Long live copy and paste

Adam Galway enhanced the set PAYLOAD command to strip the /payload/, payload/, and / prefixes from a payload name in an effort to improve the user experience while configuring an exploit's payload. You can see the new behavior below!

msf5 exploit(windows/smb/ms17_010_eternalblue) > set payload /payload/windows/x64/meterpreter/reverse_tcp
payload => windows/x64/meterpreter/reverse_tcp
msf5 exploit(windows/smb/ms17_010_eternalblue) > set payload payload/windows/x64/meterpreter/reverse_tcp
payload => windows/x64/meterpreter/reverse_tcp
msf5 exploit(windows/smb/ms17_010_eternalblue) > set payload /windows/x64/meterpreter/reverse_tcp
payload => windows/x64/meterpreter/reverse_tcp
msf5 exploit(windows/smb/ms17_010_eternalblue) > set payload windows/x64/meterpreter/reverse_tcp
payload => windows/x64/meterpreter/reverse_tcp
msf5 exploit(windows/smb/ms17_010_eternalblue) >

Now, when copying and pasting payload names that may include a path-like prefix, your set PAYLOAD command will work intuitively.

RIP Larry Tesler, the inventor of cut, copy, and paste.

SSH in my Windows?

Yep, you read that right. Dean Welch added a Windows post module, post/windows/manage/sshkey_persistence, to maintain SSH key persistence on a Windows target with an SSH server installed, bringing parity to our existing SSH key persistence ability, post/linux/manage/sshkey_persistence.

New modules (3)

Enhancements and features

  • PR #12830 by h00die updates the post/windows/gather/enum_patches module to gather all Windows patches.
  • PR #12932 by wvu changes the behavior of the generate command in msfconsole to avoid showing a staged payload's stage by default. This addresses a common usability problem where, when generating a large payload, the output would scroll off the screen.
  • PR #12938 by Brendan Coles adds a check for CPU vulnerabilities to the post/linux/gather/enum_system module by gathering information from the /sys/devices/system/cpu/vulnerabilities directory.
  • PR #12946 by Adam Galway enhances the set PAYLOAD command to strip path-like prefixes from its value.
  • PR #12948 by Spencer McIntyre updates the Zsh completions for msfconsole and msfvenom.

Bugs fixed

  • PR #12448 by Green-m fixes the cmd/unix/reverse_perl_ssl and cmd/unix/reverse_php_ssl payloads to skip verifying the SSL certificate, which is required for the most recent versions of Perl and PHP.
  • PR #12724 by Francesco Soncina fixes issue #12723. The AMSI/SBL bypass used with the web_delivery module for PowerShell does not work if prepended in the same response. This separates AMSI/SBL from the PowerShell stager.
  • PR #12892 by h00die sets a default username of sa for auxiliary/scanner/mssql/mssql_login, default username of root for auxiliary/scanner/mysql/mysql_login, and enables the BLANK_PASSWORDS option by default for both modules, as the default users make use of a default blank password.
  • PR #12931 by Francesco Soncina fixes issue #12930 for the post/osx/gather/password_prompt_spoof module on newer versions of OS X (Catalina and Mojave).
  • PR #12949 by Brent Cook fixes a number of module references to the old Rapid7 blog to point to the current one.
  • PR #12961 by Adam Cammack fixes Expect functionality for Windows installs of Metasploit by vendoring the library.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).