Last updated at Thu, 25 Jan 2024 01:30:45 GMT
New module content (2)
Gather Dbeaver Passwords
Author: Kali-Team
Type: Post
Pull request: #17337 contributed by cn-kali-team
Description: This adds a post exploit module that retrieves Dbeaver session data from local configuration files. It is able to extract and decrypt credentials stored in these files for any version of Dbeaver installed on Windows or Linux/Unix systems.
Gather MinIO Client Key
Author: Kali-Team
Type: Post
Pull request: #17341 contributed by cn-kali-team
Description: This adds a post module that gathers local credentials stored by the MinIO client on Windows, Linux, and MacOS.
Enhancements and features (2)
- #17427 from gwillcox-r7 - This adds YARD documentation to the LDAP libraries for developers to reference.
- #17447 from gwillcox-r7 - We now utilize 'pry' dependencies with support for newer Ruby versions.
Bugs fixed (3)
- #17386 from smashery - A bug has been fixed whereby the HTTP library was parsing HTTP HEAD requests like GET requests, which was causing issues due to lack of compliance to RFC9110 standards. By updating the code to be more compliant with these standards, modules such as
auxiliary/scanner/http/http_header
now work as expected. - #17438 from ErikWynter - This fixes an issue in the
exchange_proxylogon_collector
module where it would crash if the LegacyDN was not present in the XML response. - #17454 from prabhatjoshi321 - A bug has been fixed whereby
smb_enumshares
incorrectly truncated file names before storing them into loot. This has been addressed so that only the console output will contain truncated file names, and the loot files will still contain the full file names for reference.
Documentation added (1)
- #17395 from cgranleese-r7 - Adds documentation for both the JSON and MessagePack Metasploit RPC APIs - which is useful for programmatically interacting with Metasploit.
You can always find more documentation on our docsite at docs.metasploit.com.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).