Metasploit Pro Recent Releases / Sep 16, 2024

Sep 16, 20244.22.4-2024091601

Improved

  • Pro: Updates Metasploit Pro's bruteforce capabilities to now support LDAP login scanning.

  • Pro: We upgraded the version of Nmap to version 7.95. On Windows systems, this upgrade also replaces the WinPcap dependency with Npcap. Users that are connecting to a Windows environment to perform their Metasploit Pro updates or installs (either via RDP, SSH, or similar) might have their connections to the server temporarily disconnect during this update - this is required to support the latest network scanning capabilities in Metasploit Pro.

  • Pro: Metasploit's error reporting diagnostics have been improved on Windows environments.

  • PR 19368 - This adjusts the exploit/multi/http/geoserver_unauth_rce_cve_2024_36401 to dynamically pull and test the feature_type list to establish an RCE. This will make the module more robust towards installations with different feature_type configurations.

  • PR 19409 - This adds additional fingerprinting checks to the existing post/linux/gather/checkvm module to more accurately identify VMs.

  • PR 19415 - Changes the output of the ldap_esc_vulnerable_cert_finder to be more useful, including display changes favoring useful templates and including an explanation of why a template may be vulnerable.

Payload Enhancements

  • PR 19435 - Adds a new php/minify encoder which minifies PHP payloads by removing spaces after keywords and before block openings. It removes comments, empty lines, new lines and leading and trailing spaces.

Fixed

  • Pro: Fixes an issue that caused project descriptions with special characters to be rendered incorrectly on the home page.

  • Pro: Fixes an issue in the bruteforce capabilities screen that stopped payload settings from being applied.

  • Pro: Fixes an issue when attempting to delete a workspace.

  • Pro: Fixes an issue when attempting to configure Sonar when Pro is running as part of an air-gapped installation.

  • PR 19376 - This fixes the php/base64 encoder which was previously generating php payloads that were failing when being being run due to the way single quotes were being inserted into the payload.

  • PR 19381 - This fixes the gitlab_login scanner so that it uses the proper datastore options Username and Password which are the standard for login scanners. Before this fix the scanner was using HttpUsername and HttpPassword and ignoring the datastore options Username and Password.

  • PR 19411 - Fixes a crash in Metasploit's RPC layer when calling module.results when a nil module result was present.

  • PR 19421 - This updates the windows/fileformat/adobe_pdf_embedded_exe exploit to define that it's compatible with both ARCH_X86 and ARCH_X64 payloads due to it just generating an EXE.

  • PR 19438 - Fixes an error in the ldap_login module if login was successful.

Modules

  • PR 19363 - This adds two exploit modules and one auxiliary module for ray. The two exploit modules allow to remotely execute arbitrary commands on the targeted system through command injection. The auxiliary module allows to read files on the remote system through a local file inclusion vulnerability.

  • PR 19380 - Adds an auxiliary module targeting CVE-2023-6329, an improper access control vulnerability, which allows an unauthenticated user to compute valid credentials and to add a new administrative user to the web interface of Control iD iDSecure <= v4.7.43.0.

  • PR 19386 - Adds an exploit targeting CVE-2024-7593, an improper access control vulnerability in Ivanti Virtual Traffic Manager (vTM). It allows an unauthenticated remote attacker to add a new administrative user to the web interface of the product before 22.7R2.

  • PR 19393 - Adds a patch bypass for CVE-2024-32113 (the original vulnerability this exploited). The patch released in 18.12.14 disallows the Path Traversal vulnerability to be exploited however it was later disclosed that the vulnerable endpoint was accessible all along, without the need for the Path Traversal. And so CVE-2024-38856 was issued as a Incorrect Authorization which was patched in 18.12.15.

  • PR 19395 - Adds a post module to gather passwords and saved session information stored in the Electerm program.

  • PR 19422 - Adds a new module targeting all versions of pgAdmin up to 8.4 which leverages a Remote Code Execution (RCE) CVE-2024-3116 flaw through the validate binary path API.

  • PR 19424 - Adds a new module exploits/multi/http/wp_givewp_rce which targets CVE-2024-5932 - a critical RCE vulnerability in the WordPress GiveWP plugin (up to version 3.14.1).

Offline Update

Metasploit Framework and Pro Installers