Desert heat (not the 1999 film)
This week was more quiet than normal with Black Hat USA and DEF CON, but that didn’t stop the team from delivering some small enhancements and bug fixes! We are also excited to see two new modules #15519 and #15520 from researcher Jacob Baines’ DEF CON talk Bring Your Own Print Driver Vulnerability already appear in the PR queue. Keep an eye out for those modules in the near future!
Our very own Simon Janusz enhanced the
SessionManager to support using a negative ID with both the
sessions commands. Quickly access the last job or session by passing
-1 to the command. The change allows users to upgrade the most recently opened session to meterpreter using the command
sessions -u -1, thus removing the need to run the
In addition, our very own Alan David Foster updated the PostgreSQL
scanner/postgres/postgres_schemadump module so that it does not ignore the default
postgres database. That default database might contain valuable information after all! The enhancements also introduce a new datastore option,
IGNORED_DATABASES, to configure a list of databases ignored during the schema dump.
Enhancements and features
- #15492 from sjanusz-r7 - Adds support for negative session and job ids.
- #15498 from adfoster-r7 - Updates the PostgreSQL schema_dump module to no longer ignore the default
postgresdatabase which may contain useful information, and adds a new datastore option to configure ignored databases.
- #15500 from agalway-r7 - Fixes a regression issue for
cacti_filter_sqli_rcewhere the modules failed to run
- #15503 from jheysel-r7 - A bug has been fixed in the Cisco Hyperflex file upload RCE module that prevented it from properly deleting the uploaded payload files. Uploaded payload files should now be properly deleted.
As always, you can update to the latest Metasploit Framework with
and you can get more details on the changes since the last blog post from
If you are a
git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).