 (Baron Samedit) by removing the dependency on GCC being present in the target environment and adding new targets for Ubuntu 16.04, Ubuntu 14.04, CentOS 7, CentOS 8 and Fedora 23-27.

  • PR 15165 - Added documentation for the new cookie jar implementation, which is available for http-based modules.

  • PR 15175 - Updated the rejetto_hfs_exec module to replace calls to the depreciated URI.encode() function with calls to the URI::encode_www_form_component() function. This prevents users from being shown depreciation warnings when running the module.

  • PR 15178 - Updated the auxiliary/client/telegram/send_message module to support sending documents as well as to send documents and/or messages to multiple chat IDs.

  • PR 15202 - Updated the list of WordPress plugins and themes to allow users to discover more plugins and themes when running tools such as auxiliary/scanner/http/wordpress_scanner.

  • PR 15210 - Updated documentation for exploit/multi/http/gitlab_file_read_rce to provide additional information on how to set GitLab up with an SSL certificate for encrypted communications, allowing users to easily test scenarios in which an encrypted GitLab connection might be needed.

  • PR 15212 - Metasploit modules implemented in Python now explicitly require python3 to be present on the system path. This ensures that python2 is no longer used unintentionally, which previously occurred on Kali systems.

Fixed

  • Pro: We fixed an issue where session replay involving the SSH login module may fail.

  • PR 15149 - Fixed an edge case were cookies left over from one module run could impact the next module run.

  • PR 15171 - Updated the lib/msf/core/post/common.rb and lib/msf/ui/console/command_dispatcher/core.rb libraries to properly support passing timeouts to session.sys.process.capture_output(), allowing users to specify timeouts when executing commands on sessions. Previously these options would be ignored and a default timeout of 15 seconds would be used instead.

  • PR 15179 - The swagger-blocks dependency has been marked as a default dependency for all installs, preventing cases where if a user did not install the development and tests groups, they would be unable to start the web service.

  • PR 15196 - Fixed a bug in the msfdb script that prevented users from being able to run the script if they installed Metasploit into a location that contained spaces within its path.

  • PR 15205 - Fixed a bug in the exploit/multi/http/gitlab_file_read_rce module to allow it to target vulnerable GitLab servers where TLS is enabled.

  • PR 15213 - Fixed msfdb to use the passed in SSL key path (if provided) instead of the default one at ~/.msf4/msf-ws-key.pem, which may not exist if users have passed in a SSL key path as an option.

Modules

  • PR 15102 - New module exploit/osx/browser/osx_gatekeeper_bypass exploits a vulnerability in macOS versions 10.15 to 11.3, inclusive. This module generates an app which is missing an Info.plist file. When downloaded and executed by a user, the signed / notarization checks standard for downloaded files will be bypassed, granting code execution on the target.

  • PR 15113 - New module post/multi/gather/saltstack_salt gathers salt information, configs, etc..

  • PR 15168 - New module exploits/windows/local/tokenmagic has been added to exploit TokenMagic, an exploitation technique affecting Windows 7 to Windows 10 build 17134 inclusive, that allows users to elevate their privileges to SYSTEM. Affected systems can be exploited either via exploiting a DLL hijacking vulnerability affecting Windows 10 build 15063 up to build 17134 inclusive, or by creating a new service on the target system.

  • PR 15185 - New module exploits/unix/fileformat/exiftool_djvu_ant_perl_injection exploits CVE-2021-22204, an arbitrary Perl injection vulnerability within the DjVu module of ExifTool 7.44 to 12.23 which allows for RCE when parsing a malicious file containing a crafted DjVu ANT (Annotation) section.

  • PR 15186 - New module exploits/windows/http/netmotion_mobility_mvcutil_deserialization exploits CVE-2021-26914, which is a remotely exploitable vulnerability within NetMotion Mobility, whereby a crafted request can trigger a deserialization vulnerability resulting in code execution.

  • PR 15190 - New module exploits/windows/local/cve_2021_21551_dbutil_memmove adds an exploit for CVE-2021-21551, which is an IOCTL that is provided by the DBUtil_2_3.sys driver distributed by Dell that can be abused to perform kernel-mode memory read and write operations.

Offline Update

Metasploit Framework and Pro Installers