Bugs Fixed

• Pro: MS-5725 - Update checks no longer result in an error on Windows systems.
• PR 13448 - Metasploit's HTTP client now correctly handles relative redirect URIs that start from the root.
• PR 13514 - Updates Metasploit framework to explicitly depend on irb as a runtime dependency. This fix will allow for a distribution like ArchLinux to use the msfconsole's irb command successfully
• PR 13522 - This fixes an issue where tab-completing an OptAddressRange option, such as RHOSTS, would erroneously append a / character to the host address.
• PR 13553 - This fixes redundant guard clauses in the auxiliary/gather/vbulletin_getindexablecontent_sqli and exploit/multi/http/vbulletin_getindexablecontent modules. There is no impact to functionality.

Enhancements and Features

• Pro: MS-5627 - Nexpose connections with limited access users are reported on the Connection management page.
• PR 13477 - The auxiliary/scanner/smb/impacket/wmiexec external module has had its syntax updated to be Python 3 compatible.
• PR 13485 - This updates the EyesOfNetwork exploit module to add support for deploying Meterpreter sessions using a command stager as well as an authentication bypass for versions 5.1 and 5.2. The authentication bypass leverages SQLi to cover the session token of the admin user who must be logged in at the time. This vulnerability is identified as CVE-2020-9465.
• PR 13500 - This fixes the use command to ignore unloadable modules when searching for a match.
• PR 13503 - This adds the BASE_DN and ROOT_KEY options to the VMware vCenter vmdir and SaltStack Salt modules, respectively. Users may now override the automatic discovery phase.
• PR 13541 - New controls were added to the screen share interface allowing size and delay customizations and a switch between controlling and non-controlling interface.

New Modules

• PR 13455 - This module exploits a remote code execution vulnerability within the domain whitelist feature of Pi-Hole versions before 3.3.
• PR 13470 - This exploits a command execution in Pi-Hole versions 4.3.2 and below. A new DHCP static lease is added with a MAC address which includes an RCE. DHCP server is not required to be running.
• PR 13494 - This adds an exploit module to leverage an unauthenticated RCE vulnerability my myLittleAdmin identified as CVE-2020-13166. The vulnerability is related to static default keys being used to protect the integrity of the ViewState value. An attacker can leverage this to submit a malicious ViewState that will be deserialized as .NET and execute a command within the context of the webserver.
• PR 13498 - This adds an exploit module for some Synology products where the response to a password reset will leak verification. The leak verification occurs if the requesting username is a registered username on the system. By using the leak verification, we can verify if a given user is present on the system, or if it is done slowly, brute force the users on a system.
• PR 13511 - This updates the TinyIdentD exploit code with additional targets and adds module documentation for it.
• PR 13512 - Two new modules were added to exploit a SQL injection vulnerability in vBulletin 5.6.1. One module is an auxiliary module capable of recovering the user table, while the other is an exploit that will deliver a PHP payload. The vulnerability that they both leverage is identified as CVE-2020-12720.
• PR 13518 - This adds a DoS module targeting BIND DNS servers that leverages a code path that triggers an assertion that causes the server process to exit. This vulnerability is identified as CVE-2020-8617.
• PR 13545 - This adds an exploit module for the Drag and Drop Multiple File Upload - Contact Form 7 plugin for Wordpress. For versions below 1.3.4, the file upload security filter can be bypassed by appending a % character to a file name, which offers the potential for uploading a PHP shell and executing code on the server pre-authentication. This exploits CVE-2020-12800.
• PR 13552 - This adds an exploit for CVE-2020-2883, a Java deserialization vulnerability over the T3 protocol, in multiple versions of Oracle WebLogic.

Offline Update

• https://updates.metasploit.com/packages/9206ca590a3289fd6e21cef79fcf69a160966929.bin

Metasploit Framework and Pro Installers

• https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version