Improved
PR 17796 - This adds reporting to the database for the AWS EC2 enumeration module.
PR 17901 - This adds additional Payload module metadata to Metasploit's JSON module cache to improve msfconsole's bootup time.
PR 17959 - The login scanner modules have been updated to catch any exceptions that may be raised when testing a credential. Additionally the SNMP scanner and PostgreSQL scanners have been updated to catch additional errors that may be thrown when testing credentials.
PR 18114 - This updates the
post/windows/manage/execute_dotnet_assemblymodule to allow it to run the .NET assembly within the current process. The module can now also read the output from all injection techniques.PR 18133 - This improves the
execute_dotnet_assemblymodule's ability to correctly identify the signature of the main method. Users no longer need to know and specify it themselves.
Fixed
PR 18065 - This updates the
jenkins_gathermodule to work with newer version of Jenkins.PR 18121 - This adds a proper ASN.1 parser using RASN1 for the x509 SubjectAltName field.
PR 18139 - A intermittent segfault issue when running the
getuidcommand within a Windows Python Meterpreter has been fixed.PR 18146 - This fixes an intermittent issue with Windows Meterpreter which caused 'Access Denied' errors when Meterpreter attempted to get or set the clipboard data when either the user or another application was also manipulating the clipboard.
Modules
- PR 18134 - This PR adds a module which exploits CVE-2023-25194, an unauthenticated deserialization vulnerability which leads to RCE in Apache Druid.