Metasploit Recent Releases / Aug 16, 2021

Aug 16, 20214.20.0-2021081601

Improved

  • Pro: We updated Pro's Java Runtime Environment (JRE).

  • Pro: We have updated the underlying Rails version to 6.1 compatible with the latest Metasploit Framework release.

  • Pro: We have improved detection of underlying dependencies for image generation in Social Engineering reports.

  • PR 15327 - Fixes a regression issue in the RPC analyze command. Adds automated integration tests to ensure it doesn't break in the future.

  • PR 15430 - This adds support for SSH pivoting by adding a new Command Shell session type for SSH clients. This also updates both auxiliary/scanner/ssh/ssh_login and auxiliary/scanner/ssh/ssh_login_pubkey modules to include these changes. Note that SSH pivot only supports TCP client connections for outbound payloads (no reverse payloads).

  • PR 15492 - This expands usability for job interactions by enabling job id -1 to reference the most recently created job.

  • PR 15493 - Updated Metasploit Framework's dependency on Rails from version 5.2 to 6.1

  • PR 15498 - Updates the PostgreSQL schema_dump module to no longer ignore the default 'postgres' database which may contain useful information, and adds a new datastore option to configure ignored databases.

  • PR 15523 - This enhances the console output with additional information on why a session may not be compatible with a post module, such as missing Meterpreter commands.

  • PR 15535 - The psexec module has been updated to use the SMBSHARE option name instead of SHARE for better consistency across modules.

Fixed

  • Pro: We have fixed an issue that prevented manual upload of loot objects for existing hosts.

  • Pro: We have updated PCI report generation to better handle large datasets.

  • PR 15500 - Fixes a regression issue for gitlab_file_read_rce and cacti_filter_sqli_rce where the modules failed to run

  • PR 15503 - A bug has been fixed in the Cisco Hyperflex file upload RCE module that prevented it from properly deleting the uploaded payload files. Upload payload files should now be properly deleted.

  • PR 15524 - This fixes a localization-related issue in the post/linux/gather/enum_network module, caused by it searching for language-specific strings in the output to determine success.

  • PR 15534 - Fixes a regression issue in post/multi/manage/shell_to_meterpreter where the generated Powershell command length was greater than the limit of 8192 characters after string obfuscation was applied

  • PR 15536 - The HiveNightmare module has been updated to correctly use the ITERATIONS option instead of the NBRE_ITER option when performing the loop to call check_path(). This fixes an issue where the module would hang while users were running it, and ensures the loop correctly terminates after a set number of iterations.

  • PR 15542 - This fixes a regression with Meterpreter's initialize methods, which caused Meterpreter scripts to be broken.

Modules

  • PR 15501 - This adds an exploit for CVE-2019-11580 which is an unauthenticated RCE within the Atlassian Crowd application. The vulnerability allows for a malicious JAR file to be loaded, resulting in arbitrary Java code execution within the context of the service.

  • PR 15519 - A new module has been added to exploit CVE-2021-35449, a privilege escalation issue in a variety of Lexmark drivers including the Universal Print Driver. Successful exploitation allows local attackers to gain SYSTEM level code execution.

  • PR 15520 - A new module has been added to exploit CVE-2021-38085, a privilege escalation issue in the Canon TR150 Print Driver. Successful exploitation results in code execution as the SYSTEM user.

Offline Update

Metasploit Framework and Pro Installers