Improved
PR 16061 - The
wordpress_scannermodule has been updated to support enumerating WordPress users using thewp-jsonAPI.PR 16076 - This change adds the meterpreter session type to the post/osx/gather/hashdump, hiding a warning when the module is run with a meterpreter session.
PR 16117 - This makes some Log4Shell updates. It refactors the scanner to reduce duplicate code, and fixes a couple of minor bugs.
PR 16161 - This updates the user agent strings for HTTP payloads to use the latest user agent strings for Chrome, Edge and Firefox on Windows and MacOS, as well as iPad.
PR 16170 - This change fixes the native_arch functionality on Java and ensures the native architecture is shown when running
meterpreter > sysinfoon Java.PR 16173 - This adds additional
--no-readlineand--readlineoptions to msfconsole for configuring the use of Readline support.PR 16181 - This adds a resource script for extracting the Meterpreter commands from currently open sessions.
PR 16192 - The session notifier has been updated to support new session notifications via WeChat using the ServerJang API and servers.
PR 16195 - The
hp_dataprotector_cmd_exec.rbmodule has been updated to support x64 payloads. This fixes a bug whereby x64 payloads were not supported as theArchvalue was not set, leading it to default to x86 payloads only.PR 16200 - This updates post/windows/enum_chrome to support decrypting stored passwords for Chrome versions greater than 80.
Fixed
Pro: We improved the Social Engineering Campaign Findings workflow to better detect when
Report Generationis available.PR 16093 - A number of broken URL references have been fixed in Metasploit modules. Additionally, the
tools/modules/module_reference.rbcode has been updated to log redirects so that they can be appropriately triaged later and to support saving results to a CSV file. Finally, several modules had their code adjusted to conform to RuboCop standards.PR 16174 - This change fixes the mode specification on File.read required for Ruby 3 on multiple modules.
PR 16175 - This change fixes the loadpath command summary to display the module types in alphabetical order.
PR 16177 - This change fixes the post(test/search) meterpreter tests on OSX.
PR 16184 - This fixes a crash when running msfconsole on a Windows host in conjunction with the
sessions -ucommand.PR 16194 - This fixes a crash when using Metasploit's psexec module with the Command target.
PR 16197 - This fixes an edge case when reading files on Windows, and fixes Ruby 3 crashes when reading files.
PR 16215 - This updates payloads version to 2.0.75, taking in the changes landed in https://github.com/rapid7/metasploit-payloads/pull/542 and fixes a bug in Windows Meterpreter
getsystemcommand where a failed attempt to elevate can result in a partially-broken session.
Modules
PR 16087 - A new module has been added which exploitsCVE-2020-5724, a blind SQL injection in GrandStream UCM62xx IP PBX devices prior to firmware version 1.20.22 to dump usernames and passwords from the
userstable as an unauthenticated attacker. Successfully gathered credentials will be stored in Metasploit's credential database for use in further attacks.PR 16150 - This exploits a path traversal vulnerability in Nagios XI versions below
5.8.5to achieve authenticated code execution as thewww-datauser.PR 16156 - This adds a new module
auxiliary/gather/microweber_lfiwhich targets Microweber CMS v1.2.10 for allows arbitrary file reads.PR 16159 - This module exploits a vulnerability in Ignition before 2.5.2, as used in Laravel and other products, which allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents().
PR 16164 - This adds an exploit for CVE-2021-42321 which is an authenticated RCE in Microsoft Exchange. The vulnerability is related to a misconfigured deny-list that fails to properly prevent malicious serialized objects from being loaded, leading to code execution.