Skip to Content
Release NotesMetasploitIndex

Jun 07, 2021

We fixed a few issues related to viewing API keys and Social Engineering campaigns, and also updated Metasploit content.

Improved

  • PR 15062 - Added support for separating command history for the various sub-shells such as Meterpreter and Pry.

  • PR 15079 - Introduced the meterpreter key to the compat hash to better-provide Meterpreter session compatibility info to users, including printing the required Meterpreter extension(s) to the console in the event of a session incompatibility. Additionally, post modules will automatically load Meterpreter extensions used, provided that the module’s Meterpreter compatibility requirements are annotated.

  • PR 15199 - Improved the get_processes API on non-Windows systems with support that fails back to enumerating the /proc directory when the ps utility is not present.

  • PR 15220 - Added the ability to retrieve the OS version from an NTLMSSP type 2 message.

  • PR 15242 - Updated the tables displayed by the loot command to be displayed without wrapping. This makes it easier for users to copy and paste the output.

  • PR 15243 - Added a check() method to the Apache Tomcat Ghostcat module.

  • PR 15246 - Refactored some common functionality into a cross-platform Msf::Post::Process mixin with support for multiple session types.

  • PR 15251 - Added support for obtaining a stat object from the Post API via shell sessions when the stat command is available.

  • PR 15260 - Added a #pidof method that works with either Meterpreter or shell sessions and updates the #get_processes method to failover to command execution if it fails for some reason.

  • PR 15263 - Added a -p flag to the analyze command, allowing users to specify a payload that should be considered for use with any suggested exploit modules. Output will inform the user if the specified payload can be used with suggested payloads.

Fixed

  • Pro: We fixed a bug where revealing an obfuscated API key in the Pro UI did not display the API key.

  • Pro: We fixed an issue in Social Engineering campaigns where the File Format Exploit options may not be correctly saved.

  • PR 15194 - Fixed a bug where msfconsole would crash when connected to a remote dataservice and tab completing possible RPORT values.

  • PR 15216 - Fixed a mistake in the exploit for CVE-2021-21551 where the version fingerprinting is overly specific. Windows 10 build 18363 failed because it didn’t match the explicit build number 18362. This PR changes the fingerprinting to use ranges to fix this problem.

  • PR 15223 - Updated the exploit/windows/local/tokenmagic module to fix a crash that occurs on some targets, moving the target validation logic to earlier in the module.

  • PR 15236 - Added an additional check to the Linux checkvm module to fix a bug where it was failing to identify certain Xen environments such as those used within AWS.

  • PR 15240 - Fixed a typo that was present in the template for GitHub pull requests.

  • PR 15241 - Removed the previously prototyped RHOST_HTTP_URL module option and feature flag, as it had blocking edge cases for being enabled by default. A new implementation is being investigated.

  • PR 15262 - Improved msfvenom to only wrap output if the output is going to STDOUT.

  • PR 15267 - Fixed a bug that was present within the Shodan search module, where certain queries would cause an exception to be raised while processing the results.

  • PR 15289 - Corrected a command mapping for meterpreter API requirements in the Msf::Post::Windows::MSSQL mixin.

  • PR 15291 - Fixed a crash within the FortiOS SSL VPN Credential Leak module when running against a target which is not running FortiOS.

Modules

  • PR 14984 - New module post/osx/gather/gitignore adds an OSX Post exploitation module to retrieve .gitignore files that may contain pointers to files of interest.

  • PR 15024 - New module exploits/windows/smb/cve_2020_0796_smbghost adds an exploit for CVE-2020-0796 which can be used to gain unauthenticated remote code execution against unpatched Windows 10 v1903 and v1909 systems.

  • PR 15122 - New module exploits/unix/http/cacti_filter_sqli_rce exploits an authenticated SQL injection vulnerability in Cacti versions 1.2.12 and below. The module optionally saves Cacti creds and uses stacked queries to change the path_php_binary value to execute a payload and get code execution on the server.

  • PR 15231 - New module exploits/linux/http/suitecrm_log_file_rce targets SuiteCRM versions 7.11.18 and below. An authenticated user can rename the SuiteCRM log file to have an extension of .pHp. The log file can then be poisoned with arbitrary php code by modifying user account information, such as the user’s last name. Authenticated code execution is then achieved by requesting the log file.

Offline Update

Metasploit Framework and Pro Installers