Metasploit Weekly Wrap-Up
Discription

## New module content (2)

### Gather Dbeaver Passwords

![Metasploit Weekly Wrap-Up](https://blog.rapid7.com/content/images/2023/01/metasploit-sky.png)

Author: Kali-Team
Type: Post
Pull request: [#17337]() contributed by [cn-kali-team]()

Description: This adds a post exploit module that retrieves Dbeaver session data from local configuration files. It is able to extract and decrypt credentials stored in these files for any version of Dbeaver installed on Windows or Linux/Unix systems.

### Gather MinIO Client Key

Author: Kali-Team
Type: Post
Pull request: [#17341]() contributed by [cn-kali-team]()

Description: This adds a post module that gathers local credentials stored by the MinIO client on Windows, Linux, and MacOS.

## Enhancements and features (2)

* [#17427]() from [gwillcox-r7]() – This adds YARD documentation to the LDAP libraries for developers to reference.
* [#17447]() from [gwillcox-r7]() – We now utilize ‘pry’ dependencies with support for newer Ruby versions.

## Bugs fixed (3)

* [#17386]() from [smashery]() – A bug has been fixed whereby the HTTP library was parsing HTTP HEAD requests like GET requests, which was causing issues due to lack of compliance to RFC9110 standards. By updating the code to be more compliant with these standards, modules such as `auxiliary/scanner/http/http_header` now work as expected.
* [#17438]() from [ErikWynter]() – This fixes an issue in the `exchange_proxylogon_collector` module where it would crash if the LegacyDN was not present in the XML response.
* [#17454]() from [prabhatjoshi321]() – A bug has been fixed whereby `smb_enumshares` incorrectly truncated file names before storing them into loot. This has been addressed so that only the console output will contain truncated file names, and the loot files will still contain the full file names for reference.

## Documentation added (1)

* [#17395]() from [cgranleese-r7]() – Adds documentation for both the JSON and MessagePack Metasploit RPC APIs – which is useful for programmatically interacting with Metasploit.

You can always find more documentation on our docsite at [docs.metasploit.com]().

## Get it

As always, you can update to the latest Metasploit Framework with `msfupdate`
and you can get more details on the changes since the last blog post from
GitHub:

* [Pull Requests 6.2.34…6.2.35]()
* [Full diff 6.2.34…6.2.35]()

If you are a `git` user, you can clone the [Metasploit Framework repo]() (master branch) for the latest.
To install fresh without using git, you can use the open-source-only [Nightly Installers]() or the
[binary installers]() (which also include the commercial edition).Read More

Back to Main

Subscribe for the latest news: