Improved
PR 16390 - Two new libraries,
Rex::Proto::DNS::CachedResolver
andRex::Proto::DNS::Cache
, have been added to extends the functionality ofRex::Proto::DNS::Resolver
and add the ability for users to cache DNS responses, specify the name server that they would like to use when trying to resolve DNS names, and load and cache existing DNS entries in their hostfile.PR 17857 - This adds T3S support for the
weblogic_deserialize_rawobject
,weblogic_deserialize_marshalledobject
, andweblogic_deserialize_badattr_extcomp
exploit modules.PR 17921 - This adds documentation for the module
post/windows/gather/resolve_sid
.PR 17941 - Updates the
exploits/linux/misc/zyxel_multiple_devices_zhttp_lan_rce
module with CVE identifier CVE-2023-28769.PR 17963 - Updates
auxiliary/scanner/nfs/nfsmount
to include a references to CVE-1999-0554 - which is related to finding sensitive files on an NFS mount.
Fixed
Pro: We restored the ability to load large Network Topology maps provided the user accepts the possible performance impacts.
PR 17910 - Fixes false positives in the
auxiliary/scanner/couchdb/couchdb_login
module which incorrectly reported successful user authentication when connection timeouts occurred.PR 17911 - Updates the setting missing datastore values validation to produce a warning instead of an error. This fixes an edgecase where setting options on
multi/handler
without having first set a payload would fail.PR 17912 - Fixes a MinGW issue in the Meterpreter stdapi extension. The stdapi extension was using
free()
instead ofFreeMibTable()
to free memory allocatedGetIpForwardTable2()
which led to a crash when compiled with MinGW.PR 17913 - Fixes a crash when running local exploit suggester against older Windows targets.
PR 17914 - This fixes an issue where paths with trailing backslashes would wait for more input when passed to
directory?()
due to the"
being escaped in the command testing for the existence of the path.PR 17926 - This fixes an issue with a railgun function definition that caused the
post/windows/gather/resolve_sid
module to fail on 64-bit system. When the module failed, the session was lost.PR 17944 - A new release of
metasploit-payloads
is out which adds long awaited WOW64 support for hashdump, fixes an issue with building payloads using MingGW, and adds memory read/write abilities to Windows version of Python Meterpreter.PR 17947 - Updates
exploits/osx/local/feedback_assistant_root.rb
to no longer assume that OSX version nil/zero is vulnerable - which may occur when running against non-OSX systems.
Modules
PR 17856 - This adds two modules; an RCE exploit for CVE-2023-26360 (Adobe ColdFusion) and an auxiliary gather module for the same vulnerability that can be leveraged to read arbitrary files. ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier are affected.
PR 17895 - This adds a scanner that pulls user and config information from Joomla installations that permit access to endpoints containing sensitive information. This affects versions
4.0.0
through4.2.7
inclusive.PR 17915 - A new module has been added in for CVE-2022-24716, an unauthenticated arbitrary file read in Icinga Web 2 versions 2.9.0 to 2.9.5 inclusive, and 2.8.0 to 2.8.5 inclusive that can be used to leak sensitive configuration information from a target server.