Improved
Pro: We expanded the error messages that return when duplicate emails are added to social engineering target lists with conflicting user detail.
PR 15972 - This updates the log4shell scanner with the
LEAK_PARAMS
option, which provides a way to leak more target information such as environment variables.PR 16320 - This updates Windows Meterpreter payloads to support a new
MeterpreterDebugBuild
datastore option. When set to true the generated payload will have additional logging support which is visible via Window's DbgView program.PR 16373 - This adds initial support for ruby 3.1.
PR 16403 - This adds more checks to the
post/windows/gather/checkvm
module to better detect if the current target is a Qemu / KVM virtual machine.
Fixed
PR 16364 - This adds a fix for a crash in
auxiliary/spoof/dns/native_spoofer
as well as documentation for the module.PR 16386 - This Ensures
Exploit::Remote::SocketServer
does not call the associatedRex::ServiceManager
servicewait
method if the service has already stopped.PR 16398 - A number of recent payload adds did not conform to the patterns used for suggesting spec configurations. Tests for these payloads have now been manually added to ensure they will be appropriately tested as part of
rspec
checks.PR 16408 - This fixes an edgecase with the
multi/postgres/postgres_copy_from_program_cmd_exec
module, which would crash when a randomly generated table name started with a number.PR 16419 - A bug has been fixed whereby when using the
search
command and searching bydisclosure_date
, the help menu should instead appear. This has been fixed by improving the date handling logic for thesearch
command.
Modules
PR 16082 - This updates the
shadow_mitm_dispatcher
module by adding a new RubySMB Dispatcher. This allows a better integration with RubySMB and enables the use of all the features provided by its client. Also, both SMBv2 and SMBv3 are now supported.PR 16381 - This adds a post module that enumerates applications installed with Chocolatey on Windows systems.
PR 16382 - This adds an exploit for CVE-2022-26904, which is an LPE vulnerability affecting Windows 7 through Windows 11. Leveraging this vulnerability can allow a local attacker running as a standard user, who has knowledge of another standard user's credentials, to execute code as NT AUTHORITY\SYSTEM. The
PromptOnSecureDesktop
setting must also be set to1
on the affected machine for this exploit to work, which is the default setting.PR 16395 - This achieves unauthenticated remote code execution by executing SpEL (Spring Expression Language) queries against Spring Cloud Function versions prior to
3.1.7
and3.2.3
.PR 16399 - A new module has been added that exploits CVE-2022-28381, a remotely exploitable SEH buffer overflow vulnerability in AllMediaServer version 1.6 and prior. Successful exploitation results in remote code execution as the user running AllMediaServer.
PR 16401 - This change adds support for CVE-2022-22616 to the existing Gatekeeper bypass exploit module which reportedly covers macOS Catalina all the way to MacOS Monterey versions below 12.3. Since this now targets two CVEs, we've introduced a new CVE option to select which CVE to exploit. The default is the most recent CVE.