Improved
PR 15441 - This change extends the meterpreter search functionality by adding the ability to search by modified dates across all supported meterpreter platforms. This allows a user to quickly find recently modified files on that target system, or files within a specific date range.
PR 15594 - This adds options to the
wordpress_scanner
which enables the user to only scan for wordpress themes or plugins that metasploit has modules for.PR 15630 - This adds the option DB_SKIP_EXISTING to the AuthBrute mixin to give users the option to skip credentials already in the database when preforming brute force attacks.
PR 15669 - Updates the
multi/manage/screenshare
module to use the Espia screenshot capabilities if present, and to gracefully fallback to using the normal screenshot behavior if it fails to load as expected.PR 15721 - Support has been added to Metasploit for negotiating SSL connections over multiple connections types including Meterpreter and SSH. As a result, users can now make HTTPS requests over pivoted sessions. Previously, if users tried to make such connections, they would be sent via plaintext instead of being SSL encrypted.
PR 15722 - The
rerun
command has been enhanced to support tab completion.PR 15726 - This adds the MeterpreterTryToFork option to the Mettle payloads. When set, it translates to Mettle's :background option. When :persist is not configured MeterpreterTryToFork will attempt to fork the stage into the background.
PR 15735 - This fixes a Rails 6 deprecation warning when a user ran
db_disconnect
in msfconsole.PR 15740 - Several improvements have been made to the Ghostcat module and its associated documentation to ensure its documentation is more descriptive and to align the module with recent standards changes that the team has made.
PR 15750 - This improves Ruby 3.0.2 support on Windows.
Fixed
Pro: We restored the capability to upload reusable files for social engineering campaigns.
Pro: We restored functionality related to Social Engineering campaign tracking.
Pro: We have update Metasploit-Framework to properly respect workspace boundaries for credential imports.
PR 15703 - Updates
payload/windows/x64/encrypted_shell/reverse_tcp
to no longer crash on MacOS. Additionally adds an advanced option,ShowCompileCMD
, that prints the compilation command used.PR 15720 - This PR fixes a bug where the rhost value was incorrectly passed to the underlying scanning script, resulting in an abnormal exit.
PR 15729 - This fixes a bug in the PrintNightmare check method where if an RPC function returns a value that can't be mapped to a Win32 error code, the module would crash.
PR 15730 - The
check
method for the Gitea Git hooks RCE module has been updated to correctly handle older versions of Gitea and report their exploitability as unknown vs reporting the target as not running Gitea.PR 15737 - A bug has been fixed whereby
action
wasn't correctly being set when using the action name as a command.action
should now hold the right value when using the action name as a command.PR 15745 - A bug has been fixed in
tools/dev/msftidy.rb
whereby if theNotes
section was placed before theReferences
section, thenmsftidy
would end up not checking the References section and would therefore state the module didn't have a CVE reference, even when it did.
Modules
PR 15200 - This pull request adds 29 post-exploitation modules based on a common mixin known as PackRat. PackRat gathers file and information artifacts from end users’ systems.
PR 15677 - The
auxiliary/admin/http/netgear_pnpx_getsharefolderlist_auth_bypass
module exploits an authentication bypass in various Netgear router models running firmware versions prior to1.2.0.88
,1.0.1.80
,1.1.0.110
, and1.1.0.84
. The module leverages the vulnerability to log in as the admin user and then achieves atelnet
session as theroot
user through theauxiliary/scanner/telnet/telnet_login
module.PR 15698 - The PR adds a module for CVE-2021-22555, a 15 years old heap out-of-bounds write vulnerability in Linux Netfilter.
PR 15707 - This adds a new
ecu_hard_reset
hardware module which performs a hard reset in the ECU Reset Service Identifier (0x11).PR 15739 - This adds a new
post/hardware/automotive/diagnostic_state
module which will keep the vehicle in a diagnostic state.PR 15747 - This adds an exploit for CVE-2021-22005 which is an unauthenticated RCE within the VMWare vCenter appliance.