New
- Pro: We updated the payload generator to support new
Debugenabled payloads provided by Metasploit Framework.
Improved
PR 16377 - The Python and PHP Meterpreter payloads now supports creation of a debug build with the
MeterpreterDebugBuilddatastore option. By default logging will be output to the console the payload was ran in. A newMeterpreterDebugLoggingdatastore option allows writing these log files on the host that ran the payload.PR 16411 - Improves the RPC analyze host functionality to return additional module suggestion metadata such as invalid options, or missing module requirements, etc.
PR 16418 - This adds the boilerplate for adding the debugging Meterpreter sessions wiki page to the docs site.
PR 16437 - This adds ESXi as a recognizable type on ssh_login.
PR 16438 - Some smtp servers only give out credentials when prompted. A module option
AUTHPROMPTnow exists to indicate whether or not the auth prompt is required by the server.PR 16446 - This updates the code to be compatible with the latest RubySMB 3.1 gem.
PR 16451 - This ensures that if
MeterpreterDebugBuildis enabled, that the debug versions of the extensions are also used. Additionally, this allows extensions to output debug messages visible via tools such as dbgview, which can be helpful when debugging payloads or Meterpreter extensions.PR 16458 - The fortios_vpnssl_traversal_creds_leak module has been updated to appropriately attribute the original discovery of the vulnerability and to credit the original blog post and research presentations.
PR 16476 - The
tools/dev/msftidy.rbtool has been updated to recommend using CVE datastore references over the cve.mitre.org URL references since it is more maintainable long-term and will assist with the CVE transitions to cve.org later this year.PR 16477 - This updates several modules to remove hardcoded URL references to the soon to be deprecated cve.mitre.org site, and where applicable, adds in CVE references in place of these hardcoded URL references.
Fixed
Pro: We addressed failures in the worker service that caused reports and backups to terminate prior to task completion.
PR 16221 - This fixes Wordpress support to work with sites where the REST API is not under
/index.php/.PR 16318 - This adds support to old key exchange algorithms in the net/ssh lib by defining the append_all_supported_algorithms as true.
PR 16379 - This refactors a number of modules to use ssh_client_defaults.
PR 16426 - This fixes a crash in OSX Meterpreter's stager caused by mangled
dyldfunctions in MacOS Monterey.PR 16455 - This removed the requirement for
railgunsupport in modules that used thePost::Filemixin, enabling better identification of modules usable against an existing session.PR 16457 - Recent updates in
Rex::Parser::Argumentsregressed support for short flags with multiple characters. This restores functionality by updating the spec checks and library code to appropriately parse multiple character short flags and each individual short flag specified in a combined short flag.PR 16479 - Meterpreter's
reg setvalcommand has been updated to allow setting a REG_BINARY key value to the-doption with an arbitrarily long binary blob. Previously this value would be treated as a string, leading to an incorrect value being set in the registry field.
Modules
- PR 16475 - This adds an exploit for CVE-2022-28810 which is an authenticated RCE in ManageEngine ADSelfService Plus.