Improved
PR 18122 - This adds a library that provides methods for working with Apache RocketMQ.
PR 18144 - Updates the capture plugin to be more helpful, and adds additional documentation. This passive capture plugin can be used with
load capture
and run withcaptureg --help
.PR 18147 - Adds support for Ruby 3.3.0-preview1.
PR 18153 - Removes Ruby 2.7 from Metasploit's automated test suite. Ruby 2.7 has been officially marked as end of life by the maintainers. Users are recommended to upgrade to Ruby 3.x with a Ruby version manager or similar.
Fixed
Pro: We fixed a regression related to display of
Disclosed Vulnerabilities
for a host when generating reference links.Pro: We fixed a issue related to weak SSL ciphers when running a web scan.
PR 18152 - This PR fixes a bug where the PHP Meterpreter would show the incorrect file size for very large files.
PR 18166 - Fixes a crash when running the
show payloads
command for a module that supports encrypted payloads on a machine that doesn't have a Mingw compiler available.
Modules
PR 17861 - This module exploits a vulnerability in pfSense version 2.6.0 and below which allows for authenticated users to execute arbitrary operating systems commands as root.
PR 18082 - This adds an exploit module that leverages an RCE in Apache RocketMQ. Due to an access control issue, one can update the Broker's configuration file without authentication and obtain remote code execution in the context of the user running Apache RocketMQ. This vulnerability is identified as CVE-2023-33246.
PR 18164 - This module exploits an auth by-pass vulnerability in the WooCommerce WordPress plugin. By sending a speciality crafted request to the plugin an attacker can by-pass authentication and then use the WordPress API to create an admin user in WordPress.
PR 18170 - Adds a new module for SmarterMail Build 6985 - dotNET Deserialization Remote Code Execution (CVE-2019-7214). The vulnerability affects SmarterTools SmarterMail Version less than or equal to 16.3.6989.16341 (all legacy versions without a build number), or SmarterTools SmarterMail Build less than 6985.