Improved

• Pro: We have updated Metasploit Pro to use the latest version of Log4j. While we do not believe Metasploit Pro was vulnerable to the Log4Shell exploit, we have proactively upgraded to the latest library version to mitigate any other potential vulnerabilities.

• PR 15842  - Several libraries within the lib folder have now been updated to declare Meterpreter compatibility requirements, which will allow users to more easily determine when they are using a library that the current session does not support.

• PR 15888  - This adds anonymized database statistics to msfconsole’s debug command, which is used to help developers track down database issues as part of user generated error reports.

• PR 15905  - Updates the post processing of db_import to only call normalize_os on hosts that are new or have been updated during the import.

• PR 15908  - Updates the save command with additional flags,-d for deleting saved state, -l for loading saved state, and -r for reloading the default module options.

• PR 15929  - This adds nine new Windows 2003 SP2 targets that the exploit/windows/smb/ms08_067_netapi module can exploit.

• PR 15936  - The wordlists for Tomcat Manager have been updated with new default usernames and passwords that can be used by various scanner and exploit modules when trying to find and exploit Tomcat Manager installations with default usernames and/or passwords.

• PR 15944  - Adds long form option names to the sessions command, for example sessions --upgrade 1

• PR 15965  - Adds a TCP URI scheme for setting RHOSTS, which allows a user to specify the username, password, and port if it’s specified as a string such as tcp://user:a b c@example.com which would translate into the username user, password a b c, and host example.com on the default port used by the module in question.

Fixed

• Pro: We have corrected the next scheduled occurrence when suspend is removed from existing schedule for a task chain.

• PR 15779  - The code of lib/msf/core/auxiliary/report.rb has been improved to fix an error where the report_vuln() would crash if vuln wasnil prior to calling framework.db.report_vuln_attempt(). This has been fixed by checking the value of vuln and raising a ValidationError if it is set to nil.

• PR 15808  - This fixes a compatibility issue with Powershell read_file on Windows Server 2012 by using the old style Powershell syntax (New-Object).

• PR 15939  - This fixes a bug where the meterpreter dir/ls function would show the creation date instead of the modified date for the directory contents.

• PR 15945  - This change fixes the meterpreter > ls command, in the case where one of the files or folders within the listed folder was inaccessible.

• PR 15952  - This adds a fix for the creds -d command which crashed on some NTLM hashes.

• PR 15957  - A bug, that existed where a value was not correctly checked to ensure it was not nil prior to being used when saving credentials with Kiwi, has been fixed by adding improved error checking and handling.

• PR 15963  - A bug that prevented users using Go 1.17 from being able to run Go modules within Metasploit has been fixed. Additionally, the boot process has been altered so that messages about modules not loading are now logged to disk so users will not be confused about errors in modules they don’t plan on using.

Modules

• PR 15742  - This adds an exploit for CVE-2021-40444 which is a vulnerability that affects Microsoft Word. Successful exploitation results in code execution in the context of the user running Microsoft Word.

• PR 15953  - This adds an exploit for CVE-2021-24917, which is an information disclosure bug in WPS Hide Login WordPress plugin before 1.9.1. This vulnerability allows unauthenticated users to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php. Additionally, several WordPress modules were updated to more descriptively report which plugin they found as being vulnerable on a given target.

• PR 15958  - This module performs a generic scan of a given target for the Log4Shell vulnerability by injecting it into a series of header fields as well as the URI path.

Offline Update

• https://updates.metasploit.com/packages/a5b16e791e4d25ff3d48c58f420430924ffb3ac8.bin 

Metasploit Framework and Pro Installers

• https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version