Improved
PR 19125 - Updates mssql platform/arch fingerprinting to be more resilient.
PR 19127 - This implements LDAP signing and encryption for both NTLM and Kerberos.
PR 19132 - Add channel binding information to Metasploit's NTLM and Kerberos authentication for the LDAP protocol. This enables users to authenticate to domain controllers where the hardened security configuration setting is in place.
PR 19158 - Updates multiple login modules to support the
PASSWORD_SPRAY
datastore option.
Fixed
Pro: Fixes filtering hosts by tags from within the hosts analysis page.
Pro: Fixes an issue that stopped users from pushing exceptions and validations to Nexpose.
Pro: Fixes an issue which caused Metasploit Pro's backup scripts to fail.
PR 19002 - Fixed persistent jobs not working when rebooting MSF console.
PR 19156 - Fixes a bug with the
PASSWORD_SPRAY
support for login scanners were the defaultusername
datastore option was not being tried.PR 19163 - Updates the
modules/auxiliary/scanner/smb/smb_version
module to support a user-definedRPORT
. Previously the module was hard-coded to test port 139 and 445.PR 19170 - Fixes the
smb_lookupsid
module hanging withSTATUS_PENDING
when running against Samba targets.PR 19183 - Fix Windows platform detection bug when running on a UCRT compiled environment.
PR 19186 - Fixes a bug were the
show advanced
command could show normal options.
Modules
PR 18519 - This adds a local exploit that allows Metasploit to escape container environments in which the
SYS_MODULE
capability is present.PR 18907 - Adds a new
auxiliary/scanner/mssql/mssql_version
module for fingerprinting Microsoft SQL Server targets.PR 19050 - This adds an auxiliary module to exploit an Arbitrary File Read Vulnerability in Adobe ColdFusion versions prior to '2023 Update 6' and prior to '2021 Update 12'.
PR 19071 - Add module for CVE-2024-31819 which exploits an LFI in AVideo which uses PHP Filter Chaining to turn the LFI into unauthenticated RCE.
PR 19100 - This adds a privilege escalation exploit module for LoadMaster that abuses the configuration of the
sudo
command combined with weak file system permissions. There is no CVE for this vulnerability.PR 19104 - Adds an exploit for HAOS v5.0.8, which contains a remote command execution vulnerability which can be triggered through one of three routes: credentials, JWT token from an agent, an agent executable can be provided and the JWT token can be extracted.
PR 19115 - This adds a module to read and write the security descriptor of Windows registry keys.
PR 19147 - This adds an exploit module that leverages an unauthenticated server-side template injection vulnerability in CrushFTP versions prior to 10.7.1 and prior to 11.1.0 (as well as legacy 9.x versions) to read any files on the server file system as root.
PR 19165 - This adds a module leveraging Packrat to gather credentials against Halloy IRC.
PR 19166 - This adds a gather module leveraging Packrat targeting Quassel IRC client.
PR 19169 - This adds a gather module leveraging Packrat targeting Adi IRC client.
PR 19171 - This adds a gather module leveraging Packrat targeting Sylpheed Email client.
PR 19173 - This adds a gather module leveraging Packrat targeting CarotDAV FTP client.