Improved
Pro: We have updated Metasploit Pro to use the latest version of Log4j. While we do not believe Metasploit Pro was vulnerable to the Log4Shell exploit, we have proactively upgraded to the latest library version to mitigate any other potential vulnerabilities.
PR 15842 - Several libraries within the
lib
folder have now been updated to declare Meterpreter compatibility requirements, which will allow users to more easily determine when they are using a library that the current session does not support.PR 15888 - This adds anonymized database statistics to msfconsole's
debug
command, which is used to help developers track down database issues as part of user generated error reports.PR 15905 - Updates the post processing of db_import to only call
normalize_os
on hosts that are new or have been updated during the import.PR 15908 - Updates the save command with additional flags,
-d
for deleting saved state,-l
for loading saved state, and-r
for reloading the default module options.PR 15929 - This adds nine new Windows 2003 SP2 targets that the
exploit/windows/smb/ms08_067_netapi
module can exploit.PR 15936 - The wordlists for Tomcat Manager have been updated with new default usernames and passwords that can be used by various scanner and exploit modules when trying to find and exploit Tomcat Manager installations with default usernames and/or passwords.
PR 15944 - Adds long form option names to the sessions command, for example
sessions --upgrade 1
PR 15965 - Adds a TCP URI scheme for setting
RHOSTS
, which allows a user to specify the username, password, and port if it's specified as a string such astcp://user:a b c@example.com
which would translate into the usernameuser
, passworda b c
, and hostexample.com
on the default port used by the module in question.
Fixed
Pro: We have corrected the next scheduled occurrence when suspend is removed from existing schedule for a task chain.
PR 15779 - The code of
lib/msf/core/auxiliary/report.rb
has been improved to fix an error where thereport_vuln()
would crash ifvuln
wasnil
prior to callingframework.db.report_vuln_attempt()
. This has been fixed by checking the value ofvuln
and raising a ValidationError if it is set tonil
.PR 15808 - This fixes a compatibility issue with Powershell
read_file
on Windows Server 2012 by using the old style Powershell syntax (New-Object).PR 15939 - This fixes a bug where the meterpreter dir/ls function would show the creation date instead of the modified date for the directory contents.
PR 15945 - This change fixes the meterpreter > ls command, in the case where one of the files or folders within the listed folder was inaccessible.
PR 15952 - This adds a fix for the
creds -d
command which crashed on someNTLM
hashes.PR 15957 - A bug, that existed where a value was not correctly checked to ensure it was not
nil
prior to being used when saving credentials with Kiwi, has been fixed by adding improved error checking and handling.PR 15963 - A bug that prevented users using Go 1.17 from being able to run Go modules within Metasploit has been fixed. Additionally, the boot process has been altered so that messages about modules not loading are now logged to disk so users will not be confused about errors in modules they don’t plan on using.
Modules
PR 15742 - This adds an exploit for CVE-2021-40444 which is a vulnerability that affects Microsoft Word. Successful exploitation results in code execution in the context of the user running Microsoft Word.
PR 15953 - This adds an exploit for CVE-2021-24917, which is an information disclosure bug in WPS Hide Login WordPress plugin before 1.9.1. This vulnerability allows unauthenticated users to get the secret login page by setting a random referer string and making a request to
/wp-admin/options.php
. Additionally, several WordPress modules were updated to more descriptively report which plugin they found as being vulnerable on a given target.PR 15958 - This module performs a generic scan of a given target for the Log4Shell vulnerability by injecting it into a series of header fields as well as the URI path.