New
- Pro: We added a new overview card that is displayed when a project has pending scheduled task chains.
Improved
PR 17989 - The
auxiliary/admin/kerberos/inspect_ticketandauxiliary/admin/kerberos/forge_ticketmodules have been updated to visually represent the decoded binary values of the Kerberos ticket fields.PR 18021 - The Powershell Post API methods use a mix of Powershell and .NET methods which have different ways of keeping track of the current working directory. This changes fixes the ambiguity by synchronizing the current working directory referenced by each set of methods.
PR 18031 - Updates edit and log commands to explain how to set LocalEditorand LocalPager so users can adjust the editor that is used when running the edit command or the log file that is used for logging module runtime information.
Fixed
Pro: We fixes an issue with deleting credentials from a workspace.
PR 18009 - This PR updates the
msfdbcommands to no longer enable the web services as default. The web service will now be enabled with the web service flag:--msf-data-service <NAME>.PR 18010 - Fix edgecase crash when running smb_login with Kerberos auth activated.
PR 18015 - Deletes a dead link from the Using Metasploit page.
PR 18019 - Fixes validation for the
to_handlercommand when running Evasion and Payload modules.PR 18024 - This PR fixes an issue with credentials being normalized to lowercase inconsistently, causing collisions with uppercase data. Relevant credentials are now automatically normalized to lowercase on insert and lookup.
PR 18026 - A bug has been fixed in test modules where not all modules were manipulating the load path to require the
module_testlibrary correctly, resulting on them being dependent on other modules correctly setting the load path, which may not always occur.PR 18030 - A missing
returnstatement was added intolib/msf/core/exploit/cmd_stager/http.rbto fix a Ruby syntax error when attempting to handle a 404 not found case.PR 18032 - A bug has been fixed in the
cmd/braceencoder where it did not appropriately escape braces.PR 18036 - A typo has been fixed in the
ibm_sametime_enumerate_users.rbgather module that prevented exceptions that were raised from being appropriately caught.PR 18052 - The
test/modules/post/test/file.rbmodule previously did not work on Windows sessions due to it reading data from a Linux only file to determine what data to write for the binary file write operation. This has since been fixed so that the binary data is randomly generated vs being based off an OS specific file.
Modules
PR 17430 - This adds the ability for Metasploit to establish sessions to EC2 instances using Amazon's SSM interface. The result is an interactive shell that does not require the user to transfer a payload to the EC2 instance. For Windows targets, the shell is a a PTY enabled Powershell session that is incompatible with Post modules but supports user interaction.
PR 17899 - This adds a scanner module that leverages an authorization bypass in Dolibarr version 16, prior to 16.0.5. This module dumps the contact database to retrieve customer file, prospects, suppliers and employee information. No authentication is needed for this exploit.
PR 17929 - This adds an exploit for CVE-2023-22809, an LPE within sudoedit. The exploit currently only supports Ubuntu 22.04 and 22.10.
PR 17965 - This adds an auxiliary module that can create, read, update, and delete certificate template objects from Active Directory.
PR 18003 - This adds a scanner module that gather a specific file by leveraging a directory traversal vulnerability in TP-LINK Archer c7 routers. This vulnerability is identified as CVE-2015-3035.
PR 18004 - This PR adds an auxiliary for DOSing a VSFTPD server from version 2.3.2 and below.
PR 18025 - This PR adds a version scanner for Apache NiFi.
PR 18028 - A new scanner module has been added to scan for valid logins for Apache NiFi servers.