Improved
Pro: We updated Pro's Java Runtime Environment (JRE).
Pro: We have updated the underlying Rails version to 6.1 compatible with the latest Metasploit Framework release.
Pro: We have improved detection of underlying dependencies for image generation in Social Engineering reports.
PR 15327 - Fixes a regression issue in the RPC analyze command. Adds automated integration tests to ensure it doesn't break in the future.
PR 15430 - This adds support for SSH pivoting by adding a new Command Shell session type for SSH clients. This also updates both
auxiliary/scanner/ssh/ssh_login
andauxiliary/scanner/ssh/ssh_login_pubkey
modules to include these changes. Note that SSH pivot only supports TCP client connections for outbound payloads (no reverse payloads).PR 15492 - This expands usability for job interactions by enabling job id
-1
to reference the most recently created job.PR 15493 - Updated Metasploit Framework's dependency on Rails from version 5.2 to 6.1
PR 15498 - Updates the PostgreSQL schema_dump module to no longer ignore the default 'postgres' database which may contain useful information, and adds a new datastore option to configure ignored databases.
PR 15523 - This enhances the console output with additional information on why a session may not be compatible with a post module, such as missing Meterpreter commands.
PR 15535 - The
psexec
module has been updated to use theSMBSHARE
option name instead ofSHARE
for better consistency across modules.
Fixed
Pro: We have fixed an issue that prevented manual upload of loot objects for existing hosts.
Pro: We have updated PCI report generation to better handle large datasets.
PR 15500 - Fixes a regression issue for
gitlab_file_read_rce
andcacti_filter_sqli_rce
where the modules failed to runPR 15503 - A bug has been fixed in the Cisco Hyperflex file upload RCE module that prevented it from properly deleting the uploaded payload files. Upload payload files should now be properly deleted.
PR 15524 - This fixes a localization-related issue in the
post/linux/gather/enum_network
module, caused by it searching for language-specific strings in the output to determine success.PR 15534 - Fixes a regression issue in
post/multi/manage/shell_to_meterpreter
where the generated Powershell command length was greater than the limit of 8192 characters after string obfuscation was appliedPR 15536 - The HiveNightmare module has been updated to correctly use the
ITERATIONS
option instead of theNBRE_ITER
option when performing the loop to callcheck_path()
. This fixes an issue where the module would hang while users were running it, and ensures the loop correctly terminates after a set number of iterations.PR 15542 - This fixes a regression with Meterpreter's initialize methods, which caused Meterpreter scripts to be broken.
Modules
PR 15501 - This adds an exploit for CVE-2019-11580 which is an unauthenticated RCE within the Atlassian Crowd application. The vulnerability allows for a malicious JAR file to be loaded, resulting in arbitrary Java code execution within the context of the service.
PR 15519 - A new module has been added to exploit CVE-2021-35449, a privilege escalation issue in a variety of Lexmark drivers including the Universal Print Driver. Successful exploitation allows local attackers to gain
SYSTEM
level code execution.PR 15520 - A new module has been added to exploit CVE-2021-38085, a privilege escalation issue in the Canon TR150 Print Driver. Successful exploitation results in code execution as the
SYSTEM
user.