Improved
Pro: Improved errors on web terminal view when a session is disconnected.
PR 17401 - This PR adds a new x86 XOR polymorphic encoder.
PR 17583 - Enhances msfconsole's
info -dcommand, which is used to generate browser Metasploit module documentation, to additionally include references to AttackerKB.
Fixed
Pro: We improved import of credential files with NTLMHash values to ensure modules will identify entires in the expected format.
PR 17735 - Fixes a few incorrect parameter names in the generated developer documentation found at https://docs.metasploit.com/api/.
PR 17747 - Updates the wmap plugin to no longer crash when running
wmap_targets -t http://metasploit.com.PR 17783 - An update has been made to the
reload_libcommand so that it continues to reload files even if a single file fails to load.PR 17784 - Reduces the amount of files loaded when msfconsole start up. This was a performance regression introduced by a recent Rails upgrade.
PR 17792 - Fix external module crash for when running the auxiliary/scanner/wproxy/att_open_proxy module.
PR 17794 - Update external modules to support python3.11.
PR 17798 - The
debug --datastorecommand was previously causing a stacktrace due to some incorrect operations. These have since been fixed so that users can now usedebug --datastoreto output debug information along with the datastore information.PR 17802 - Updates Python pingback payloads such as
payload/python/pingback_reverse_tcpto no longer crash when viewing info or generating.
Modules
PR 17388 - This PR adds a new exploit module for a buffer overflow in roughly 45 different Zyxel router and VPN models.
PR 17462 - This adds a post module that collects and decrypts credentials from WhatsUp Gold installs.
PR 17509 - This PR adds an exploit that targets a vulnerability in RedHat based systems where improper file permissions are applied to
/usr/lib/tmpfiles.d/tomcat.conffor Apache Tomcat versions before 7.0.54-8.PR 17750 - A new exploit has been added for CVE-2022-39952, a vulnerability in FortiNAC's
keyUpload.jsppage which allows for arbitrary file write as an unauthenticated user. Successful exploitation results in unauthenticated RCE in the context of therootuser, giving full control over the target device.PR 17754 - This adds an exploit module for CVE-2022-24637, a single/double quote confusion vulnerability in Open Web Analytics versions below 1.7.4. This leads to the disclosure of sensitive information in an automatically generated PHP cache file, which can be leveraged to gain admin privileges and remote code execution.
PR 17771 - This adds a module that exploits an unauthenticated file upload vulnerability in various versions of Monitorr. RCE as the user under which the software runs can be achieved due to insufficient validation on GIF uploads.
PR 17775 - This adds an exploit module for CVE-2022-43781, an authenticated command injection vulnerability in various versions of Bitbucket. Arbitrary command execution is done by injecting specific environment variables into a user name and coercing Bitbucket application into generating a diff. This module requires at least admin credentials.