Oct 11, 20214.20.0-2021101101

Improved

  • PR 15441 - This change extends the meterpreter search functionality by adding the ability to search by modified dates across all supported meterpreter platforms. This allows a user to quickly find recently modified files on that target system, or files within a specific date range.

  • PR 15594 - This adds options to the wordpress_scanner which enables the user to only scan for wordpress themes or plugins that metasploit has modules for.

  • PR 15630 - This adds the option DB_SKIP_EXISTING to the AuthBrute mixin to give users the option to skip credentials already in the database when preforming brute force attacks.

  • PR 15669 - Updates the multi/manage/screenshare module to use the Espia screenshot capabilities if present, and to gracefully fallback to using the normal screenshot behavior if it fails to load as expected.

  • PR 15721 - Support has been added to Metasploit for negotiating SSL connections over multiple connections types including Meterpreter and SSH. As a result, users can now make HTTPS requests over pivoted sessions. Previously, if users tried to make such connections, they would be sent via plaintext instead of being SSL encrypted.

  • PR 15722 - The rerun command has been enhanced to support tab completion.

  • PR 15726 - This adds the MeterpreterTryToFork option to the Mettle payloads. When set, it translates to Mettle's :background option. When :persist is not configured MeterpreterTryToFork will attempt to fork the stage into the background.

  • PR 15735 - This fixes a Rails 6 deprecation warning when a user ran db_disconnect in msfconsole.

  • PR 15740 - Several improvements have been made to the Ghostcat module and its associated documentation to ensure its documentation is more descriptive and to align the module with recent standards changes that the team has made.

  • PR 15750 - This improves Ruby 3.0.2 support on Windows.

Fixed

  • Pro: We restored the capability to upload reusable files for social engineering campaigns.

  • Pro: We restored functionality related to Social Engineering campaign tracking.

  • Pro: We have update Metasploit-Framework to properly respect workspace boundaries for credential imports.

  • PR 15703 - Updates payload/windows/x64/encrypted_shell/reverse_tcp to no longer crash on MacOS. Additionally adds an advanced option, ShowCompileCMD, that prints the compilation command used.

  • PR 15720 - This PR fixes a bug where the rhost value was incorrectly passed to the underlying scanning script, resulting in an abnormal exit.

  • PR 15729 - This fixes a bug in the PrintNightmare check method where if an RPC function returns a value that can't be mapped to a Win32 error code, the module would crash.

  • PR 15730 - The check method for the Gitea Git hooks RCE module has been updated to correctly handle older versions of Gitea and report their exploitability as unknown vs reporting the target as not running Gitea.

  • PR 15737 - A bug has been fixed whereby action wasn't correctly being set when using the action name as a command. action should now hold the right value when using the action name as a command.

  • PR 15745 - A bug has been fixed in tools/dev/msftidy.rb whereby if the Notes section was placed before the References section, then msftidy would end up not checking the References section and would therefore state the module didn't have a CVE reference, even when it did.

Modules

  • PR 15200 - This pull request adds 29 post-exploitation modules based on a common mixin known as PackRat. PackRat gathers file and information artifacts from end users’ systems.

  • PR 15677 - The auxiliary/admin/http/netgear_pnpx_getsharefolderlist_auth_bypass module exploits an authentication bypass in various Netgear router models running firmware versions prior to 1.2.0.88, 1.0.1.80, 1.1.0.110, and 1.1.0.84. The module leverages the vulnerability to log in as the admin user and then achieves a telnet session as the root user through the auxiliary/scanner/telnet/telnet_login module.

  • PR 15698 - The PR adds a module for CVE-2021-22555, a 15 years old heap out-of-bounds write vulnerability in Linux Netfilter.

  • PR 15707 - This adds a new ecu_hard_reset hardware module which performs a hard reset in the ECU Reset Service Identifier (0x11).

  • PR 15739 - This adds a new post/hardware/automotive/diagnostic_state module which will keep the vehicle in a diagnostic state.

  • PR 15747 - This adds an exploit for CVE-2021-22005 which is an unauthenticated RCE within the VMWare vCenter appliance.

Offline Update

Metasploit Framework and Pro Installers