Improved
Pro: Updates the Quick Pentest functionality to now detect Redis instances that can be accessed without authentication.
Pro: Add service network information to diagnostics extraction scripts.
Pro: Adds additional debug details to show what parameters were used to trigger a Quick Pentest.
Pro: Routine update of the 7zip library.
Pro: Improve validation messages for backup restoration.
Pro: Updates the bruteforce capabilities of Metasploit Pro to now support detecting and bruteforcing TeamCity targets.
Pro: The Metasploit Pro installer will no longer generate an error message when attempting to install Metasploit Pro on a machine with a pre-existing version of npcap.
Pro: Routine update of the OpenSSL library.
PR 19643 - This updates the
DOMAINaction of theauxiliary/gather/windows_secrets_dumpmodule to allow individual users or groups to be targeted.PR 19651 - This updates the
smb_versionmodule to detect the host OS version when SMB 1 is disabled.PR 19678 - This adds a new LDAP query to enumerate computer accounts that were created with the "pre-Windows 2000 computer" option. These accounts may have weak passwords that can be brute-forced.
Fixed
Pro: Fixes a crash when trying to update the current user's password.
Pro: Removed noisy logs when non-Ruby modules were loaded.
PR 19624 - This fixes a bug that would occur when generating CSRs for AD CS with OpenSSL 3.4.0. The bug was related to an attribute in the request that can no longer be explicitly set.
PR 19658 - Updates the
auxiliary/admin/kerberos/get_ticketmodule to work on Windows environments.
Modules
PR 19531 - Adds a new exploit module targeting ProjectSend versions r1335 through r1605. The module exploits an improper authorization vulnerability, allowing unauthenticated RCE by manipulating the application's configuration settings.
PR 19582 - Adds an auxiliary module which exploits a Sensitive information disclosure due to improper authentication vulnerability in Acronis Cyber Protect 15 before build 29486 and Acronis Cyber Backup 12.5 before build 16545.
PR 19584 - This adds an exploit module for a Judge0 sandbox escape which exploits CVE-2024-28185, CVE-2024-28189 and allows for unauthenticated RCE. Judge0 version 1.13.0 and prior are vulnerable.
PR 19593 - This adds an exploit module for, CVE-2023-28324, an unauthenticated RCE in Ivanti's EPM where a .NET remoting client can invoke a method that results in an OS command being executed in the context of NT AUTHORITY\SYSTEM. This vulnerability is present in versions prior to EPM 2021.1 Su4 and EPM 2022 Su2. Included with this exploit module is a substantial amount of code to fill in the gaps of the existing .NET (de)serialization capabilities to enable the method to be invoked.
PR 19601 - Adds a new bruteforce
scanner/teamcity/teamcity_loginlogin scanner module that targets the JetBrains TeamCity service.PR 19630 - This adds an exploit for CUPS where a remote attacker can advertise a malicious printing service that when used will execute a command on the printing client.
PR 19640 - This adds an exploit module that leverages CVE-2024-39205 which is an unauthenticated RCE in Pyload.
PR 19654 - Adds a new
auxiliary/scanner/http/strapi_3_password_resetwhich lets you reset the admin's password on Strapi CMS 3.0.0 Beta 17.4 and before by leveraging CVE-2019-18818.