Rapid 7 - Metasploit Wrap-up

Enhancements and features (2)

  • #18548 from zeroSteiner - Updates the admin/http/tomcat_ghostcat module to follow newer library conventions.
  • #18552 from adfoster-r7 - Adds support for Ruby 3.3.0-preview3.

Bugs fixed (5)

  • #18448 from HynekPetrak - Fixes and updates the auxiliary/admin/ldap/vmware_vcenter_vmdir_auth_bypass module to use renamed NEW_USERNAME and NEW_PASSWORD options.
  • #18538 from adfoster-r7 - Fixes an intermittent stream closed in another thread crash when booting msfconsole.
  • #18547 from adfoster-r7 - This fixes an issue in the platform detection used by the SSH login modules that was causing certain Windows environments to be incorrectly fingerprinted.
  • #18558 from zeroSteiner - Fixes a crash in the post/windows/gather/enum_chrome module which can be used to decrypt passwords stored by the user in Chrome.
  • #18564 from zeroSteiner - Fixes a module crash when running the auxiliary/server/capture/http module.

Documentation

Metasploit Wrap-up

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).



from Rapid7 Cybersecurity Blog https://blog.rapid7.com/2023/11/23/metasploit-wrapup-74/

Comments

Post a Comment

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Image
Eric Howes , KnowBe4 Principal Lab Researcher, found out about another insidious bad guy trick: " If you work in IT there has undoubtedly come a dark moment when you wondered to yourself just who among your employee users would be gullible enough to click through a phishing email and potentially bring down your organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/when-users-add-their-names-to-a-wall-of-shame
Read more

The Hacker News - ⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More

Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update, one misused account, or one hidden tool in the wrong hands can be enough to open the door. The news this week shows how attackers are mixing methods—combining stolen access, unpatched software, and clever tricks to move from small entry points to large from The Hacker News https://thehackernews.com/2025/09/weekly-recap-whatsapp-0-day-docker-bug.html
Read more

Krebs - U.S. Army Soldier Arrested in AT&T, Verizon Extortions

Image
Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m , a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon . As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea. One of several selfies on the Facebook page of Cameron Wagenius. Cameron John Wagenius , 20, was arrested near the Army base in Fort Hood, Texas on Dec. 20, after being indicted on two criminal counts of unlawful transfer of confidential phone records. The sparse, two-page indictment (PDF) doesn’t reference specific victims or hacking activity, nor does it include any personal details about the accused. But a conversation with Wagenius’ mother — Minnesota native Alicia Roen — filled in the gaps. Roen said that prior to her son’s arrest he’d acknowledged being associated with Connor Riley Moucka ...
Read more