• 4.17.1 Product Update 2020-07-20

    • Bugs Fixed

      • Pro: MS-5982 - The "Create VPN Pivot" action on an existing session should no longer result in a "wrong number of arguments" error.
      • Pro: MS-5807 - The Known Credentials Intrusion MetaModule should no longer fail with an RHOSTS option error.

      Enhancements and Features

      • PR 13271 - The auxiliary/server/capture/smtp module has been updated to store captured credentials (login, plain, and cram-md5) as creds in the database and store captured message DATA as notes in the database. A bug fix was also made to avoid hanging at RSET.
      • PR 13596 - A new SQL injection library was added to the Metasploit Framework, making it easier for module writers to exploit SQLi vulnerabilities. The library currently supports the MySQL database management system, and existing modules exploits/linux/http/eyesofnetwork_autodiscovery_rce and auxiliary/sqli/openemr/openemr_sqli_dump have been updated to take advantage of the new library capabilities.
      • PR 13626 - The post/windows/gather/checkvm module has been updated to run faster while also reducing the size of the module.
      • PR 13750 - A number of auxiliary modules (includes ones in /cisco, /juniper, /ubiquiti, and /brocade locations) have been reorganized under a new folder: /networking. Related documentation was also updated, and the previous locations treated as 'deprecated' so that users attempting to use modules in the old location will be redirected to the new location.
      • PR 13759 - The auxiliary/scanner/http/owa_login module was updated to support a new advanced option named BaselineAuthTime, allowing users to specify expected HTTP response times to better differentiate between valid and invalid credentials.
      • PR 13841 - The UNIX post mixin (Msf::Post::Unix) was updated to centralize the is_root? method implemented locally by several modules, which themselves were also updated to use this new method.
      • PR 13848 - A new wordlist has been added as data/wordlists/telnet_cdata_ftth_backdoor_userpass.txt, containing four backdoor admin credentials that were found to be hardcoded into the Telnet component of CDATA OLTs. This wordlist can be used in conjunction with the auxiliary/scanner/telnet/telnet_login module to scan for vulnerable CDATA OLT devices on a network.

      New Modules

      • PR 13730 - New module exploits/linux/http/pandora_fms_events_exec was added to exploit a post-authentication command injection vulnerability in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 (and perhaps older versions; CVE-2020-13851), allowing for execution of arbitrary commands.
      • PR 13741 - New module exploits/windows/http/plex_unpickle_dict_rce was added to exploit a post-authentication deserialization vulnerability in some versions of Plex media software for Windows platforms (CVE-2020-5741), allowing an attacker to execute arbitrary Python code on the target.
      • PR 13769 - New module auxiliary/scanner/http/fortimail_login_bypass_detection was added for identifying FortiMail targets vulnerable to authentication bypass (CVE-2020-9294).

      Offline Update

      • https://updates.metasploit.com/packages/2c147a593625c7aad74704271c2b9cbad6f4cc8a.bin

      Metasploit Framework and Pro Installers

      • https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version