Metasploit Pro Recent Releases / May 23, 2024

May 23, 20244.22.2-2024052301

Improved

  • PR 19125 - Updates mssql platform/arch fingerprinting to be more resilient.

  • PR 19127 - This implements LDAP signing and encryption for both NTLM and Kerberos.

  • PR 19132 - Add channel binding information to Metasploit's NTLM and Kerberos authentication for the LDAP protocol. This enables users to authenticate to domain controllers where the hardened security configuration setting is in place.

  • PR 19158 - Updates multiple login modules to support the PASSWORD_SPRAY datastore option.

Fixed

  • Pro: Fixes filtering hosts by tags from within the hosts analysis page.

  • Pro: Fixes an issue that stopped users from pushing exceptions and validations to Nexpose.

  • Pro: Fixes an issue which caused Metasploit Pro's backup scripts to fail.

  • PR 19002 - Fixed persistent jobs not working when rebooting MSF console.

  • PR 19156 - Fixes a bug with the PASSWORD_SPRAY support for login scanners were the default username datastore option was not being tried.

  • PR 19163 - Updates the modules/auxiliary/scanner/smb/smb_version module to support a user-defined RPORT. Previously the module was hard-coded to test port 139 and 445.

  • PR 19170 - Fixes the smb_lookupsid module hanging with STATUS_PENDING when running against Samba targets.

  • PR 19183 - Fix Windows platform detection bug when running on a UCRT compiled environment.

  • PR 19186 - Fixes a bug were the show advanced command could show normal options.

Modules

  • PR 18519 - This adds a local exploit that allows Metasploit to escape container environments in which the SYS_MODULE capability is present.

  • PR 18907 - Adds a new auxiliary/scanner/mssql/mssql_version module for fingerprinting Microsoft SQL Server targets.

  • PR 19050 - This adds an auxiliary module to exploit an Arbitrary File Read Vulnerability in Adobe ColdFusion versions prior to '2023 Update 6' and prior to '2021 Update 12'.

  • PR 19071 - Add module for CVE-2024-31819 which exploits an LFI in AVideo which uses PHP Filter Chaining to turn the LFI into unauthenticated RCE.

  • PR 19100 - This adds a privilege escalation exploit module for LoadMaster that abuses the configuration of the sudo command combined with weak file system permissions. There is no CVE for this vulnerability.

  • PR 19104 - Adds an exploit for HAOS v5.0.8, which contains a remote command execution vulnerability which can be triggered through one of three routes: credentials, JWT token from an agent, an agent executable can be provided and the JWT token can be extracted.

  • PR 19115 - This adds a module to read and write the security descriptor of Windows registry keys.

  • PR 19147 - This adds an exploit module that leverages an unauthenticated server-side template injection vulnerability in CrushFTP versions prior to 10.7.1 and prior to 11.1.0 (as well as legacy 9.x versions) to read any files on the server file system as root.

  • PR 19165 - This adds a module leveraging Packrat to gather credentials against Halloy IRC.

  • PR 19166 - This adds a gather module leveraging Packrat targeting Quassel IRC client.

  • PR 19169 - This adds a gather module leveraging Packrat targeting Adi IRC client.

  • PR 19171 - This adds a gather module leveraging Packrat targeting Sylpheed Email client.

  • PR 19173 - This adds a gather module leveraging Packrat targeting CarotDAV FTP client.

Offline Update

Metasploit Framework and Pro Installers