Metasploit Weekly Wrap-Up

Post Syndicated from Christopher Granleese original https://blog.rapid7.com/2023/01/13/metasploit-weekly-wrap-up-188/

New module content (2)

Gather Dbeaver Passwords

Metasploit Weekly Wrap-Up

Author: Kali-Team
Type: Post
Pull request: #17337 contributed by cn-kali-team

Description: This adds a post exploit module that retrieves Dbeaver session data from local configuration files. It is able to extract and decrypt credentials stored in these files for any version of Dbeaver installed on Windows or Linux/Unix systems.

Gather MinIO Client Key

Author: Kali-Team
Type: Post
Pull request: #17341 contributed by cn-kali-team

Description: This adds a post module that gathers local credentials stored by the MinIO client on Windows, Linux, and MacOS.

Enhancements and features (2)

  • #17427 from gwillcox-r7 – This adds YARD documentation to the LDAP libraries for developers to reference.
  • #17447 from gwillcox-r7 – We now utilize ‘pry’ dependencies with support for newer Ruby versions.

Bugs fixed (3)

  • #17386 from smashery – A bug has been fixed whereby the HTTP library was parsing HTTP HEAD requests like GET requests, which was causing issues due to lack of compliance to RFC9110 standards. By updating the code to be more compliant with these standards, modules such as auxiliary/scanner/http/http_header now work as expected.
  • #17438 from ErikWynter – This fixes an issue in the exchange_proxylogon_collector module where it would crash if the LegacyDN was not present in the XML response.
  • #17454 from prabhatjoshi321 – A bug has been fixed whereby smb_enumshares incorrectly truncated file names before storing them into loot. This has been addressed so that only the console output will contain truncated file names, and the loot files will still contain the full file names for reference.

Documentation added (1)

  • #17395 from cgranleese-r7 – Adds documentation for both the JSON and MessagePack Metasploit RPC APIs – which is useful for programmatically interacting with Metasploit.

You can always find more documentation on our docsite at docs.metasploit.com.

Trending
The History Guy Podcast: Tales of Cow: Steaks and US History and "Sir Loin" of Beef

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).