Skip to Content
Release NotesMetasploitIndex

Jul 15, 2024

We have made multiple improvements to Metasploit's scanning capabilities and the PCI Compliance Report.

Improved

  • Pro: Updates the PCI Compliance Report to version 4.0.1.

  • Pro: Users can now configure HTTP scanner status codes.

  • Pro: Users can now bruteforce Redis servers.

  • Pro: Added the target service information to the bruteforce logging output.

  • PR 19287 - Updates the auxiliary/scanner/redis/redis_login module to support Redis 6.x.

  • PR 19297 - Improves the Redis login brute force functionality to better detect when auth is not required for the target.

Fixed

  • PR 19252 - Improves error logging for unhandled exceptions for login scanners.

  • PR 19259 - This updates Metasploit to check for a new flag that is sent as part of the encryption key negotiation with Meterpreter which indicates if Meterpreter had to use a weak source of entropy to generate the key.

  • PR 19267 - Fixes a crash in the ldap_esc_vulnerable_cert_finder module when targeting an AD CS server that has a certificate template containing parenthesis.

  • PR 19283 - Fixes the auxiliary/scanner/redis/redis_login module to correctly track the registered service name as redis - previously it was blank.

  • PR 19285 - This fixes an issue with the Meterpreter’s sysinfo command that was failing when the current working directory was deleted.

  • PR 19289 - Updates the post/linux/gather/apache_nifi_credentials module to now support extracting nifi.properties values that contain hyphens.

Modules

  • PR 10113 - This post module allows to exfiltrate azure tokens and configurations from old azure-cli versions using unencrypted formats.

  • PR 19188 - This adds an exploit module that leverages a command injection vulnerability in Netis router MW5360 to achieve remote code execution as the user root. All router firmware versions up to V1.0.1.3442 are vulnerable.

  • PR 19204 - This adds an exploit module that leverages multiple vulnerabilities in order to obtain pre-auth command injection on multiple VPN Series Zyxel devices.

  • PR 19205 - This adds a new module that can enumerate accounts on a target Active Directory Domain Controller without authenticating to it by issuing a DCERPC request and analyzing the returned error status.

  • PR 19295 - This module exploits an authentication bypass vulnerability in the MOVEit Transfer SFTP service. The vulnerable versions are MOVEit Transfer 2023.0.x until 2023.0.11; MOVEit Transfer 2023.1.x until 2023.1.6; MOVEit Transfer 2024.0.x until 2024.0.2; allowing to list remote directories and reading files without authentication.

Offline Update

Metasploit Framework and Pro Installers