Index

Aug 16, 2021

We updated Metasploit for Rails 6.1 and included various bug fixes.

Improved

Pro: We updated Pro’s Java Runtime Environment (JRE).
Pro: We have updated the underlying Rails version to 6.1 compatible with the latest Metasploit Framework release.
Pro: We have improved detection of underlying dependencies for image generation in Social Engineering reports.
PR 15327 - Fixes a regression issue in the RPC analyze command. Adds automated integration tests to ensure it doesn’t break in the future.
PR 15430 - This adds support for SSH pivoting by adding a new Command Shell session type for SSH clients. This also updates both auxiliary/scanner/ssh/ssh_login and auxiliary/scanner/ssh/ssh_login_pubkey modules to include these changes. Note that SSH pivot only supports TCP client connections for outbound payloads (no reverse payloads).
PR 15492 - This expands usability for job interactions by enabling job id -1 to reference the most recently created job.
PR 15493 - Updated Metasploit Framework’s dependency on Rails from version 5.2 to 6.1
PR 15498 - Updates the PostgreSQL schema_dump module to no longer ignore the default ‘postgres’ database which may contain useful information, and adds a new datastore option to configure ignored databases.
PR 15523 - This enhances the console output with additional information on why a session may not be compatible with a post module, such as missing Meterpreter commands.
PR 15535 - The psexec module has been updated to use the SMBSHARE option name instead of SHARE for better consistency across modules.

Pro: We have fixed an issue that prevented manual upload of loot objects for existing hosts.
Pro: We have updated PCI report generation to better handle large datasets.
PR 15500 - Fixes a regression issue for gitlab_file_read_rce and cacti_filter_sqli_rce where the modules failed to run
PR 15503 - A bug has been fixed in the Cisco Hyperflex file upload RCE module that prevented it from properly deleting the uploaded payload files. Upload payload files should now be properly deleted.
PR 15524 - This fixes a localization-related issue in the post/linux/gather/enum_network module, caused by it searching for language-specific strings in the output to determine success.
PR 15534 - Fixes a regression issue in post/multi/manage/shell_to_meterpreter where the generated Powershell command length was greater than the limit of 8192 characters after string obfuscation was applied
PR 15536 - The HiveNightmare module has been updated to correctly use the ITERATIONS option instead of the NBRE_ITER option when performing the loop to call check_path(). This fixes an issue where the module would hang while users were running it, and ensures the loop correctly terminates after a set number of iterations.
PR 15542 - This fixes a regression with Meterpreter’s initialize methods, which caused Meterpreter scripts to be broken.

PR 15501 - This adds an exploit for CVE-2019-11580 which is an unauthenticated RCE within the Atlassian Crowd application. The vulnerability allows for a malicious JAR file to be loaded, resulting in arbitrary Java code execution within the context of the service.
PR 15519 - A new module has been added to exploit CVE-2021-35449, a privilege escalation issue in a variety of Lexmark drivers including the Universal Print Driver. Successful exploitation allows local attackers to gain SYSTEM level code execution.
PR 15520 - A new module has been added to exploit CVE-2021-38085, a privilege escalation issue in the Canon TR150 Print Driver. Successful exploitation results in code execution as the SYSTEM user.