Rapid 7 - Metasploit Weekly Wrap-Up

The tide rolls in and out.

Metasploit Weekly Wrap-Up

The flood of new modules last week crested leaving ample time for documentation updates this week. The team and the community seem to have focused on getting those sweet sprinkles of information that help everyone understand Metasploit out to the world.

Enhancements and features (1)

  • #17458 from steve-embling - Updates the exploit/multi/misc/weblogic_deserialize_badattrval module to enable support for SSL/TLS.

Bugs fixed (4)

  • #17778 from adfoster-r7 - Updates the Metasploit database migration code to no longer break the test suite when running locally.
  • #17823 from bcoles - This fixes an issue in the check method where targets with files containing no PHP code were falsely reported as safe.
  • #17835 from bcoles - Fixes a bug in auxiliary/admin/networking/cisco_dcnm_auth_bypass where the bypass_auth method would break if a user supplied a TARGETURI path without a trailing /.
  • #17844 from SubcomandanteMeowcos - Fixes broken documentation references in the secretsdump, zemra_panel_rce, and windows/gather/credentials/skype modules.

Documentation added (6)

  • #17836 from jheysel-r7 - Documents the usage of session.platform in the How to get started with writing a post-module documentation.
  • #17837 from cdelafuente-r7 - Updates the 'How to write a check method' page to include using the Msf::Exploit::Remote::AutoCheck mixin, which will automatically run a check method against a target before attempting to exploit it.
  • #17838 from zeroSteiner - Updates the How to use railgun for windows post exploitation documentation with the latest conventions for using Meterpreter's Railgun when wanting to interact with Windows APIs on a remote target.
  • #17840 from jheysel-r7 - Updates the 'Get started writing an Exploit' example documentation to describe the usage of Stability/Reliability/SideEffects metadata when writing modules.
  • #17841 from jheysel-r7 - Documents the latest labels that can be assigned to pull requests.
  • #17842 from bwatters-r7 - Updates the How to use command stagers documentation with additional examples and clearer descriptions.

You can always find more documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).



from Rapid7 Blog https://blog.rapid7.com/2023/04/07/metasploit-weekly-wrap-up-5/

Comments

Popular posts from this blog

Krebs - NY Charges First American Financial for Massive Data Leak

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"