Skip to Content
Release NotesMetasploitIndex

Oct 10, 2022

We improved statistics reported for social engineering campaigns and updated to the latest Metasploit Framework version.

Improved

  • PR 16981 - This PR fixes several bugs as well as style and documentation inconsistencies as well as implementing new library methods.

  • PR 16995 - This PR adds a new extension for the C (x86/x64) Meterpreter payload. The extension is called bofloader and can be used to execute COFF files (also known as Beacon Object Files) in the context of the Meterpreter session. It currently adds only one command, bof_cmd to Meterpreter.

  • PR 17048 - This PR Updates the enum_token module by adding documentation, clarifying the description, improving efficiency, and leveraging library code.

  • PR 17086 - This PR bumps metasploit-payloads to a level that allows support for COFF loading per https://github.com/rapid7/metasploit-framework/pull/16995.

  • PR 17108 - Updates the azure_ad_login auxiliary module to check for disabled accounts.

Fixed

Pro: We improved accuracy and consistency of statistics reported for social engineering campaigns.

  • PR 16994 - Fixes multiple issues with registry manipulation on opened sessions.

  • PR 17054 - Fixes a crash when using the info and generate commands for adapted single (unstaged) payloads - such as cmd/windows/powershell/meterpreter/reverse_tcp.

  • PR 17072 - This PR fixes a regression discovered when session interaction hangs because a file slated for cleanup is in use, so the framework side times out, but the shell side does not. The fix also includes more robust handling for shell tokens in all types of shells.

  • PR 17073 - Fixes a bug where sessions opened by running one of the rexec_login / rlogin_login / rsh_login modules would die after module completion.

  • PR 17078 - This PR updates the deprecated report_auth_info method calls in the modules/auxiliary/scanner/rservices/ modules to now make use of create_credential instead.

  • PR 17091 - Fixes module metadata for stability and reliability for several modules.

Modules

  • PR 16673 - Adds an exploit that targets an authenticated arbitrary file upload vulnerability to gain code execution onqdPM 9.1 and lower.

  • PR 16794 - This is a local-privilege escalation exploit targeting CVE-2022-34918, a vulnerability in the Netfilter component of the Linux kernel.

  • PR 16933 - This PR adds a post exploitation module that exports and decrypts Thycotic Secret Server credentials.

  • PR 16985 - A new module has been added for CVE-2022-3218, an unpatched (at the time of publication) authentication bypass in WiFi Mouse (Mouse Server) from Necta LLC which can be used to gain RCE as the user running Wifi Mouse (Mouse Server).

  • PR 17006 - This PR adds a post module leveraging the existing PackRat library to pull credentials from RedisDesktopManager installations.

  • PR 17009 - This module will determine if MobaXterm is installed on the target system and, if it is, it will try to dump all saved session information from the target. The passwords for these saved sessions will then be decrypted where possible.

  • PR 17012 - This module exploits a chain of the vulnerabilities CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878 in Veritas Backup Exec Agent which leads to remote code execution with privileges of system or root user.

  • PR 17033 - A new module has been added in for CVE-2017-7921, an improper authentication logic bug in HikVision cameras. Successfully exploiting this vulnerability allows unauthenticated attackers to impersonate any valid user on the affected camera, which can be used to gain full control over the camera.

  • PR 17061 - This PR includes a module that uses default configuration in Unified Remote to spawn a run prompt and return a shell.

  • PR 17067 - This module utilizes the Remote Mouse Server by Emote Interactive protocol to deploy a payload and run it from the server, achieving unauthenticated code execution as the user running the server.

  • PR 17093 - This PR adds a local privilege escalation module. It exploits a cmd injection vulnerability in the window manager, Enlightenment, on Ubuntu.

  • PR 17099 - This PR adds a new authenticated exploit module against 3 versions of Elementor, a plugin for Wordpress. Any user account can use this exploit, it was rated a 9.9 CVSS score and was assigned: CVE-2022-1329.

Offline Update

Metasploit Framework and Pro Installers