Improved
PR 16413 - Updates the
multi/recon/local_exploit_suggester
with multiple enhancements, including the ability to correctly work with Java/Python Meterpreters as well as generating a readable table of results.PR 16435 - This adds support for Microsoft SQL Server to the SQL injection library. Additionally, this updates the
auxiliary/gather/billquick_txtid_sqli
module to leverage the new library features for exploitation.PR 16481 - This updates the
Msf::Exploit::Remote::SMB::Server::Share
mixin to use RubySMB, which now supports SMB versions 1-3, along with various other features like accounting, state logging, session tracking, support for multiple files etc. All existing modules that were using this mixin will now automatically benefit from these improvements. They will work against modern versions of Windows where SMBv1 has been disabled.PR 16492 - Improves the
nfs_mount
scanner module by detecting if a NFS network share is mountable or not based on the provided IP address and hostname.PR 16518 - This merges the Metasploit framework wiki into the Metasploit framework.
PR 16600 - This updates the docs site to use migrated wiki files.
PR 16610 - Updates the module
windows/dcerpc/cve_2021_1675_printnightmare
from being an auxiliary that would require the user to setup and configure an external Samba share to instead host the payload in an all-inclusive exploit. This means users can deliver their payloads in a seamless fashion without needing to deal with Samba.PR 16620 - Adds a standalone tool for creating a read-only SMB 2/3 server from the current working directory. Usage:
ruby ./tools/smb_file_server.rb
. Normal SMB clients can then connect to this share and download files as normal. For instance, via Windows withcopy \\192.168.123.1\home\example.exe .
ornet use \\192.168.123.1\home /u:WORKGROUP\metasploit password
.PR 16622 - This bumps the version of Metasploit framework to 6.2.0, signifying another backwards compatible milestone for bundling together multiple new modules, features, improvements, and bug fixes over the past months.
Fixed
Pro: We adjusted encoding of task logs included in an activity report to only include UTF-8 compatible characters.
PR 16619 - This fixes a bug in neighbor advertisement filtering as used by the
auxiliary/scanner/discover/ipv6_neighbor
module. Prior to this patch, the module would fail to map IPv4 to IPv6 addresses.PR 16621 - Fixes a bug where running
multi/manage/shell_to_meterpreter
to upgrade from a Python Meterpreter session to a Native Meterpreter session would kill the original Meterpreter session.PR 16640 - A bug has been fixed where the Net::LDAP library would fail due to the socket returning less data than was requested. This was addressed by introducing a custom
read()
method to appropriately handle cases where the socket may return less data than was expected.
Modules
PR 16488 - This updates the
exploit/windows/local/vss_persistence
andpost/windows/manage/persistence_exe
modules to optionally obfuscate scheduled tasks. Additionally, thepost/windows/manage/persistence_exe
was updated with a new "TASK" startup technique that allows users to obtain persistence via a scheduled task.PR 16611 - Adds an exploit module that leverages CVE-2022-26352, an arbitrary file upload vulnerability in dotCMS versions before 22.03, 5.3.8.10, 21.06.7, and allows an attacker to execute arbitrary code remotely in the context of the user running the application. The module uploads a
.jsp
payload to the tomcat ROOT directory and accesses it to trigger its execution.