Apr 11, 20234.22.0-2023041101

Improved

  • Pro: We added a warning to the report configuration view when a project does not contain the required data to generate a selected report.

  • Pro: Improved project members section of settings page.

  • PR 17458 - Updates the exploit/multi/misc/weblogic_deserialize_badattrval module to enable support for SSL/TLS.

  • PR 17724 - Updates the modules/auxiliary/admin/kerberos/forge_ticket.rb module with a new IncludeTicketChecksum option. When set to true the forged PAC will include the PAC_TICKET_CHECKSUM required in newer Windows AD implementations.

  • PR 17753 - Updates the auxiliary/admin/kerberos/get_ticket module to support using forged golden tickets. Users can now provide the Krb5Ccname option to supply the Kerberos TGT to use when requesting the service ticket. If unset, the database will be checked for a valid TGT as normal.

  • PR 17789 - This PR add enhancements to the proftpd_modcopy_exec module. Enhancements include documentation, notes, a reference URL, and a few general code improvements to the check and exploit methods.

  • PR 17813 - This sets the CHECK_FALSE option to true by default so that the auxiliary/scanner/ssh/ssh_enumusers scanner module will bail upon detecting false positive results.

  • PR 17833 - Updates the Metasploit RPC module.info command response to include whether or not the module supports a check method.

Fixed

  • Pro: We improved task chain cloning to support when the original creator's user no longer exists.

  • PR 17704 - Fixes a crash in multi/http/solr_velocity_rce that was discovered when targeting a machine running Apache Solr 8.3.0 on Linux that required authentication.

  • PR 17778 - Updates the Metasploit database migration code to no longer break the test suite when running locally.

  • PR 17808 - Updates multiple broken Secunia references in modules with equivalent links found within Wayback Machine - a digital archive of the world wide web founded by the Internet Archive.

  • PR 17818 - This PR fixes a crash in the RPC job info command.

  • PR 17823 - This fixes an issue in the check method where targets with files containing no PHP code were falsely reported as safe.

  • PR 17825 - Fixes broken documentation references in the exploits/linux/local/zimbra_slapper_priv_esc module.

  • PR 17830 - Fixes a crash when parsing dates in ./tools/modules/committer_count.rb.

  • PR 17831 - Fixes broken documentation references in the exploits/aix/rpc_cmsd_opcode21.rb module.

  • PR 17835 - Fixes a bug in auxiliary/admin/networking/cisco_dcnm_auth_bypass where the bypass_auth method would break if a user supplied a TARGETURI path without a trailing /.

  • PR 17844 - Fixes broken documentation references in the secretsdump, zemra_panel_rce, and windows/gather/credentials/skype modules.

Modules

  • PR 17785 - This adds an exploit for an authenticated .NET deserialization vulnerability that affects the SolarWinds Information Service (SWIS) component within SolarWinds. The SWIS component will deserialize messages received by the AMQP message queue, resulting in command execution as NT AUTHORITY\SYSTEM.

  • PR 17806 - This module exploits an undocumented backdoor vulnerability in the Optergy Proton and Enterprise Building Management System (BMS) applications.

  • PR 17826 - This PR adds an exploit module for CVE-2023-21768 that achieves local privilege escalation on Windows 11 2H22.

  • PR 17827 - This adds a scanner module that extracts version information from AMQP protocol servers.

  • PR 17828 - This adds a login scanner module for AMQP services.

Offline Update

Metasploit Framework and Pro Installers