Last updated at Fri, 12 Jul 2019 19:38:37 GMT
We hope our American friends had a wonderful Fourth of July weekend! There are no new modules this week, so instead we're featuring two enhancements that fix some long outstanding Framework bugs. Check out last week’s holiday wrap-up for a list of the modules that landed while the U.S. was watching fireworks.
GatherProof (or don't)
ssh_login* on certain non-standard devices such as Brocade switches and Juniper firewalls has caused console output to be broken, commands to not be sent, and other unexpected behavior. These issues stem from an incompatibility with proof-of-access gathering on such devices. To combat this, wvu-r7 added a new datastore option called
GatherProof, which allows a user to explicitly enable or disable proof-gathering on
ssh_login* modules, with
set GatherProof <true/false>.
acammack-r7 added an enhancement that changes how
msfconsole handles unknown commands. In the past, passthrough of non-Framework commands would sometimes have their I/O unexpectedly truncated, making certain features difficult or impossible to use. Now, users can do things like
man git or access the
python shell, all within the confines of
Enhancements and features
- PR #12080 from acammack-r7 changes passthrough functionality of unknown commands to use the
systemmethod instead of
- PR #12024 from wvu-r7 adds the
ssh_loginmodules, and changes the default behavior to not gather proof of access.
- PR #11969 from busterb deprecates
db_rebuild_cachein MSF 5, which was previously broken.
- PR #12072 from wvu-r7 fixes improper invocation of the
cmd_psh_payloadmethod where the supplied architecture is an array and not a string.
As always, you can update to the latest Metasploit Framework with
msfupdate and you can get more details on the changes since the last blog post from GitHub:
We recently announced the release of Metasploit 5. You can get it by cloning the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial editions).