Bugs Fixed

• Pro: MS-3246 - Running SSH private key exploit modules previously caused Metasploit Pro to hang. You can now run them without needing to restart Pro Service.
• Pro: MS-2640 - Database service passwords now have more complex and stronger password requirements.
• PR 10303 - This fix changes `send_request_cgi` and `send_request_raw` in `HttpClient` to return `nil` on connection error.
• PR 10309 - This fixes resolves an issue that occurs when you attempt to migrate a Meterpreter process to its own PID. The correct error is now printed.
• PR 10317 - This fix resolves an issue that caused `auxiliary/gather/enum_dns` to crash when running `ENUM_RVL` without `IPRANGE`.
• PR 10328 - The Python ETERNALBLUE module (`exploit/windows/smb/ms17_010_eternalblue_win8`) now logs any error it encounters to the console and will exit with a non-zero status when it encounters an error condition.
• PR 10349 - This fix resolves some deployment issues with Powershell payloads.
• PR 10362 - This fix resolves an issue with reporting vulns from the auxiliary/scanner/http/backup_file module.
• PR 10364 - This fix changes the generation of the payload options when `LHOST` is not set, like when running `./msfvenom --list-options` or `info` from inside `msfconsole`
• PR 10367 - The handling of stderr for external modules has been improved.
• PR 10374 - This fix resolves a number of issues with modules that use SSH access for exploitation. It also fixes shell persistence and some language-related errors.
• PR 10375 - `DETECT_ANY_AUTH` in `smb_login` has been changed to `false`. The `DETECT_ANY_DOMAIN` option has also been changed to `false`.
• PR 10376 - This fix resolves an issue that caused the connection and fail_with exceptions to be swallowed when the check command is used.

Enhancements and Features

• Pro: MS-3218 - Release notes are now available from the Help menu.
• PR 10267 - Bind handlers now will run only after an exploit has completed. Previously, bind handlers would attempt to connect to their intended payload before the exploit had started running. Reverse shells are unaffected.
• PR 10282 - A standalone runner script for external modules is now available. It extends the Python library to allow running modules directly from the command line. Future work will further separate this common code so that it is possible to publish an exploit module that can run inside of and outside of Metasploit Framework.
• PR 10296 - Documentation has been added for the following modules: `auxiliary/scanner/imap/imap_version.md`, `auxiliary/scanner/pop3/pop3_version.md`, `auxiliary/scanner/rsync/modules_list.md`, and `auxiliary/scanner/smtp/smtp_version`.
• PR 10299 - CVEs have been added to 88 auxiliary and exploit modules.
• PR 10304 - The `log` command has been added to `msfconsole`. It allows you to display the `framework.log` file within the console. If a terminal pager is set, the command will display the log by the page and attempt to start from the bottom. The `log` command is meant to be used in the same workflow as the `edit` and `reload_lib` commands.
• PR 10307 - A check has been added to `msftidy` to note when a module is missing CVE references.
• PR 10315 - HTTP POST and basic authentication support has been added to pSnuffle.
• PR 10319 - VHOST support has been added to the auxiliary/scanner/http/ms15_034_http_sys_memory_dump module.
• PR 10334 - A`-C NUM` option has been added to to the `grep` builtin command for adding `NUM` lines before and after a match for context.
• PR 10345 - `msfconsole`'s internal `grep` command now uses `OptionParser`, which provides a more robust and consistent user experience.
• PR 10357 - Server info has been added to the `couchdb_enum` module. Docs have also been added for `couchdb_enum` and `couchdb_login`.
• PR 10365 - The module_missing_reference.rb script will check for modules missing a specified reference type.
• PR 10366 - You can use the cve_xref.rb script to determine CVEs for modules that don't have a CVE reference listed but do have other references included.
• PR 10368 - The auxiliary/scanner/http/phpmyadmin_login module has been added to the framework. It is a login scanner that authenticates to a PhpMyAdmin application.

New Exploits

• PR 9753 - The exploit/linux/local/bpf_extension_priv_esc module has been added to the framework. It adds a privilege escalation exploit for CVE-2017-16995.
• PR 10027 - The exploit/linux/http/hadoop_unauth_exec module has been added to the framework. It runs a command execution exploit against Hadoop nodes running an unauthenticated YARN ResourceManager WebUI.
• PR 10064 - The exploit/multi/misc/claymore_dual_miner_remote_manager_rce module has been added to the framework. It exploits Claymore Dual Miner's remote monitoring/management API.
• PR 10295 - The exploit/linux/http/qnap_qcenter_change_passwd_exec module exploits an authenticated command injection vulnerability in the `change_passwd` API method within the web interface of QNAP Q'Center virtual appliance versions prior to 1.7.1083. If non-admin credentials are provided, the module will first exploit a privilege escalation vulnerability to retrieve admin credentials.
• PR 10297 - The exploit/windows/local/cve-2018-8897-exe module has been added to the framework. It is a local privilege escalation exploit for CVE-2018-8897, a MOV SS vulnerability specifically against Windows x64.
• PR 10300 - A remote root exploit against multiple Axis network camera models, leveraging CVE-2018-10660, CVE-2018-10661, and CVE-2018-10662 has been added to the framework.
• PR 10327 - The exploit/multi/http/cmsms_upload_rename_rce module has been added to the framework. It exploits a vulnerability against CMS Made Simple. The upload feature can be used to write an arbitrary text file to the directory, and then renamed as PHP, which results in remote code execution.

Offline Update

• https://updates.metasploit.com/packages/b27a02fc99f727b21cd3125a4b4bbf20f8b03075.bin