Release Notes

Improved

• PR 16413 - Updates the multi/recon/local_exploit_suggester with multiple enhancements, including the ability to correctly work with Java/Python Meterpreters as well as generating a readable table of results.

• PR 16435 - This adds support for Microsoft SQL Server to the SQL injection library. Additionally, this updates the auxiliary/gather/billquick_txtid_sqli module to leverage the new library features for exploitation.

• PR 16481 - This updates the Msf::Exploit::Remote::SMB::Server::Share mixin to use RubySMB, which now supports SMB versions 1-3, along with various other features like accounting, state logging, session tracking, support for multiple files etc. All existing modules that were using this mixin will now automatically benefit from these improvements. They will work against modern versions of Windows where SMBv1 has been disabled.

• PR 16492 - Improves the nfs_mount scanner module by detecting if a NFS network share is mountable or not based on the provided IP address and hostname.

• PR 16518 - This merges the Metasploit framework wiki into the Metasploit framework.

• PR 16600 - This updates the docs site to use migrated wiki files.

• PR 16610 - Updates the module windows/dcerpc/cve_2021_1675_printnightmare from being an auxiliary that would require the user to setup and configure an external Samba share to instead host the payload in an all-inclusive exploit. This means users can deliver their payloads in a seamless fashion without needing to deal with Samba.

• PR 16620 - Adds a standalone tool for creating a read-only SMB 2/3 server from the current working directory. Usage: ruby ./tools/smb_file_server.rb. Normal SMB clients can then connect to this share and download files as normal. For instance, via Windows with copy \\192.168.123.1\home\example.exe . or net use \\192.168.123.1\home /u:WORKGROUP\metasploit password.

• PR 16622 - This bumps the version of Metasploit framework to 6.2.0, signifying another backwards compatible milestone for bundling together multiple new modules, features, improvements, and bug fixes over the past months.

Fixed

• Pro: We adjusted encoding of task logs included in an activity report to only include UTF-8 compatible characters.

• PR 16619 - This fixes a bug in neighbor advertisement filtering as used by the auxiliary/scanner/discover/ipv6_neighbor module. Prior to this patch, the module would fail to map IPv4 to IPv6 addresses.

• PR 16621 - Fixes a bug where running multi/manage/shell_to_meterpreter to upgrade from a Python Meterpreter session to a Native Meterpreter session would kill the original Meterpreter session.

• PR 16640 - A bug has been fixed where the Net::LDAP library would fail due to the socket returning less data than was requested. This was addressed by introducing a custom read() method to appropriately handle cases where the socket may return less data than was expected.

Modules

• PR 16488 - This updates the exploit/windows/local/vss_persistence and post/windows/manage/persistence_exe modules to optionally obfuscate scheduled tasks. Additionally, the post/windows/manage/persistence_exe was updated with a new "TASK" startup technique that allows users to obtain persistence via a scheduled task.

• PR 16611 - Adds an exploit module that leverages CVE-2022-26352, an arbitrary file upload vulnerability in dotCMS versions before 22.03, 5.3.8.10, 21.06.7, and allows an attacker to execute arbitrary code remotely in the context of the user running the application. The module uploads a .jsp payload to the tomcat ROOT directory and accesses it to trigger its execution.

Offline Update

• https://updates.metasploit.com/packages/f7dca0a3bdcb7e3cfc4e67d74048f80d344f4e6c.bin

Metasploit Framework and Pro Installers

• https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version