Post Syndicated from Jack Heysel original https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-07-03-2026/
It’s Time to Upgrade Your SMB Session
This week, Metasploit contributor Dean Welch has added an SMB to Meterpreter session upgrade module. It uses PsExec to facilitate the upgrade. Users can load the module with use windows/manage/smb_to_meterpreter and specify the session number they wish to upgrade. This functionality is also available with the command sessions -u <session_id>. This work is part of an overarching effort to enable a variety of session types to be upgraded to Meterpreter when possible.
New module content (3)
Peyara Remote Mouse 1.0.1 Unauthenticated Remote Code Execution
Author: tmrswrr
Type: Exploit
Pull request: #21491 contributed by capture0x
Path: windows/misc/peyara_remote_mouse_rce
Description: Adds an exploit module for Peyara Remote Mouse v1.0.1 unauthenticated RCE.
Linux Execute Command
Authors: bcoles [email protected] and modexp
Type: Payload (Single)
Pull request: #21239 contributed by bcoles
Path: linux/loongarch64/exec
Description: Adds a new linux/loongarch64/exec command payload.
SMB to Meterpreter Upgrade via PsExec
Author: Dean Welch
Type: Post
Pull request: #21581 contributed by dwelch-r7
Path: windows/manage/smb_to_meterpreter
Description: Adds the ability to upgrade authenticated SMB sessions to Meterpreter sessions using PsExec techniques.
Enhancements and features (1)
- #21527 from zeroSteiner – Adds authentication support to the MCP server’s HTTP transport by default.
Bugs fixed (2)
- #21618 from zeroSteiner – Fixes a crash when running the scanner/discovery/udp_sweep module on Windows environments.
- #21624 from adfoster-r7 – Fixes a bug with SSH session’s debug information showing the incorrect value localuser @ instead of ssh_user @ ssh_ip.
Documentation
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro