Improved
Pro: Adds additional diagnostic logs support on Windows environments.
Pro: Updates Ruby library version to 3.1.6 as part of a routine security update.
Pro: Improves the performance running Bruteforce capabilities with large credential lists.
Fixed
Pro: Fixes an issue with the create user script that caused invalid passwords to be generated.
Pro: Fixes an issue when creating backups that would cause the application to hang indefinitely.
Pro: Fixes an issue that stopped Metasploit Pro on Windows from starting successfully.
Pro: Fixes a graphical defect when viewing the credential reuse page with lower screen resolutions.
PR 19355 - Fixes an issue where Meterpreter sessions would fail to migrate when
MeterpreterDebugBuildis enabled.
Modules
PR 19298 - This adds a new module that leverages a vulnerability in OpenMediaVault versions starting from 1.0 until the recent release 7.4.2-2. This vulnerability (CVE-2013-3632) allows an authenticated user to create cron jobs as root on the system and achieve remote code execution.
PR 19331 - This update the
linux/http/empire_skywalkerexploit module to add a new technique that leverages a path traversal vulnerability in BC Security Empire versions before 5.9.3 (CVE-2024-6127). An attacker can achieve unauthenticated remote code execution over HTTP by acting as a normal agent. It is still possible to use this module with older versions fromProjectEmpire/Empireby setting a specific datastore option.PR 19337 - This adds an exploit module for CVE-2023-28384, a command injection vulnerability in MySCADA MyPRO versions before and including 2.28 allowing the execution of arbitrary commands as
NT AUTHORITY\SYSTEM.PR 19344 - This updates the
windows/http/forticlient_ems_fctid_sqliexploit module to gain code execution on FortiClient EMS FCTID for the affected version within the range 7.2.x.PR 19347 - This module chains two vulnerabilities that exist in the OpenMetadata application. The first vulnerability, CVE-2024-28255, bypasses the API authentication using JWT tokens. It misuses the JwtFilter that checks the path of url endpoint against a list of excluded endpoints that does not require authentication. By chaining this vulnerability with CVE-2024-28254, that allows for arbitrary SpEL injection at endpoint.
PR 19348 - Adds an Apache HugeGraph Server exploit for GHSA-29rc-vq7f-x335, which is a Remote Code Execution (RCE) vulnerability that exists in Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve RCE through Gremlin, resulting in complete control over the server.
PR 19357 - Adds a module targeting CVE-2024-6782, an unauthenticated Python code injection vulnerability in the Content Server component of Calibre v6.9.0 - v7.14.0. Once enabled (disabled by default), it will listen in its default configuration on all network interfaces on TCP port 8080 for incoming traffic. The injected payload will get executed in the same context under which Calibre is being executed.
PR 19370 - This adds an exploit module for CVE-2023-40504, a command injection vulnerability in LG Simple Editor application allowing the execution of arbitrary commands as
NT AUTHORITY\SYSTEM.