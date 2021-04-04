

The first quarter of 2021 has given us wave after wave of Exchange vulnerabilities, and while our awesome contributors helped us continue coverage with another Exchange module we were able to add to Metasploit, we also added modules covering very heavy-hitting vulnerabilities in F5, SAP, and SaltStack that may have gotten less notice in the shadow of the Exchange vulnerabilities earlier this quarter. This update offers two new modules from community contributor Vladimir Ivanov targeting remote code execution vulnerabilities in SAP, a new module by our own Will Vu covering a remote code execution vulnerability in F5 Big-IP and BIG-IQ devices that gives root access, and a new module by Metasploit team-member Chrisophe De La Fuente covering a remote code execution in Salt Stack also yielding root access. Then, to top it off, community contributor Erik Wynter contributed a scanner module to identify Nagios XI applications and suggest possible exploit modules that may work on the identified targets!

Our own space-r7 added the fs_search function into our Mettle payloads (A.K.A. POSIX Meterpreter). You can now search target filesystems just as you can with the Windows Meterpreter!

#14937 from cgranleese-r7 Improves the performance of the various show commands within the console. For instance show exploits now takes ~0.5 seconds instead of ~14 seconds

#14945 from mekhalleh This updates the ProxyLogon RCE module to use an RPC request to identify the backend server's FQDN.

#14951 from timwr This updates the Linux Meterpreter implementation to support the search command which allows users to search for files on a compromised system.

#14918 from zeroSteiner Fixes an issue where the VHOST option was not being correctly populated when the RHOST option was specified with domain names.

#14962 from cgranleese-r7 Updates the nexpose_connect login functionality to correctly handle the @ symbol being present in the password

#14966 from ryanpohlner This improves the ProxyLogon RCE module to address an issue where a payload would be run twice.

#14969 from timwr This fixes a bug in the Python Meterpreter's DNS resolving function.

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial edition).