Improved
Pro: Updates the bruteforce capabilities of Metasploit Pro to now support bruteforcing Kerberos services.
Pro: Updates Social Engineering Campaign resources to now allow emails to be reused across different resource lists under different names.
Pro: Adds an example script showing how to run Pro's bruteforce capabilities programmatically through Pro's RPC support.
Pro: Adds additional logging details for diagnosing Metasploit Pro engine issues.
Pro: Improves the performance of populating Metasploit Pro's module metadata for its search capabilities. This reduces Metasploit Pro's installer boot time, and reduces the likelihood that the installers crash due to timeouts.
PR 19352 - Adjusts the metadata for the ldap login scanner, adding defaults and adjusting the service and protocol values.
PR 19448 - Adds a number of improvements to
modules/post/multi/manage/screensaver.rb. A new UNLOCK action has been added. When the LOCK action is selected instead of only checking to see ifxdg-screensaver lockexists on the target, the module will check for the presence ofqdbus,dbus-sendandloginctl. Improved error handling when running on Windows or Solaris has also been added.PR 19480 - This updates
exploits/linux/local/service_persistence.rbto work on systems that are running OpenRC. This module will create a service on the box, and mark it for auto-restart.
Fixed
Pro: Updates Metasploit Pro to no longer generate warnings on bootup or when running standalone scripts.
Pro: Fixes a bug in the session file system explorer that caused an infinite redirect.
Pro: Fixes an issue that impacted Windows Server 2022 when creating a backup database.
Pro: Fixes a bug with Windows Server 2022 installs that stopped Metasploit Pro's worker from starting successfully.
Pro: Fixes a visual regression when sorting the vulnerabilities table by port.
Pro: Fixes a bug that impacted Windows Server 2022 hosts from starting correctly.
Pro: Fixes a crash when running Metasploit Pro's
backupconsole script.Pro: Fixes an error when running the diagnostics log extraction on a unix environment not running systemd.
PR 19184 - This updates bundler version and fixes multiple warnings when booting msfconsole.
PR 19439 - This explicitly defines
x86andx64as supported architectures for thebypassuac_comhijackmodule. Prior to this change there were no defined architectures and if you tried to use an x64 based payload the module would fail.PR 19449 - This fixes an issue in the exploit for CVE-2022-0995 where it would crash with an exception while printing a message regarding why it failed.
PR 19491 - Fixes a crash in
lib/msf/core/payload/php.rb.
Modules
PR 19345 - This adds a Windows LPE post module that exploits CVE-2024-30088. Once the exploit is executed through a running
meterpretersession, it will open another one withNT AUTHORITY/SYSTEMprivileges.PR 19416 - This module exploits two vulnerabilities in Traccar v5.1 - v5.12 to obtain remote code execution: A path traversal vulnerability CVE-2024-24809 and an unrestricted file upload vulnerability CVE-2024-31214.
PR 19441 - This adds an exploit module that leverages a flaw in the Linux kernel’s OverlayFS subsystem, which allows unauthorized access to the execution of the setuid file with capabilities (CVE-2023-0386). This enables a local user to escalate their privileges on the system.
PR 19444 - This adds an exploit module for CVE-2024-8517, an unauthenticated RCE able to execute arbitrary PHP code.
PR 19454 - This adds a post module to keep persistence on a Linux target by writing a motd bash script triggered with
rootprivileges every time a user logs into the system throughSSH.PR 19456 - This adds a module to exploit CVE-2024-8504 an authenticated RCE in VICIdial.
PR 19457 - This adds an exploit module for a WordPress Plugin called
LiteSpeed(CVE-2024-44000). On the vulnerable plugin, when theDebug Logsare enabled, is possible to leak authentication cookies of logged in users, the msf module will use the stolen cookies to upload and execute apluginable to spawn ameterpretersession.PR 19463 - This module exploits a default password vulnerability in Acronis Cyber Infrastructure (ACI) which allow an attacker to access the ACI PostgreSQL database and gain administrative access to the ACI Web Portal. This allows for the attacker to upload ssh keys that enables root access to the appliance/server. This attack can be remotely executed over the WAN as long as the PostgreSQL and SSH services are exposed to the outside world.