Improved
PR 16390 - Two new libraries,
Rex::Proto::DNS::CachedResolverandRex::Proto::DNS::Cache, have been added to extends the functionality ofRex::Proto::DNS::Resolverand add the ability for users to cache DNS responses, specify the name server that they would like to use when trying to resolve DNS names, and load and cache existing DNS entries in their hostfile.PR 17857 - This adds T3S support for the
weblogic_deserialize_rawobject,weblogic_deserialize_marshalledobject, andweblogic_deserialize_badattr_extcompexploit modules.PR 17921 - This adds documentation for the module
post/windows/gather/resolve_sid.PR 17941 - Updates the
exploits/linux/misc/zyxel_multiple_devices_zhttp_lan_rcemodule with CVE identifier CVE-2023-28769.PR 17963 - Updates
auxiliary/scanner/nfs/nfsmountto include a references to CVE-1999-0554 - which is related to finding sensitive files on an NFS mount.
Fixed
Pro: We restored the ability to load large Network Topology maps provided the user accepts the possible performance impacts.
PR 17910 - Fixes false positives in the
auxiliary/scanner/couchdb/couchdb_loginmodule which incorrectly reported successful user authentication when connection timeouts occurred.PR 17911 - Updates the setting missing datastore values validation to produce a warning instead of an error. This fixes an edgecase where setting options on
multi/handlerwithout having first set a payload would fail.PR 17912 - Fixes a MinGW issue in the Meterpreter stdapi extension. The stdapi extension was using
free()instead ofFreeMibTable()to free memory allocatedGetIpForwardTable2()which led to a crash when compiled with MinGW.PR 17913 - Fixes a crash when running local exploit suggester against older Windows targets.
PR 17914 - This fixes an issue where paths with trailing backslashes would wait for more input when passed to
directory?()due to the"being escaped in the command testing for the existence of the path.PR 17926 - This fixes an issue with a railgun function definition that caused the
post/windows/gather/resolve_sidmodule to fail on 64-bit system. When the module failed, the session was lost.PR 17944 - A new release of
metasploit-payloadsis out which adds long awaited WOW64 support for hashdump, fixes an issue with building payloads using MingGW, and adds memory read/write abilities to Windows version of Python Meterpreter.PR 17947 - Updates
exploits/osx/local/feedback_assistant_root.rbto no longer assume that OSX version nil/zero is vulnerable - which may occur when running against non-OSX systems.
Modules
PR 17856 - This adds two modules; an RCE exploit for CVE-2023-26360 (Adobe ColdFusion) and an auxiliary gather module for the same vulnerability that can be leveraged to read arbitrary files. ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier are affected.
PR 17895 - This adds a scanner that pulls user and config information from Joomla installations that permit access to endpoints containing sensitive information. This affects versions
4.0.0through4.2.7inclusive.PR 17915 - A new module has been added in for CVE-2022-24716, an unauthenticated arbitrary file read in Icinga Web 2 versions 2.9.0 to 2.9.5 inclusive, and 2.8.0 to 2.8.5 inclusive that can be used to leak sensitive configuration information from a target server.