Release Notes

Improved

• Pro: We have updated Metasploit Pro to use the latest version of Log4j.

• PR 15831 - Established SSH connections can now leverage the pivoting capabilities of the SshCommandShellBind session type.

• PR 15882 - This update prevents exploits from running a payload when the exploit drops files onto the target, and the payload doesn’t have the capability to clean those dropped files up. If users choose to bypass this protection they can override the setting by specifying set AllowNoCleanup true.

Fixed

• PR 15984 - This fixes a bug in the snmp library which caused it to ignore version 1, despite specifically set options.

• PR 16003 - This fixes an issue with GitHub actions where the Ruby 3.1.0 version string is not yet being parsed correctly leading to automation failures.

Modules

• PR 15961 - This adds the initial implementation of an LDAP server implemented in Rex and updates the existing log4shell scanner module to use it. It also provides a new example module.

Offline Update

• https://updates.metasploit.com/packages/0a6e6a3ff386bdbf787d97da6be81988410b64cd.bin

Metasploit Framework and Pro Installers

• https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version