Rapid7 Inc.

07/12/2019 | News release | Distributed by Public on 07/12/2019 13:44

Metasploit Wrap-Up

We hope our American friends had a wonderful Fourth of July weekend! There are no new modules this week, so instead we're featuring two enhancements that fix some long outstanding Framework bugs. Check out last week's holiday wrap-up for a list of the modules that landed while the U.S. was watching fireworks.

GatherProof (or don't)

Using on certain non-standard devices such as Brocade switches and Juniper firewalls has caused console output to be broken, commands to not be sent, and other unexpected behavior. These issues stem from an incompatibility with proof-of-access gathering on such devices. To combat this, wvu-r7 added a new datastore option called , which allows a user to explicitly enable or disable proof-gathering on modules, with .

Passthrough commands

acammack-r7 added an enhancement that changes how handles unknown commands. In the past, passthrough of non-Framework commands would sometimes have their I/O unexpectedly truncated, making certain features difficult or impossible to use. Now, users can do things like or access the shell, all within the confines of

Enhancements and features

  • PR #12080 from acammack-r7 changes passthrough functionality of unknown commands to use the method instead of .
  • PR #12024 from wvu-r7 adds the option to modules, and changes the default behavior to not gather proof of access.
  • PR #11969 from busterb deprecates in MSF 5, which was previously broken.

Bugs fixed

  • PR #12072 from wvu-r7 fixes improper invocation of the method where the supplied architecture is an array and not a string.

Get it

As always, you can update to the latest Metasploit Framework with and you can get more details on the changes since the last blog post from GitHub:

We recently announced the release of Metasploit 5. You can get it by cloning the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial editions).