Improved
PR 15062 - Added support for separating command history for the various sub-shells such as Meterpreter and Pry.
PR 15079 - Introduced the
meterpreter
key to thecompat
hash to better-provide Meterpreter session compatibility info to users, including printing the required Meterpreter extension(s) to the console in the event of a session incompatibility. Additionally,post
modules will automatically load Meterpreter extensions used, provided that the module's Meterpreter compatibility requirements are annotated.PR 15199 - Improved the
get_processes
API on non-Windows systems with support that fails back to enumerating the/proc
directory when theps
utility is not present.PR 15220 - Added the ability to retrieve the OS version from an NTLMSSP type 2 message.
PR 15242 - Updated the tables displayed by the
loot
command to be displayed without wrapping. This makes it easier for users to copy and paste the output.PR 15243 - Added a check() method to the Apache Tomcat Ghostcat module.
PR 15246 - Refactored some common functionality into a cross-platform
Msf::Post::Process
mixin with support for multiple session types.PR 15251 - Added support for obtaining a stat object from the Post API via shell sessions when the
stat
command is available.PR 15260 - Added a
#pidof
method that works with either Meterpreter or shell sessions and updates the#get_processes
method to failover to command execution if it fails for some reason.PR 15263 - Added a
-p
flag to the analyze command, allowing users to specify a payload that should be considered for use with any suggested exploit modules. Output will inform the user if the specified payload can be used with suggested payloads.
Fixed
Pro: We fixed a bug where revealing an obfuscated API key in the Pro UI did not display the API key.
Pro: We fixed an issue in Social Engineering campaigns where the File Format Exploit options may not be correctly saved.
PR 15194 - Fixed a bug where msfconsole would crash when connected to a remote dataservice and tab completing possible RPORT values.
PR 15216 - Fixed a mistake in the exploit for CVE-2021-21551 where the version fingerprinting is overly specific. Windows 10 build 18363 failed because it didn't match the explicit build number 18362. This PR changes the fingerprinting to use ranges to fix this problem.
PR 15223 - Updated the
exploit/windows/local/tokenmagic
module to fix a crash that occurs on some targets, moving the target validation logic to earlier in the module.PR 15236 - Added an additional check to the Linux
checkvm
module to fix a bug where it was failing to identify certain Xen environments such as those used within AWS.PR 15240 - Fixed a typo that was present in the template for GitHub pull requests.
PR 15241 - Removed the previously prototyped
RHOST_HTTP_URL
module option and feature flag, as it had blocking edge cases for being enabled by default. A new implementation is being investigated.PR 15262 - Improved
msfvenom
to only wrap output if the output is going to STDOUT.PR 15267 - Fixed a bug that was present within the Shodan search module, where certain queries would cause an exception to be raised while processing the results.
PR 15289 - Corrected a command mapping for
meterpreter
API requirements in theMsf::Post::Windows::MSSQL
mixin.PR 15291 - Fixed a crash within the FortiOS SSL VPN Credential Leak module when running against a target which is not running FortiOS.
Modules
PR 14984 - New module
post/osx/gather/gitignore
adds an OSX Post exploitation module to retrieve.gitignore
files that may contain pointers to files of interest.PR 15024 - New module
exploits/windows/smb/cve_2020_0796_smbghost
adds an exploit for CVE-2020-0796 which can be used to gain unauthenticated remote code execution against unpatched Windows 10 v1903 and v1909 systems.PR 15122 - New module
exploits/unix/http/cacti_filter_sqli_rce
exploits an authenticated SQL injection vulnerability in Cacti versions1.2.12
and below. The module optionally saves Cacti creds and uses stacked queries to change thepath_php_binary
value to execute a payload and get code execution on the server.PR 15231 - New module
exploits/linux/http/suitecrm_log_file_rce
targets SuiteCRM versions7.11.18
and below. An authenticated user can rename the SuiteCRM log file to have an extension of.pHp
. The log file can then be poisoned with arbitrary php code by modifying user account information, such as the user's last name. Authenticated code execution is then achieved by requesting the log file.