Improved
Pro: We updated dependencies in reporting to maintain a strong security posture.
PR 16716 - This updates HTTP Command stagers to expose the CMDSTAGER::URIPATH option so users can choose where to host the payload when using a command stager.
PR 16735 - This change sets the MeterpreterTryToFork advanced payload option to true by default for the Linux target in the aerohive_netconfig_lfi_log_poison_rce module to prevent the application from hanging once exploited.
PR 16764 - Adds two new HTTP client evasion options to msfconsole
HTTP::shuffle_get_params, andHTTP::shuffle_post_params.
Fixed
PR 16617 - This fixes a race condition that was present in the
ipv6_neighbormodule that would cause hosts to be missed when the scanned range was very short due to an adaptive timeout with an insufficient floor value.PR 16703 - This fixes compatibility issues with the Censys V2 API and the censys_search.rb module.
PR 16704 - This fixes an issue when targeting some faulty
memcachedservers that return an error when extracting the keys and values stored inslabs. The module no longer errors out with a type conversion error.PR 16718 - This fixes the run_as library and module to work correctly on 64-bit systems.
PR 16724 - This updates and fixes the
exploit/windows/iis/ms01_026_dbldecodemodule. It now uses the standard HttpClient, the TFTP stager has been fixed, and Meterpreter specific code has been removed since Meterpreter is not available on Server 2000 systems since Metasploit v6.PR 16727 - Modules that use the
tftpcommand stager fail due to a missingtftphostoption. This ensures that thetftphosthost is set and valid before proceeding with creating the command stager.PR 16731 - Fixes a logic bug in the process API that would cause additional permissions to be requested than what was intended.
PR 16736 - This change fixes a bug in the confluence_widget_connector exploit module to prevent it from crashing when the HTTP response body received in the get_java_property method is empty or does not match expected regex.
PR 16771 - Fixes a crash when loading msfconsole with OpenSSL 3, which is now the default for Ubuntu 2022.
Modules
PR 16723 - This adds an auxiliary scanner module that bruteforces the FreeSwitch's event socket service login interface to guess the password.
PR 16733 - This adds a scanner module that implements the dfscoerce technique. Though this technique leverages MS-DFSNM methods, this module works similarly to PetitPotam because it coerces authentication attempts to other machines over SMB. The module's ability to coerce authentication attempts makes it particularly useful in NTLM relay attacks.
PR 16742 - This auxiliary module allows users to decrypt secrets in Citrix NetScaler appliance configuration files.
PR 16744 - This module exploits a Java deserialization vulnerability in JBOSS EAP/AS Remoting Unified Invoker interface for versions 6.1.0 and prior.
PR 16762 - This module leverages an unauthenticated RCE in Sourcegraph's gitserver component which results in OS command execution in the context of gitserver.