Last updated at Wed, 17 Jan 2024 02:18:00 GMT

In this week’s Metasploit’s wrap-up, we are excited to share with the world our latest special: pingback payloads. Pingback payloads are a brand new, non-interactive payload type that allows users to confirm remote code execution on a target without loading a shell. It is stealthy and safe to use—something we are confident our penetration testing users will appreciate. Shout out to our developers Brendan, Brent, Shelby, and others for the excellent work! Read the full blog here.

Another pleasant surprise coming from our finest William Vu is the set-payload-by-index feature for msfconsole. Similar to the search command combining with use, the show payloads command now gives you a list of compatible payloads that are indexed, and then you can use the set payload command by index. Less typing, isn’t that great?

On top of all the goodies, we also have three wicked modules that you may find interesting. The first is a remote code execution against Redis, a well known in-memory database that can be seen for large-scale websites. The second is a Windows evasion module using MSBUILD.exe to bypass OS features such as software restriction policies or Applocker. And finally, we have a post module for Sonic Pi that gives you arbitrary Ruby code execution. We figured playing music is more fun and cool for Sonic Pi, so that’s what we did for the module.

Finally, if you will be in Las Vegas for next weekend and want to work on Metasploit modules or integrations with the team, check out our Open Source Office Hours Friday and Sunday!

New modules (3)

Enhancements and features (5)

Bugs fixed (5)

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

We recently announced the release of Metasploit 5. You can get it by cloning the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial editions).