Improved
- PR 16445 - The Windows Meterpreter payload now supports a
MeterpreterDebugLogging
datastore option for logging debug information to a file. Example usage:
use windows/x64/meterpreter_reverse_tcp
set MeterpreterDebugBuild true
set MeterpreterDebugLogging rpath:C:/test/foo.txt
save
generate -f exe -o shell.exe
to_handler
PR 16462 - This adds support for armle/aarch64 architectures to
gdb_server_exec
.PR 16486 - This adds an initial set of pentesting docs to the Metasploit docs site.
Fixed
PR 16450 - This updates
exploit/multi/vnc/vnc_keyboard_exec
to include a delay to increase reliability in getting a shell and typing out long commands.PR 16509 - This ensures proper escaping of HTML in code blocks that are produced by the
info -d
command.PR 16526 - The version of Meterpreter Payloads has been upgraded to pull in a fix that will ensure that the Kiwi extension can now work properly on Windows 11 hosts and correctly dump credentials vs failing silently as it was doing previously.
PR 16530 - This updates the
pihole_remove_commands_lpe
module to no longer break sessions when running the check method.
Modules
PR 16432 - This adds a module that enumerates all installed AV products on Windows.
PR 16504 - This exploit achieves remote code execution as the
redis
user via a sandbox escape in several Redis versions distributed through Debian-based Linux distributions.PR 16507 - This adds an exploit for CVE-2022-29464 which is an arbitrary file upload vulnerability in multiple WSO2 products that can be used to obtain remote code execution.
PR 16512 - This adds an exploit for CVE-2022-22954 which is an unauthenticated RCE in VMWare Workspace ONE Access.
PR 16514 - This leverages a directory traversal and arbitrary file write in vulnerable versions of ZoneMinder to achieve remote code execution as the
www-data
user.