Skip to content

Instantly share code, notes, and snippets.

@claudijd
Last active April 15, 2017 04:26
Show Gist options
  • Save claudijd/00483bdefb58b6dc1490b53e87727596 to your computer and use it in GitHub Desktop.
Save claudijd/00483bdefb58b6dc1490b53e87727596 to your computer and use it in GitHub Desktop.
Draft of Metasploit release notes from 4.14.4 to 4.14.11
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><table border="0px">
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8236">#8236</a>
</td>
<td valign="top">-</td>
<td>This fixes #8235 by adding xmlrpc as an explicit dependency.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8234">#8234</a>
</td>
<td valign="top">-</td>
<td>This fixes #7555 by changing rake spec task to auto run db:test:prepare.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8233">#8233</a>
</td>
<td valign="top">-</td>
<td>This makes metasploit-aggregator as a framework only package.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8230">#8230</a>
</td>
<td valign="top">-</td>
<td>This fixes an issue with underreporting the number of modules loaded when using the &#39;loadpath&#39; command. Modules still loaded as expected.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8227">#8227</a>
</td>
<td valign="top">-</td>
<td>This removes external module debugging code.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8217">#8217</a>
</td>
<td valign="top">-</td>
<td>This removes extra debug logging when importing hosts, services, or clients into the Metasploit database.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8212">#8212</a>
</td>
<td valign="top">-</td>
<td>This handles general failure getting module info for external modules.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8208">#8208</a>
</td>
<td valign="top">-</td>
<td>This adds a global history file option that allows the user to modify where msfconsole stores logs command history on startup. This is useful when multiple users are working with the same Metasploit instance at once, allowing each user to track his or her command history independently.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8204">#8204</a>
</td>
<td valign="top">-</td>
<td>This update adds an auxiliary module which downloads the configuration file of a Cambium ePMP device via SNMP<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8203">#8203</a>
</td>
<td valign="top">-</td>
<td>This removes platform restriction on metasploit-aggregator.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8201">#8201</a>
</td>
<td valign="top">-</td>
<td>This removes references to missing embedded libs.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8197">#8197</a>
</td>
<td valign="top">-</td>
<td>This fixes distorted output with HttpTrace enabled when the server response to an HTTP client uses chunked encoding, common with large file transfers.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8195">#8195</a>
</td>
<td valign="top">-</td>
<td>This extends the msfconsole Docker binstub to support rebuilding the image, and documents the MSF_BUILD parameter.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8194">#8194</a>
</td>
<td valign="top">-</td>
<td>This adds a check to <code>exploit/unix/webapp/piwik_superuser_plugin_upload</code> for disabled custom plugin uploads in Piwik 3.0.3, which would prevent the exploit from succeeding.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8193">#8193</a>
</td>
<td valign="top">-</td>
<td>This fixes issue #8191, allowing msfvenom to generate Windows service executables again.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8190">#8190</a>
</td>
<td valign="top">-</td>
<td>This changes the default PR template to require PR submitters to provide documentation for their respective modules.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8189">#8189</a>
</td>
<td valign="top">-</td>
<td>This adds a post module to loot irssi&#39;s config file, parsing and displaying passwords as they&#39;re found.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8188">#8188</a>
</td>
<td valign="top">-</td>
<td>This resolves an issue that prevented the built-in RPC client in Metasploit Framework from communicating with recent versions of Metasploit Pro due to incompatible TLS versions.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8186">#8186</a>
</td>
<td valign="top">-</td>
<td>This updates the DNS fuzzer to use bindata for binary data structuring and representation.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8182">#8182</a>
</td>
<td valign="top">-</td>
<td>This resolves an invalid path override and adds a new <code>msfconsole-dev</code> binary that automatically rebuilds the docker image.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8181">#8181</a>
</td>
<td valign="top">-</td>
<td>This adds support for importing XML files from the Masscan high-speed network scanning tool has been added.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8180">#8180</a>
</td>
<td valign="top">-</td>
<td>This adds documentation for the iis<em>webdav</em>upload_asp module.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8178">#8178</a>
</td>
<td valign="top">-</td>
<td>This adds initial support for running modules written in arbitrary languages to Metasploit Framework, including an example module written in Python. Instead of being loaded into memory, modules communicate with the framework as standalone child processes, using JSON-RPC over stdin/out.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8176">#8176</a>
</td>
<td valign="top">-</td>
<td>This deregeisters smb2_login from pro bruteforce.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8175">#8175</a>
</td>
<td valign="top">-</td>
<td>This sets the DANGERZONE variable when launching msfconsole ($ DANGERZONE=1 ./msfconsole -q) to enable secret codenames, like CRISPYTRUFFLE or VENGEFULPONY, for modules.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8174">#8174</a>
</td>
<td valign="top">-</td>
<td>This bumps rex-text version to fix problems running split-line VBA code<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8173">#8173</a>
</td>
<td valign="top">-</td>
<td>This fix resolves a bug in the custom &#39;select&#39; and &#39;sleep&#39; commands for Metasploit that limited the minimum sleep time to 200 ms even when the caller used a smaller value. The sleep time has been modified to allow smaller values, which may speed up many operations system-wide.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8169">#8169</a>
</td>
<td valign="top">-</td>
<td>This adds exploit rankings for 8 modules.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8168">#8168</a>
</td>
<td valign="top">-</td>
