Improved

Nov 10, 2021
4.20.0-2021111001

We corrected a scheduling issue and updated Metasploit Framework.

PR 15665 - This adds additional metadata to exploit modules to specify Meterpreter command requirements. Metadata information is used to add a descriptive warning when running modules with a Meterpreter implementation that doesn’t support the required command functionality.
PR 15681 - This adds support for reverse port forwarding via established SSH sessions.
PR 15778 - This adds documentation for the http trace scanner.
PR 15782 - This updates the iis_internal_ip module to include coverage for the PROPFIND internal IP address disclosure as described by CVE-2002-0422.
PR 15788 - When a generated Powershell command payload exceeds the maximum length allowed to successfully execute, it will now gracefully fall back to omitting an AMSI bypass.
PR 15803 - This adds f5_bigip_virtual_server scanner documentation.

Fixed

Pro: Scheduled tasks will now report accurate next start times for different user timezones.
PR 15799 - This fixes a crash in the iis_internal_ip module.
PR 15805 - This bumps the metasploit-payloads version to include two bug fixes for the Python Meterpreter.

Modules

PR 15558 - This adds a post module that allows the user to view the Meterpreter sessions filesystem via a locally hosted web page.
PR 15754 - This adds a scanner and exploit module for the two recent path traversal vulnerabilities in the apache2 HTTP server. The RCE module requires mod_cgi to be enabled and can be exploited remotely without any authentication. These vulnerabilities are identified as CVE-2021-41773 and CVE-2021-42013.
PR 15756 - This adds a module that leverages CVE-2021-31806 and CVE-2021-31807 to trigger a denial of service condition in vulnerable Squid proxy servers.
PR 15761 - This exploits an authentication bypass which leads to arbitrary code execution in versions3.7.1.4 and below of the Wordpress plugin, pie-register. Supplying a valid admin ID to the user_id_social_site parameter in a POST request returns a valid session cookie. Using that session cookie a PHP payload is uploaded as a plugin then requested, resulting in code execution.
PR 15765 - This adds an auxiliary module that leverages an information disclosure vulnerability in the BulletproofSecurity plugin for Wordpress. This vulnerability is identified as CVE-2021-39327. The module retrieves a publicly accessible backup file and extracts user credentials from the database backup.
PR 15783 - This adds an exploit for CVE-2020-25223. CVE-2020-25223 is an unauthenticated RCE within the Sophos UTM WebAdmin service. Exploitation of CVE-2020-25223 results in OS command execution as the root user.
PR 15800 - This adds a remote exploit for Microsoft OMI “OMIGOD” CVE-2021-38647.
PR 15816 - This adds an exploit for an unauthenticated remote command injection in GitLab via a separate vulnerability within ExifTool. These vulnerabilities are identified as CVE-2021-22204 and CVE-2021-22205.

Offline Update

https://updates.metasploit.com/packages/2fcf32a3a8e80907a7281674cf639b6e258732fb.bin

Metasploit Framework and Pro Installers

https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version