Rapid 7 - Metasploit Weekly Wrap-Up
The tide rolls in and out.
The flood of new modules last week crested leaving ample time for documentation updates this week. The team and the community seem to have focused on getting those sweet sprinkles of information that help everyone understand Metasploit out to the world.
Enhancements and features (1)
- #17458 from steve-embling - Updates the
exploit/multi/misc/weblogic_deserialize_badattrval
module to enable support for SSL/TLS.
Bugs fixed (4)
- #17778 from adfoster-r7 - Updates the Metasploit database migration code to no longer break the test suite when running locally.
- #17823 from bcoles - This fixes an issue in the
check
method where targets with files containing no PHP code were falsely reported as safe. - #17835 from bcoles - Fixes a bug in
auxiliary/admin/networking/cisco_dcnm_auth_bypass
where thebypass_auth
method would break if a user supplied aTARGETURI
path without a trailing/
. - #17844 from SubcomandanteMeowcos - Fixes broken documentation references in the
secretsdump
,zemra_panel_rce
, andwindows/gather/credentials/skype
modules.
Documentation added (6)
- #17836 from jheysel-r7 - Documents the usage of
session.platform
in theHow to get started with writing a post-module
documentation. - #17837 from cdelafuente-r7 - Updates the 'How to write a check method' page to include using the
Msf::Exploit::Remote::AutoCheck
mixin, which will automatically run a check method against a target before attempting to exploit it. - #17838 from zeroSteiner - Updates the
How to use railgun for windows post exploitation
documentation with the latest conventions for using Meterpreter's Railgun when wanting to interact with Windows APIs on a remote target. - #17840 from jheysel-r7 - Updates the 'Get started writing an Exploit' example documentation to describe the usage of Stability/Reliability/SideEffects metadata when writing modules.
- #17841 from jheysel-r7 - Documents the latest labels that can be assigned to pull requests.
- #17842 from bwatters-r7 - Updates the
How to use command stagers
documentation with additional examples and clearer descriptions.
You can always find more documentation on our docsite at docs.metasploit.com.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).
from Rapid7 Blog https://blog.rapid7.com/2023/04/07/metasploit-weekly-wrap-up-5/
Comments
Post a Comment