<td>This changes the descriptions for alpha encoders.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8166">#8166</a>
</td>
<td valign="top">-</td>
<td>This adds support for ruby<em>smb gem, which provides a new login scanner module (smb2</em>login) that supports both SMB1 and SMB2, as well as security signing.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8165">#8165</a>
</td>
<td valign="top">-</td>
<td>This addresses an issue that caused the second stage of mettle staged bind_tcp payload to not execute properly.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8163">#8163</a>
</td>
<td valign="top">-</td>
<td>This adds the Cambium ePMP Arbitrary Command Execution module to the framework. It exploits a command injection vulnerability in Cambium ePMP 1000 devices &lt; version 2.5.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8159">#8159</a>
</td>
<td valign="top">-</td>
<td>A fixes a false-positive when nested code in a module writes to stdout or stderr in msftidy.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8158">#8158</a>
</td>
<td valign="top">-</td>
<td>This adds documentation for exploit/multi/http/glassfish_deployer.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8157">#8157</a>
</td>
<td valign="top">-</td>
<td>This fixes an error encountered when attempting to reflectively load a DLL that does not have the RDI stub compiled in.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8155">#8155</a>
</td>
<td valign="top">-</td>
<td>This makes style improvements to HWBridge RF and a couple small bug fixes.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8152">#8152</a>
</td>
<td valign="top">-</td>
<td>This adds documentation for exploit/multi/browser/adobe<em>flash</em>hacking<em>team</em>uaf.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8151">#8151</a>
</td>
<td valign="top">-</td>
<td>This adds documentation for modules/exploits/linux/http/netgear<em>r7000</em>cgibin_exec.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8149">#8149</a>
</td>
<td valign="top">-</td>
<td>This adds <code>check -h</code> for the check command.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8148">#8148</a>
</td>
<td valign="top">-</td>
<td>This adds documentation for exploit/multi/http/axis2_deployer.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8146">#8146</a>
</td>
<td valign="top">-</td>
<td>This adds the exploit/linux/http/github<em>enterprise</em>secret module to the framework. It allows you to target certain versions of GitHub Enterprise (2.8.0 - 2.8.6) for remote code execution.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8144">#8144</a>
</td>
<td valign="top">-</td>
<td>This adds the Moxa Device Discovery Scanner module to the framework. It communicates with Moxa based devices via UDP and identifies them on a network.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8143">#8143</a>
</td>
<td valign="top">-</td>
<td>This resolves a couple of issues that prevented packets from being received through the Metasploit Hardware Bridge RF transceiver logic.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8137">#8137</a>
</td>
<td valign="top">-</td>
<td>This adds the Shodan Honeyscore module to the framework. It checks if an IP address is honeypot or not based on Shodan.io api.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8131">#8131</a>
</td>
<td valign="top">-</td>
<td>This adds documentation for auxiliary/scanner/http/ms15<em>034</em>http<em>sys</em>memory_dump.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8126">#8126</a>
</td>
<td valign="top">-</td>
<td>This adds exploit/linux/ssh/solarwinds<em>lem</em>exec module to the framework. It leverages the default SSH credentials of a SolarWind LEM appliance and uses command injection to break out of its defined <code>jail</code>.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8102">#8102</a>
</td>
<td valign="top">-</td>
<td>A plugin has been added to the framework that allows you to send an SMS notification when a session has been created. The current carriers are supported: AllTel, AT&amp;T Wireless, Boost Mobile, Cricket Wireless, Google Fi, T-Mobile, Verizon, and Virgin Mobile.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8050">#8050</a>
</td>
<td valign="top">-</td>
<td>This adds the auxiliary/scanner/http/epmp1000<em>dump</em>hashes module to the framework. It exploits a command injection vulnerability in Cambium ePMP 1000 devices &lt; version 2.5, which allows you to dump system hashes from the device.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8020">#8020</a>
</td>
<td valign="top">-</td>
<td>This adds ntfs-3g Local Privilege Escalation module to the framework. It allows local privilege escalation on Debian machines with the vulnerable version of ntfs-3g.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/8008">#8008</a>
</td>
<td valign="top">-</td>
<td>This adds a module to make switching from an x86 payload to an x64 payloads much easier.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/7994">#7994</a>
</td>
<td valign="top">-</td>
<td>This adds post/windows/gather/credentials/dynazip_log module to the framework. It adds the ability to parse and retrieve passwords for Zip files that were encrypted with Windows 98 Plus!&#39;s dynazip functionality.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/7897">#7897</a>
</td>
<td valign="top">-</td>
<td>This adds auxiliary/scanner/http/epmp1000<em>dump</em>config module to the framework. It dumps the configuration file from a Cambium ePMP 1000 device.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/7819">#7819</a>
</td>
<td valign="top">-</td>
<td>This adds Ruby version compatibility checking in TravisCI and bumps the base Ruby version to 2.4.1. Support for Ruby 2.1/2.2 will be removed at some point in the future.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/7784">#7784</a>
</td>
<td valign="top">-</td>
<td>This adds auxiliary/scanner/http/epmp1000<em>web</em>login module to framework. It scans for and identifies Cambium ePMP 1000 management login portals.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/7778">#7778</a>
</td>
<td valign="top">-</td>
<td>This adds an exploit and auxiliary module for the Netgear WNR2000v5 router to the framework. The exploit targets a buffer overflow vulnerability on the Netgear WNR2000v5 router that allows arbitrary code execution. The auxiliary module targets a password recovery flaw.<br></td>
</tr>
<tr>
<td valign="top" nowrap>
<li>PR <a href="https://github.com/rapid7/metasploit-framework/pull/7652">#7652</a>
</td>
<td valign="top">-</td>
<td>This adds the Varnish CLI login module to the framework. It attempts to log into the Varnish Cache CLI instance using a list of passwords.<br></td>
</tr>
</table></body></html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment