Metasploit released a new version 5.0.83.
In this version, the following modules have been newly added: University Master IT
Master (1) dlink_dwl_2600_command_injection module: used for DLINK DWL-2600 vulnerability injection.
(2) solr_velocity_rce module: Use the Velocity template to exploit Apache Solr (version <= 8.3.0) vulnerability to implement remote code execution.
(3) ibm_tm1_unauth_rce module: exploit the CVE-2019-4716 vulnerability (existing in IBM PA / TM1) to allow unauthenticated attackers to perform a configuration summary.
(4) vmware_fusion_lpe module: use CVE-2020-3950 vulnerability (Fusion OSX system exists) to prompt permission.
(5) dnn_cookie_deserialization_rce module: use DNN (DotNetNuke) Cookie serialization vulnerability to implement penetration.
(6) WebSocket DoS module: use Cabel Haunt vulnerability to implement penetration.
The following functions have been added:
(1) Added documents for http_hsts auxiliary scanning module.
(2) Documents were created for the apache_mod_cgi_bash_env auxiliary scanning module.
(3) Enable CPU and memory configuration files.
(4) Reduce the time for outputting unknown command errors. Among them, from the original 1 second reduced to 0.5 seconds.
(5) Add cmd / unix / reverse_tclsh attack payload.
Bugs fixes:
(1) Fix the file in issus_finder.py, for the files that cannot list .pyc file and _ start.
(2) Update the metasploit_payloads-mettle gem version to 0.5.21.
(3) Enhanced the loading time of pattern_create, pattern_offset and makeiplist tools.
(4) In Exploit :: Remote :: Ftp, the ftp_connect alias is added.
(5) Rename redis_unauth_exec to redis_replication_cmd_exec.
