Improved
Pro: We improved UX of task chains by storing in progress schedule information for a new the task chain.
Pro: We increased reporting of status details on the task chains view. Each chain will now show summary details about any previous run of the chain.
PR 16982 - Updates the Dell iDRAC login scanner to work with version 8 and version 9.
PR 17123 - The
netrcandfetchmailmodules have been updated to include documentation on how to use the modules.PR 17135 - This adds proper namespace to the hash identification library to avoid any potential collision with the constants defined previously.
PR 17140 - The Metasploit Docker image's Alpine version has been bumped from 3.12 to 3.15.
PR 17154 - The process for importing Qualys scan data has been switched over from
REXMLto usingNokigiri::XMLand XPath for improved performance.
Fixed
PR 16987 - Improves
scanner/smb/smb_loginto gracefully handle additional error conditions when connecting to target services.PR 17075 - The windows secrets dump module was failing early for non-administrative users. This fixes the issue so the module now throws warnings where it was previously failing early. Now the module can complete the DOMAIN action whereas before it was failing prior to reaching this point.
PR 17092 - This PR updates the
netlm_downgrademodule, providing documentation, extending it to support more session types, and fixing some bugs that were present which caused false-positive warnings to appear.PR 17157 - Setting the global options to set LHOST for all modules will now be properly respected when loading a module, whereas before only the globally set RHOST option would be respected.
Modules
PR 17032 - A module has been added for CVE-2022-31814, an unauthenticated RCE in the pfSense plugin within pfBlockerNG that allows remote unauthenticated attackers to execute execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. Versions =< 2.1.4_26 are vulnerable. Note that version 3.X is unaffected.
PR 17098 - This adds an auxiliary module that leverages an authentication bypass vulnerability in Hikvision IP cameras (CVE-2017-7921) to disclose information such as detailed hardware and software configuration, user credentials, and camera snapshots.
PR 17114 - This adds a module that exploits a symlink-based path traversal vulnerability in
cpioto get unauthenticated remote code execution as thezimbrauser. This vulnerability is identified as CVE-2022-41352. The module generates a.tarfile that will need to be emailed to any user on the target Zimbra server.PR 17116 - A new module has been added in for CVE-2022-22947, a unauthenticated RCE in Spring Cloud Gateway versions 3.1.0 and 3.0.0 to 3.0.6 when the Gateway Actuator endpoint is enabled, exposed and unsecured. Successful exploitation results in arbitrary code execution as the user running Spring Cloud Gateway.
PR 17141 - This adds a new module to exploit a vulnerable sudo configuration in Zimbra that permits the
zimbrauser to executepostfixas root. In turn,postfixcan execute arbitrary shell scripts and get command execution as the root user. Currently, as of 2022-10-14, all versions of Zimbra are vulnerable.PR 17143 - This PR adds a remote execution exploit module for CVE-2022-4068 affecting some Fortinet products.