First!!

Congrats to Nick Tyrer for the first community contibuted evasion module to land in master. Nick's evasion/windows/applocker_evasion_install_util module leverages the trusted InstallUtil.exe binary to execute user supplied code and evade application whitelisting.

New modules (4)

Enhancements and features

  • Enhanced Web Delivery by bcoles. The multi/script/web_delivery module has been expanded to support pubprn for Windows delivery & directly support Linux as a target platform.
  • Hostname Keyed XOR by O . S . O. Linux payloads can now be XOR encoded based on target hostname, resulting in payload abort when executed on an unintended system.
  • Improved msfvenom hex encoding by wvu. Payload encoding by msfvenom output allows character literals interleaved with escaped hex when using --bad-chars and --encrypt-key options.

Bugs fixed

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

We recently announced the release of Metasploit 5. You can get it by cloning the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial editions).