New

• Pro: We have exposed additional metadata on the module configuration page to enable users to better understand context and impacts of running each module.

Improved

• PR 16737  - This removes the code duplication in the MSSQL client mixins and refactor the code into a single main mixin.

• PR 16754  - Adds additional offsets for various Windows 2000 Professional targets in the ms02_065_msadc module. Also adds documentation and notes.

• PR 16761  - Adds additional offsets for various Windows 2000 targets, replaces raw socket TCP with HttpClient, fixes default payload, adds docs and notes.

• PR 16774  - The set command has been updated so that if an invalid datastore option is provided, a suggestion will be made for a valid datastore option, where possible. Additionally, the behavior has been changed so that one can no longer set a datastore value that is not valid within the given content.

• PR 16776  - Adds a ftp-http command stager for FTP clients which support http(s) URLs via set cmdstager::flavor ftp_http.

• PR 16778  - The checkvm script at ./scripts/meterpreter/checkvm.rb has been removed as post/windows/gather/checkvm.rb now replaces it. Additionally, the post/windows/gather/checkvm.rb script has been updated to include missing features from ./scripts/meterpreter/checkvm.rb to ensure backwards compatibility.

• PR 16789  - This adds OpenSSL version information to the report generated by the debug command.

• PR 16792  - This improves support for various OpenSSL 3 related errors during console start.

• PR 16798  - The deprecated scripts/meterpreter/pml_driver_config.rb script has been removed from Metasploit since Metasploit scripts have been deprecated for over 5 years now. Please use exploit/windows/local/service_permissions instead which contains a more modern implementation of the same principal this exploit utilized.

• PR 16801  - The deprecated scripts/meterpreter/schelevator.rb script has been removed in favor of exploit/windows/local/ms10_092_schelevator. Scripts were deprecated over 5 years ago and should no longer be used.

• PR 16823  - The deprecated scripts/meterpreter/prefetchtool.rb script has been removed and replaced with the post/windows/gather/enum_prefetch.rb post module.

• PR 16830  - Removed the deprecated scripts/meterpreter/getvncpw.rb script in favor of the post/windows/gather/credentials/vnc post module which is more modern and has more features.

• PR 16831  - Removed the deprecated scripts/meterpreter/get_env.rb script in favor of the post/multi/gather/env post module.

Fixed

• Pro: We fixed an issue in update packaging that resulted in reports failing to generate.

• PR 16094  - A bug has been fixed in the pg_ctl.rb helper whereby it was possible that initializing and starting databases using msfdb init might fail due to the pg_ctl.rb helper not properly setting unix_socket_directories to a path that a non-root user can write to. This code has now been updated so that it will set the unix_socket_directories setting to a path that the current user can write to or will error out if it cannot find a writeable directory to use for the socket file.

• PR 16668  - A bug has been fixed in the HTTP crawler module and its associated library whereby the code expected an object to be populated when it may not be. This has been fixed with additional validation.

• PR 16743  - Fixes a crash when using the scanner/mssql/mssql_login with the tdsencryption and USE_WINDOWS_AUTHENT options set to true.

• PR 16753  - This PR fixes several bugs present in the ms03_007_ntdll_webdav module, including shifting from Meterpreter to shell payloads, better checking, and added targets as well as adding documentation.

• PR 16810  - The host command has been updated to fix a bug whereby the -t flag was not properly accepting the <tag> parameter that it was supposed to accept and process. Additionally, the documentation for this option has been updated to be clearer.

• PR 16817  - Several modules and libraries were previously calling Msf::Config.get_config_root which did not properly account for changes to the configuration path that the user might make. These calls have now been replaced with calls to Msf::Config.config_directory which will appropriately take the user’s configuration settings into account.

• PR 16819  - A bug has been fixed whereby running the hosts command with the -c flag to filter by columns would result in a stack trace. The command now correctly returns the output with only the columns specified to the -c flag.

• PR 16824  - A bug has been fixed in the is_admin? and is_system? post exploitation methods, which previously incorrectly reported the user as always being an administrator and a system user respectively when run on shell sessions.

• PR 16835  - A regression has been fixed that prevented the set and setg commands from properly recognizing and therefore setting some valid options. This affected both modules and global settings.

Modules

• PR 16598  - This adds a generic module to perform LDAP queries. Users can execute custom queries either through configuration files on disk, or through a combination of datastore options. The module also includes multiple built-in queries for common operations.

Offline Update

• https://updates.metasploit.com/packages/29b9cf12e1b698c6464770a35c870532530a8e92.bin 

Metasploit Framework and Pro Installers

• https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version